I connect Internet through Linux Gateway, it doesn't allow me use Emule to get file. I also contact to my administrator, and he is sure that he have set iptables firewall allow range port: 4661-4672 (even TCP and UDP). However i have been know that he has set allow me full port to connect Internet.
He also edit Nat for range port 4662:4672 nated at Zyxel modem.(i have seen it). But, i can connect to emule with HighID (just LowID).
How can i fix this problem, please help me or tell me the way to tell him.
Thank you very much.

What your administrator has done, is basically right. However to make you connect at a HIGH ID, you will have to NAT a bigger portion of port ranges to the computer running eMule.

In my particular network using a gateway Linux IPTables Firewall, I DNAT destination ports (TCP) 4242 to 4670, source ports 4242 to 9999, (UDP) destination ports 4672 and source ports 4672 to the machine running eMule.

I also let the firewall forward (UDP) 4672 and (TCP) 4242 to 4680 with destination to the machine running eMule or packets that originate from that same machine.

I hope this information is of some help. If you need more help don't be afraid to ask. Good luck.

Thanks for your answer, and this is the line that my administrator have added to "rc.firewall"

Note: is MAC address of my computer.
However i still can't get Emule HighID. Are there some thing wrong? Can you show me, thanks so much.

The forwarding part seems to be in order, and I don't believe it needs to be changed. Perhaps you could tell your administrator to extend this:

a)
$IPT -A FORWARD -p TCP -i $LAN_IFACE -o $INET_IFACE -m mac --mac-source 00:50:8B:AF:73:C4 --dport 4662:4670 -m state --state NEW,ESTABLISHED -j ACCEPT

to when you get an incoming packet from $INET_IFACE, in other words add the following lines:

b)
$IPT -A FORWARD -p UDP -i $INET_IFACE -o $LAN_IFACE -d <eMule machine> --dport 4672 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A FORWARD -p TCP -i $INET_IFACE -o $LAN_IFACE -d <eMule machine> --dport 4662:4670 -m state --state ESTABLISHED,RELATED -j ACCEPT

This however only makes sense if you add the following to the NAT table:

c)
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p udp --sport 4672 -j DNAT --to <eMule machine>
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p udp --dport 4672 -j DNAT --to <eMule machine>
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p tcp --sport 4242:9999 -j DNAT --to <eMule machine>
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p tcp --dport 4242:4670 -j DNAT --to <eMule machine>

Notice how the ranges of the TCP ports are quite big. You could have your administrator try to lower it, I'm sure for security reasons a 5000 port range is a little too much. I would suggest you start here and try to lower the range with time. The DNAT part is important, since when the packet goes through the FORWARD part of the chain, after transversing c) it will need b) to let the packet through.

I hope this wasn't too confusing and I hope it helps you with your problem. Good luck