| View previous topic :: View next topic |
| Author |
Message |
plexustech
n00b
Joined: 21 Sep 2003
Posts: 42
Location: Sydney, Australia
|
 Posted: Thu Oct 09, 2003 11:44 am Post subject: How do you unblock ports in Shorewall for Xmule low id? |
 |
|
I'm running xmule from my gentoo box, which is also running my Shorewall firewall. Although it works, I always get the inevitable "low id" error because it claims that the needed ports are unreachable. How do I get around this? In the "Firewall Rules" section of administering Shorewall via webmin, I have the following settings:
| Code: |
Action Source Destination Protocol Source ports Destination ports
ACCEPT Zone net Firewall TCP 80 80
ACCEPT Any Any TCP 4662 4662
ACCEPT Any Any UDP 4672 4672
ACCEPT Firewall Any Any
|
Yet this doesn't work. Can anyone point me as to what I'm doing wrong? Thanks in advance.
_________________
Idiot Filter: "Ya, we run the C++ operating system on a QNX platform over FDDI twisted pair at 600 MIPS." If they swallow that, hang up. |
|
| Back to top |
|
 |
miunk
Apprentice
Joined: 24 Sep 2002
Posts: 199
|
| Posted: Thu Oct 09, 2003 3:00 pm Post subject: |
|
|
I think that you need 4662 TCP and 4666 UDP. You also need high ports open for all the connections you make. I am not sure if my solution is best, but I use iptables and am currently accepting from the net on ports:
4662:65534
mldonkey works with this configuration, and my lower-port services appear to be protected. However, opening such a gaping hole in my firewall and assuming it is safe may just be naive. |
|
| Back to top |
|
|
plexustech
n00b
Joined: 21 Sep 2003
Posts: 42
Location: Sydney, Australia
|
| Posted: Thu Oct 09, 2003 3:11 pm Post subject: |
|
|
| miunk wrote: | I think that you need 4662 TCP and 4666 UDP. You also need high ports open for all the connections you make. I am not sure if my solution is best, but I use iptables and am currently accepting from the net on ports:
4662:65534
mldonkey works with this configuration, and my lower-port services appear to be protected. However, opening such a gaping hole in my firewall and assuming it is safe may just be naive. |
I'm a little lost here: viewing the preferences in xmule shows 4662 TCP and 4672 UDP, which I'm supposedly unblocking with the Shorewall config shown. Are you suggesting I do an "ACCEPT net any" with a range of 4662:65534 for source and destination? Why do you need high ports open for xmule?
Thanks.
_________________
Idiot Filter: "Ya, we run the C++ operating system on a QNX platform over FDDI twisted pair at 600 MIPS." If they swallow that, hang up. |
|
| Back to top |
|
|
ronmon
Veteran
Joined: 15 Apr 2002
Posts: 1043
Location: Key West, FL
|
| Posted: Thu Oct 09, 2003 3:38 pm Post subject: |
|
|
| Just an aside, it is bad etiquette to post the same thread in multiple forums. |
|
| Back to top |
|
|
Terminal
n00b
Joined: 13 Mar 2003
Posts: 21
Location: Melbourne, Australia
|
| Posted: Mon Oct 20, 2003 6:29 am Post subject: |
|
|
This is the shorewall config I use to fix lowid problems. Each system has it's own port which you can set easily enough. Some servers still complain about lowids (I think they want port 4662 only), but none of the good ones, so I don't miss them. You don't need to unblock any massive port ranges, those connections are opened by your system, so as long as you have unlimited access to zone net you'll be fine.
| Code: |
# ---------------------------------------------------------------------------
# Rules added by Simon 03/07/03
# Donkey network - does fix LowID problem
# Bender
DNAT net loc:192.168.0.200 tcp 4662
# Enceladus
DNAT net loc:192.168.0.132 tcp 4664
DNAT net loc:192.168.0.132 tcp 4665
# Homer
DNAT net loc:192.168.0.90 tcp 4663
# Carnage
DNAT net loc:192.168.0.133 tcp 4666
# Barney
DNAT net loc:192.168.0.6 tcp 4667
# ---------------------------------------------------------------------------
|
Oh, and that is copied from my /etc/shorewall/rules, I haven't used webmin to configure shorewall, so I don't know how to set it up that way.
_________________
I'm not lazy, I just take a minimalistic approach to work.
I'm not lazy, I'm just motivationally challenged. |
|
| Back to top |
|
|
smith
Apprentice
Joined: 12 Sep 2003
Posts: 222
|
| Posted: Tue Oct 21, 2003 2:22 pm Post subject: |
|
|
this may just be what I am looking for..
thx
_________________
gentoo portage > * |
|
| Back to top |
|
|
|
Networking & Security
