LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Azureus and Firestarter Configuration Errors (http://www.linuxquestions.org/questions/linux-software-2/azureus-and-firestarter-configuration-errors-446071/)

sitmex 05-18-2006 10:45 AM

Azureus and Firestarter Configuration Errors
 
Good day

I've recently installed Firestarter and Azureus, and I have some problems with the two of them...

Firestarter: I've accidentally deleted all default configuration, so everytime I shutdown or reboot my computer, I have to go in to firestarter to shut it down or stop the firewall. I'm so frustrated since I didn't took note on the defaults, anyway, neither Web browsing nor Instant Messaging works. Haven't really tryed other things such as yum updating, pings, ftp or something else.

On the other hand Azureus reports a NAT Error on every port I have tried, even though, in iptables ports 6881 trough 6889 are open to UDP and TCP (I think, since My knowledge in iptables, firewalls and such things is quite limited) Yes, I'm a Linux Newbie...

Here it is the result of "iptables -L" with firestarter shuted down:
Code:

Chain INPUT (policy DROP)
target    prot opt source              destination
ACCEPT    tcp  --  10.10.6.7            anywhere            tcp flags:!SYN,RST,ACK/SYN
ACCEPT    udp  --  10.10.6.7            anywhere
ACCEPT    tcp  --  10.10.8.6            anywhere            tcp flags:!SYN,RST,ACK/SYN
ACCEPT    udp  --  10.10.8.6            anywhere
ACCEPT    tcp  --  dns.cybercable.net.mx  anywhere            tcp flags:!SYN,RST,ACK/SYN
ACCEPT    udp  --  dns.cybercable.net.mx  anywhere
ACCEPT    all  --  anywhere            anywhere
ACCEPT    icmp --  anywhere            anywhere            limit: avg 10/sec burst 5
DROP      all  --  anywhere            255.255.255.255
DROP      all  --  anywhere            255.255.255.255
DROP      all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP      all  --  anywhere            BASE-ADDRESS.MCAST.NET/8
DROP      all  --  255.255.255.255      anywhere
DROP      all  --  anywhere            0.0.0.0
DROP      all  --  anywhere            anywhere            state INVALID
LSI        all  -f  anywhere            anywhere            limit: avg 10/min burst 5
INBOUND    all  --  anywhere            anywhere
LOG_FILTER  all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            LOG level info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere            limit: avg 10/sec burst 5
LOG_FILTER  all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            LOG level info prefix `Unknown Forward'

Chain OUTPUT (policy DROP)
target    prot opt source              destination
ACCEPT    tcp  --  10.201.25.118        10.10.6.7          tcp dpt:domain
ACCEPT    udp  --  10.201.25.118        10.10.6.7          udp dpt:domain
ACCEPT    tcp  --  10.201.25.118        10.10.8.6          tcp dpt:domain
ACCEPT    udp  --  10.201.25.118        10.10.8.6          udp dpt:domain
ACCEPT    tcp  --  10.201.25.118        dns.cybercable.net.mx tcp dpt:domain
ACCEPT    udp  --  10.201.25.118        dns.cybercable.net.mx udp dpt:domain
ACCEPT    all  --  anywhere            anywhere
DROP      all  --  BASE-ADDRESS.MCAST.NET/8  anywhere
DROP      all  --  anywhere            BASE-ADDRESS.MCAST.NET/8
DROP      all  --  255.255.255.255      anywhere
DROP      all  --  anywhere            0.0.0.0
DROP      all  --  anywhere            anywhere            state INVALID
OUTBOUND  all  --  anywhere            anywhere
LOG_FILTER  all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            LOG level info prefix `Unknown Output'

Chain INBOUND (1 references)
target    prot opt source              destination
ACCEPT    tcp  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    udp  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            tcp dpts:6881:6889
ACCEPT    udp  --  anywhere            anywhere            udp dpts:6881:6889
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:http
ACCEPT    udp  --  anywhere            anywhere            udp dpt:http
LSI        all  --  anywhere            anywhere

Chain LOG_FILTER (5 references)
target    prot opt source              destination

Chain LSI (2 references)
target    prot opt source              destination
LOG_FILTER  all  --  anywhere            anywhere
LOG        tcp  --  anywhere            anywhere            tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP      tcp  --  anywhere            anywhere            tcp flags:SYN,RST,ACK/SYN
LOG        tcp  --  anywhere            anywhere            tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP      tcp  --  anywhere            anywhere            tcp flags:FIN,SYN,RST,ACK/RST
LOG        icmp --  anywhere            anywhere            icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP      icmp --  anywhere            anywhere            icmp echo-request
LOG        all  --  anywhere            anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP      all  --  anywhere            anywhere

Chain LSO (1 references)
target    prot opt source              destination
LOG_FILTER  all  --  anywhere            anywhere
LOG        all  --  anywhere            anywhere            limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT    all  --  anywhere            anywhere            reject-with icmp-port-unreachable

Chain OUTBOUND (1 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere
ACCEPT    tcp  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    udp  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    tcp  --  anywhere            anywhere            tcp dpts:bootps:bootpc
ACCEPT    udp  --  anywhere            anywhere            udp dpts:bootps:bootpc
ACCEPT    tcp  --  anywhere            anywhere            tcp dpts:6881:6889
ACCEPT    udp  --  anywhere            anywhere            udp dpts:6881:6889
ACCEPT    tcp  --  anywhere            anywhere            tcp dpt:http
ACCEPT    udp  --  anywhere            anywhere            udp dpt:http
LSO        all  --  anywhere            anywhere


Any Ideas on how should I proceed in order to have the both programs running as they should.

Box: Fedora Core 3 with 2.6.12-1.1381_FC3 Kernel i386 Arch.

It might be worth to mention that I do not have any routers or other devices attached to my network, it's a stand alone computer connected directly to my 'cable-modem'


Thanks in advance for your help

Regards

drkstr 05-18-2006 12:53 PM

I'm not an expert in iptables, but I know enough to get me by. I'm not sure what the INBOUND chain is used for, but I have mine opened under the INPUT chain:
Quote:

iptables -A INPUT -p TCP --dport 6881:6889 -i ${WAN} -j ACCEPT
and it seems to work for me. My iptables -L shows:
Code:

Chain INPUT (policy ACCEPT)
...
ACCEPT    tcp  --  anywhere            anywhere            tcp dpts:6881:6889

Hope this helped some.

regards,
...drkstr

sitmex 05-19-2006 02:29 PM

Nu luck
 
When typing the code Error occurs stating that ACCEPT is a bad argument
Code:

iptables -A INPUT -p TCP --dport 6881:6889 -i ${WAN} -j ACCEPT
Warning: wierd character in interface `-j' (No aliases, :, ! or *).
Bad argument `ACCEPT'

Any other Ideas?

drkstr 05-19-2006 02:49 PM

ACEEPT isn't the problem, it's just saying there is a bad argument in the ACCEPT chain. The problem is in the '-i ${WAN}' part. In my rc.firewall script, I set the variable WAN=eth0 which is the network device that connects to the internet. I have another one, LAN=eth1, which is the network device for all of my network traffic. You need to replace WAN with the network device you are using.

regards,
...drkstr

**edit**
for example:
Code:

iptables -A INPUT -p TCP --dport 6881:6889 -i eth0 -j ACCEPT
**edit**

sitmex 05-19-2006 05:49 PM

oops.
 
I haven't noticed it, sorry to bother...

sitmex 05-30-2006 07:36 PM

Apparently My ISP is blocking ports/torrents
 
Well,

Just for fun I went to Windows and installed Azureus, and everithing went ok, but the same problems were faced, NAT errors.

BUt they advised me to use Bit Comet but there is no release for Linux :tisk:

And now from windows I am posting this reply and downloading some songs ;) with BitComet. 0.67

Regards.

drkstr 05-30-2006 08:26 PM

I ran azureus just fine when I configured my iptables correctly. Don't blame Linux for a user error. I would suggest getting rid of that over the top firewall script you're using and start with just the basics. It would be more secure then using windows anyways. Once you get it working fine, you can start building a more secure firewall script that works around azureus.

Let me know if you need any help setting up some basic firewall rules.

regards,
...drkstr


All times are GMT -5. The time now is 05:07 AM.