iptables - how to allow client in my local net use emule -- please help me
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
iptables - how to allow client in my local net use emule -- please help me
I connect Internet through Linux Gateway, it doesn't allow me use Emule to get file. I also contact to my administrator, and he is sure that he have set iptables firewall allow range port: 4661-4672 (even TCP and UDP). However i have been know that he has set allow me full port to connect Internet.
He also edit Nat for range port 4662:4672 nated at Zyxel modem.(i have seen it). But, i can connect to emule with HighID (just LowID).
How can i fix this problem, please help me or tell me the way to tell him.
Thank you very much.
What your administrator has done, is basically right. However to make you connect at a HIGH ID, you will have to NAT a bigger portion of port ranges to the computer running eMule.
In my particular network using a gateway Linux IPTables Firewall, I DNAT destination ports (TCP) 4242 to 4670, source ports 4242 to 9999, (UDP) destination ports 4672 and source ports 4672 to the machine running eMule.
I also let the firewall forward (UDP) 4672 and (TCP) 4242 to 4680 with destination to the machine running eMule or packets that originate from that same machine.
I hope this information is of some help. If you need more help don't be afraid to ask. Good luck.
What your administrator has done, is basically right. However to make you connect at a HIGH ID, you will have to NAT a bigger portion of port ranges to the computer running eMule.
In my particular network using a gateway Linux IPTables Firewall, I DNAT destination ports (TCP) 4242 to 4670, source ports 4242 to 9999, (UDP) destination ports 4672 and source ports 4672 to the machine running eMule.
I also let the firewall forward (UDP) 4672 and (TCP) 4242 to 4680 with destination to the machine running eMule or packets that originate from that same machine.
I hope this information is of some help. If you need more help don't be afraid to ask. Good luck.
Thanks for your answer, and this is the line that my administrator have added to "rc.firewall"
Quote:
$IPT -A FORWARD -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -m mac --mac-source 00:50:8B:AF:73:C4 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -p TCP -i $LAN_IFACE -o $INET_IFACE -m mac --mac-source 00:50:8B:AF:73:C4 --dport 4662:4670 -m state --state NEW,ESTABLISHED -j ACCEPT
Note:
Quote:
00:50:8B:AF:73:C4
is MAC address of my computer.
However i still can't get Emule HighID. Are there some thing wrong? Can you show me, thanks so much.
Notice how the ranges of the TCP ports are quite big. You could have your administrator try to lower it, I'm sure for security reasons a 5000 port range is a little too much. I would suggest you start here and try to lower the range with time. The DNAT part is important, since when the packet goes through the FORWARD part of the chain, after transversing c) it will need b) to let the packet through.
I hope this wasn't too confusing and I hope it helps you with your problem. Good luck
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.