I just used apt-get & installed the latest version of xMule (1.6). It connects to emule servers & shows a list of files to download. As an aside, I placed my shared files in the ~/.xMule/Incoming folder.

Nothing downloads. When I installed RH9 I left the default Medium security level alone, allowing dhcp. I don't know what info to give other than:
I connect with dsl
I've read the forums for xmule - which made little sense to me, because I know nothing about rc.firewall settings, et al.

What can I read that will teach me how to set these values properly without screwing up - specifically to allow xMule to download & upload files? A newbie-friendly document?

TIA people

Greetings!


I do not know the policies RH9 sets with your configuration. But as you can connect to servers and can do searches, I assume that all outbound as well as inbound ESTABLISHED and RELATED connections are being accepted. Further I assume that you are not behind a router but are connected directly to the internet.

xmule (like all edonkey clients) has two ways of establishing connections to a server, LOWID and HIGHID. You never want LOWID because this restricts your ability to download from the majority of the other users. In order to get a HIGHID, your box needs to accept NEW incoming connections on a tcp port which you can set in the xmule configuration (default is 4662). The server checks if your box accepts connections on this port upon connection and then decides if you are to be assigned HIGHID or LOWID.

You can check what kind of connections you are getting by looking at the Earthball symbol at the very low right of the window, next to the server name. Green arrows around it indicate HIGHID, whereas yellow arrows indicate a LOWID.

As for your configuration, you should insert a rule into your INPUT chain like this:
iptables -I INPUT 1 -i ppp0 -p tcp --dport 4662 -j ACCEPT
(This is assuming that ppp0 is your inet interface. Oh and -I is a capital i, not lowercase L)

You could issue a
iptables -L
and post the output of your firewall configuration, maybe there's some other problem as well where the above solution won't help.

Regarding literature, i suggest you read the following:
Packet filtering HOWTO
iptables HOWTO
and the manual page to iptables (man iptables)

Ah and one more thing: Inserting the rule above will open that port for any connections from the outside. Even worse, a p2p piece of software will be listening on it, and those are known to be one of the bigger security hazards... you have been warned.


Good luck!

Thank you very VERY much, gundelgauk, for that info. And thanks for the "unreliable-guide" to packet filtering. Below is the output:

[root@kinjiru bin]# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- launchmodem anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
[root@kinjiru bin]#

I connect via ethernet; maybe eth0 instead of ppp0? I have a dsl modem, of course, but it's plugged into the wall jack & linksys pci ethernet card - I left the USB cord in the box; I connect fine without it. I did have a LOWID damn it. I tried the edonkey2000 connection_test; it told me I had a stealth firewall running.

Greetings again!


Erm - about that guide being 'unreliable' sorry... I just googled it up and took the first link that worked. Doesn't seem to me like false information though so I guess it's still worth reading.

About your connection. You say you have a DSL connection and thus connect via ethernet. But do you have some kind of router between you and the DSL modem (linux router, hardware router, etc.) or does your box talk directly to the modem? The latter case would make things a bit easier for us to get your mule working. With a router it's also possible but a bit more work is required.

Now regarding your firewall configuration - fascinating.
The way I see it, you should have no problems with getting it to work by issuing This is assuming that you connect to your DSL modem directly. You can issue 'ifconfig' without the quotes, it will list you the configuration of all your network devices. If there is a ppp0 there, then you connect directly and can just execute the above line. If you connect via a router, you won't see any ppp device in the output of ifconfig and you have to substitute ppp0 for the ethernet device that is linked to your router (eg eth0). But you also need to configure port forwarding on the router (which is a bit more complicated) if this is the case.

After you made this change, you have to shutdown xmule and restart it, because it will still think that your port 4662 is closed (at least it does for me).

Only problem is that you will loose this configuration whenever you reboot or restart RedHat's firewall service. Basically you don't have to do much to make it permanent; you only have to insert the above command line into the right script at the right place. Unfortunately I don't know anything about how those scripts work in your distro, so I suggest you search the web, look for a file with 'firewall' in its name in /etc/init.d/ and try to understand where the iptables commands are being issued or just hope that some nice person with RedHat experience might help you with this.


Good luck!

Thanks once again for a quick and generous response. I'll try to find the files in here about my boot-time firewall settings to learn from that. But I'll take the hint/warning - it's no prob to type a command or 2 and restart the p2p client. Better that than staying open all the time. The term "rooted" just gives me butterflies.....

[root@kinjiru tyccea]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:04:5A:85:6E:3D
inet addr:PAR.ANO.I.D! Bcast:255.255.255.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:156373 errors:0 dropped:0 overruns:0 frame:0
TX packets:90967 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:219571508 (209.3 Mb) TX bytes:7074354 (6.7 Mb)
Interrupt:11 Base address:0x7c00

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:91 errors:0 dropped:0 overruns:0 frame:0
TX packets:91 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6226 (6.0 Kb) TX bytes:6226 (6.0 Kb)

The ethernet card inside the comp is connected to a Westell 2100 WireSpeed dsl modem. Could the Westell be acting as a router?
My extensive arsenal of networking know-how begins and ends with "modem" = modulate/demodulate.
May I ask why you found the firewall config 'fascinating'? I hope an apt synonym is 'impressive'. lol, I saw 'fascinating' and thought about that wallpaper: Blackhat: Open Source...Open Minds...Open Boxes