LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   NAT, iptables, forwading, firewall (https://www.linuxquestions.org/questions/linux-newbie-8/nat-iptables-forwading-firewall-382124/)

w3it 11-11-2005 09:41 AM
Azureus NAT problem
 
Hi
I have set Azureus to use port 50505.
I use the Firewall and SELinux of Centos.
Here is a printout of my iptables status:


Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:50505

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:50505
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50505

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:50505
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:50505
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited


My hardware gateway is currently set with a virtual server to the internal IP address and port number of the Azureus machine.


Ive read through lots of posts, the firewall doc and the iptables doc but nothing seems to help.

I did a port scan and 50505 does not show up?

Anyway Ive spent about 2 days on this and given up. Any help greatly appreciated.


Thanks

Brian1 11-11-2005 05:49 PM
The only reference to open the port should be in the last section. Post your /etc/sysconfig/iptables script.

What are you using to portscan with?

Brian1

w3it 11-13-2005 12:51 PM
Hi Brian
thanks for your reply and here is the file:


# Generated by iptables-save v1.2.11 on Fri Nov 11 13:20:40 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [98086:66554731]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A OUTPUT -p tcp -m tcp --dport 50505 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Nov 11 13:20:40 2005



Any ideas?

Regards
Ian

Brian1 11-13-2005 03:56 PM
This is the way I would configure it. This should work as long as the following exist.
1. Azureus is configured on tcp port 50505
2. If there is firewall router between computer and the internet, then the wan tcp port 50505 needs to be forwarded to internal lan machine running Azureus. This works best when the lan machine uses static IP versus getting one from the routers DHCP pool.
That should be all that is needed since there is no blocking of outbound connections, so no outbound line is needed.

# Generated by iptables-save v1.2.11 on Fri Nov 11 13:20:40 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Hope this helps. Any questions please ask away.
Brian1

w3it 11-14-2005 04:30 AM
No luck Im afraid. Placed exactly what you have written and checked my harware gateway with has the azureus machine listed as a virtual server with port 50505.

Even if I deactivate the CentOS firewall and SELinux nothing changes. I am getting "blue faces" which according to the documentation indicates a NAT error. If that helps?

Thanks
Ian

Brian1 11-14-2005 03:38 PM
Is htis the default port for Azureus?
If not try setting it to the default on both firewall and router.
It might be best to leave the firewall turned off till you can get the router to port forward to the llinux's lan IP.

Brian1

tuxrules 11-14-2005 04:19 PM
Azureus being a bittorrent in Java...uses the default bittorrent port 6881.

w3it 11-17-2005 02:15 AM
Hi
thanks for your replies.

It seems some ISPs are wise to BitTorrents and do not like the concept and block the default ports. Users are avised to make their own.

Here is what I have found though. I am running a private lan 192.168.1.* and did not realise that it is sitting in aother private lan 172.26.0.* which has the gateway link to the Internet. I am trying to find out how to login to it as this is where I guess I should set the Azureus details.

Thanks
Ian


All times are GMT -5. The time now is 01:40 PM.