Problem with my firewall

Musikolo · 06-08-2005, 03:18 PM

Hi mates, I have a FC2 server with many services running: samba, email, web server, FTP server ... Everything works fine as far as I don't start amule, no matter the way I do: amule or amuled. Whenever I start it, I get my server frozen after 1 or 2 days running.

I've configure my firewall with GuardDog firewall tool and I've opened the ports the aMule web site recommends: TCP -> 4662 & UDP-> 4662:4665, 4672

More details about that at: http://www.amule.org/wiki/index.php/Firewall

However, I've realized many packets are dropped and my ip_conntrack gets bigger and bigger everytime what leads in a higher CPU overhead, although not much anyway.

Do you know what might be happening with my PC?

I've tried many things so far, although no success at all. The last thing I've tried is to launch a script which checks whether my IP has changed (I use dynamic DNS) and it such a case, it runs again the rc.firewall script GuardDog creates. It stops all the traffic, empties all chains and rewrites all rules again with the new IP.

I think my rc.firewal script is fine, but better check it on your own. The amule related rules are shown below:

# Traffic from 'Internet' to 'Local'

Code:

....

# Allow 'userdefined4' 
iptables -A f0to1 -p udp --sport 0:65535 --dport 4662:4665 -j ACCEPT 

# Allow 'userdefined2'
iptables -A f0to1 -p tcp --sport 0:65535 --dport 4672:4672 -m state --state NEW -j ACCEPT

# Allow 'userdefined1'
iptables -A f0to1 -p tcp --sport 0:65535 --dport 4711:4711 -m state --state NEW -j ACCEPT

# Allow 'userdefined5'
iptables -A f0to1 -p udp --sport 0:65535 --dport 4672:4672 -j ACCEPT

# Allow 'userdefined3'
iptables -A f0to1 -p tcp --sport 0:65535 --dport 4711:4711 -m state --state NEW -j ACCEPT
....

# Traffic from 'Local' to 'Internet' (Pay attention the last line edonkey 2000 section)

Code:

....

# Allow 'userdefined4'
iptables -A f1to0 -p udp --sport 0:65535 --dport 4662:4665 -j ACCEPT

# Allow 'userdefined2'
iptables -A f1to0 -p tcp --sport 0:65535 --dport 4672:4672 -m state --state NEW -j ACCEPT

....
# Allow 'edonkey2000'
iptables -A f1to0 -p tcp --sport 1024:6565 --dport 4661:4661 -m state --state NEW -j ACCEPT
iptables -A f1to0 -p tcp --sport 1024:6565 --dport 4662:4662 -m state --state NEW -j ACCEPT
iptables -A f0to1 -p tcp --sport 1024:65535 --dport 4662:4662 -m state --state NEW -j ACCEPT
iptables -A f1to0 -p udp --sport 1024:6565 --dport 4665:4665 -j ACCEPT
iptables -A f1to0 -p udp --sport 1024:6565 --dport 4666:4666 -j ACCEPT
iptables -A f0to1 -p udp --sport 1024:65535 --dport 4666:4666 -j ACCEPT


# Allow 'userdefined1'
iptables -A f1to0 -p tcp --sport 0:65535 --dport 4711:4711 -m state --state NEW -j ACCEPT

# Allow 'userdefined5'
iptables -A f1to0 -p udp --sport 0:65535 --dport 4672:4672 -j ACCEPT

# Allow 'userdefined3'
iptables -A f1to0 -p tcp --sport 0:65535 --dport 4711:4711 -m state --state NEW -j ACCEPT

In spite of the previous iptables rules, I get many packets dropped, as you can see in the following snippet of my /var/log/messages log fie:

Code:

Jun 3 22:56:12 localhost kernel: LIMITED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=62.220.8.39 LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=537 DF PROTO=UDP SPT=4665 DPT=4146 LEN=14  Jun 3 22:56:43 localhost kernel: DROPPED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=195.82.188.112 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16838 DF PROTO=TCP SPT=1703 DPT=4666 SEQ=4230406458 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405B40101040201030307)  
Jun 3 22:58:30 localhost kernel: DROPPED IN=eth1 OUT= MAC=00:0c:e5:bf:37:af:00:11:20:a7:d7:d5:08:00 SRC=61.53.154.81 DST=82.158.xxx.yyy LEN=502 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=32986 DPT=1026 LEN=482  
Jun 3 22:58:30 localhost kernel: LIMITED IN=eth1 OUT= MAC=00:0c:e5:bf:37:af:00:11:20:a7:d7:d5:08:00 SRC=61.53.154.81 DST=82.158.xxx.yyy LEN=502 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=32986 DPT=1027 LEN=482  
Jun 3 23:01:11 localhost kernel: DROPPED IN=eth1 OUT= MAC=00:0c:e5:bf:37:af:00:11:20:a7:d7:d5:08:00 SRC=61.53.154.81 DST=82.158.xxx.yyy LEN=502 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=32986 DPT=1026 LEN=482  
Jun 3 23:01:11 localhost kernel: DROPPED IN=eth1 OUT= MAC=00:0c:e5:bf:37:af:00:11:20:a7:d7:d5:08:00 SRC=61.53.154.81 DST=82.158.xxx.yyy LEN=502 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=UDP SPT=32986 DPT=1027 LEN=482 
Jun 3 23:01:32 localhost kernel: DROPPED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=63.246.128.120 LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=603 DF PROTO=UDP SPT=4665 DPT=3310 LEN=14  
Jun 3 23:01:37 localhost kernel: LIMITED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=62.241.53.15LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=604 DF PROTO=UDP SPT=4665 DPT=4246 LEN=14  
Jun 3 23:01:42 localhost kernel: DROPPED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=62.241.53.17LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=605 DF PROTO=UDP SPT=4665 DPT=4246 LEN=14  
Jun 3 23:02:38 localhost kernel: LIMITED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=80.239.200.99 LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=614 DF PROTO=UDP SPT=4665 DPT=4650 LEN=14  
Jun 3 23:02:43 localhost kernel: DROPPED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=62.241.53.2 LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=615 DF PROTO=UDP SPT=4665 DPT=4246 LEN=14  
Jun 3 23:03:39 localhost kernel: LIMITED IN= OUT=eth1 SRC=82.158.xxx.yyy DST=62.241.53.16LEN=34 TOS=0x00 PREC=0x00 TTL=64 ID=622 DF PROTO=UDP SPT=4665 DPT=4246 LEN=14

Why are all those packets dropped if there is a rule that matches?

I would REALLY appreciate any help you could give...

Thanks a lot!!

marghorp · 06-08-2005, 04:46 PM

What might be happening is buggy software like aMule. If it crashes in a couple of days, this means it's doing something it shouldn't. Buggy software is always the cause for system instability.

Musikolo · 06-09-2005, 12:43 AM

Yes, it might be, but what about the packets that are dropped in spite of being rules that are suppose to accepts these packets?? If only I know what's going on with my firewall. I don't understand why it does no obey all rules,,,, or at least, this is my impression!!

Thanks for your help!