| View previous topic :: View next topic |
| Author |
Message |
L41n
Tux's lil' helper
Joined: 21 Jul 2004
Posts: 85
|
 Posted: Mon Aug 02, 2004 2:58 am Post subject: Refused connections in Bittorrent and aMule (iptables) |
 |
|
Hi everybody.
I am trying to setup my firewall but there is no way, no matter how hard it attempt, everything works except aMule and Bittorent. This is my iptables script:
| Code: | ## Flush rules
iptables -F
iptables -X
iptables -Z
## Standar policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
## Filter
# Localhost
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Full access for my ip
iptables -A INPUT -s 192.168.0.2 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.2 -j ACCEPT
# Internet
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Secure webs
/sbin/iptables -A INPUT -p tcp -m tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Passive and active FTP
/sbin/iptables -A INPUT -p tcp -m tcp --sport 20:21 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
# DNS1
/sbin/iptables -A INPUT -s 80.58.32.33 -p udp -m udp --sport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -d 80.58.32.33 -p udp -m udp --dport 53 -j ACCEPT
# DNS2
/sbin/iptables -A INPUT -s 80.58.0.97 -p udp -m udp --sport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -d 80.58.0.97 -p udp -m udp --dport 53 -j ACCEPT
## P2P rules
# aMule:
iptables -A INPUT -p UDP --dport 4665 -j ACCEPT
iptables -A INPUT -p UDP --dport 4672 -j ACCEPT
iptables -A INPUT -p TCP --dport 4662 -j ACCEPT
iptables -A INPUT -p TCP --dport 4661 -j ACCEPT
#Bittorrent
iptables -A INPUT -p TCP --dport 6881 -j ACCEPT
iptables -A INPUT -p TCP --dport 6882 -j ACCEPT
iptables -A INPUT -p TCP --dport 6883 -j ACCEPT
iptables -A INPUT -p TCP --dport 6884 -j ACCEPT |
that it could make to have access to Bittorrent and aMule?, thanks.
_________________
Emerge your liberty.
Last edited by L41n on Mon Aug 02, 2004 10:17 am; edited 1 time in total |
|
| Back to top |
|
 |
takn1157
n00b
Joined: 13 Jul 2004
Posts: 22
|
| Posted: Mon Aug 02, 2004 3:02 am Post subject: |
|
|
| I'm not sure if this would help, but have you doubled checked which ports are used by emule and bit torrent? If you are behind a router/firewall: I know I had to foward them in my router to get them to work. |
|
| Back to top |
|
|
GenKreton
l33t
Joined: 20 Sep 2003
Posts: 828
Location: Cambridge, MA
|
| Posted: Mon Aug 02, 2004 4:01 am Post subject: |
|
|
| I dunno if this will help much but for amule I only opened 4662 TCP and 4672 UDP. Bittorrent I opened the whole range from 6881 to 6889 inclusively. |
|
| Back to top |
|
|
L41n
Tux's lil' helper
Joined: 21 Jul 2004
Posts: 85
|
| Posted: Mon Aug 02, 2004 10:16 am Post subject: |
|
|
| takn1157 wrote: | | I'm not sure if this would help, but have you doubled checked which ports are used by emule and bit torrent? If you are behind a router/firewall: I know I had to foward them in my router to get them to work. |
Yes, I am behind a router with Bittorrent and aMule ports open. The case is that I share the connection with another computer and I would like to be able to use this firewall script in both to even reinforce the security.
I have also try with:
| Code: | iptables -A FORWARD -s 192.168.0.2 -p TCP --dport 6881 -j ACCEPT
iptables -A FORWARD -s 192.168.0.2 -p TCP --dport 6882 -j ACCEPT
iptables -A FORWARD -s 192.168.0.2 -p TCP --dport 6883 -j ACCEPT
iptables -A FORWARD -s 192.168.0.2 -p TCP --dport 6884 -j ACCEPT |
But it has not worked either.
_________________
Emerge your liberty. |
|
| Back to top |
|
|
L41n
Tux's lil' helper
Joined: 21 Jul 2004
Posts: 85
|
| Posted: Mon Aug 02, 2004 12:21 pm Post subject: |
|
|
Hi, this is my modified script. It had forgotten to include OUTPUT rules. the result is this:
| Code: | ## Flush rules
iptables -F
iptables -X
iptables -Z
## Standar policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
## Filter
# Localhost
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Full access for my ip
iptables -A INPUT -s 192.168.0.2 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.2 -j ACCEPT
# Internet
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Secure webs
/sbin/iptables -A INPUT -p tcp -m tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Passive and active FTP
/sbin/iptables -A INPUT -p tcp -m tcp --sport 20:21 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
# DNS1
/sbin/iptables -A INPUT -s 80.58.32.33 -p udp -m udp --sport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -d 80.58.32.33 -p udp -m udp --dport 53 -j ACCEPT
# DNS2
/sbin/iptables -A INPUT -s 80.58.0.97 -p udp -m udp --sport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -d 80.58.0.97 -p udp -m udp --dport 53 -j ACCEPT
## P2P rules
# aMule:
iptables -A INPUT -i eth0 -p UDP --dport 4665 -j ACCEPT
iptables -A INPUT -i eth0 -p UDP --dport 4994 -j ACCEPT
iptables -A INPUT -i eth0 -p UDP --dport 4672 -j ACCEPT
iptables -A OUTPUT -o eth0 -p UDP --sport 4665 -j ACCEPT
iptables -A OUTPUT -o eth0 -p UDP --sport 4994 -j ACCEPT
iptables -A OUTPUT -o eth0 -p UDP --sport 4672 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 4661 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 4990 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 4662 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 4661 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 4990 -j ACCEPT
#Bittorrent
iptables -A INPUT -i eth0 -p TCP --dport 6881:6884 -j ACCEPT
iptables -A OUTPUT -o eth0 -p TCP --sport 6881:6884 -j ACCEPT
# Backup barrier in case change to ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 1:1024 -j DROP
/sbin/iptables -A INPUT -p udp -m udp --dport 1:1024 -j DROP
/sbin/iptables -A INPUT -p tcp -m tcp --dport 1723 -j DROP
/sbin/iptables -A INPUT -p tcp -m tcp --dport 3306 -j DROP
/sbin/iptables -A INPUT -p tcp -m tcp --dport 5432 -j DROP |
In this script, I have full connection with Bittorrent but aMule refuses to work.
Thanks for your help.
_________________
Emerge your liberty. |
|
| Back to top |
|
|
GenKreton
l33t
Joined: 20 Sep 2003
Posts: 828
Location: Cambridge, MA
|
| Posted: Mon Aug 02, 2004 4:51 pm Post subject: |
|
|
A question for you. Do you need to specify eth0? (I'm still learning my iptables). I have 2 interfaces so I'd want ports open to both eth0 and wlan0.
Also from the amule wiki:
| Quote: | If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:
iptables -A INPUT -p tcp --dport XX -j ACCEPT
iptables -A INPUT -p udp --dport XX+3 -j ACCEPT
iptables -A INPUT -p udp --dport YY -j ACCEPT |
|
|
| Back to top |
|
|
Sebell
n00b
Joined: 26 Nov 2003
Posts: 20
|
| Posted: Mon Aug 02, 2004 8:14 pm Post subject: Re: Refused connections in Bittorrent and aMule (iptables) |
|
|
| L41n wrote: | Hi everybody.
I am trying to setup my firewall but there is no way, no matter how hard it attempt, everything works except aMule and Bittorent. This is my iptables script:
| Code: | ## Flush rules
iptables -F
iptables -X
iptables -Z
## Standar policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
## Filter
# Localhost
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
# Full access for my ip
iptables -A INPUT -s 192.168.0.2 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.2 -j ACCEPT
|
|
Okay .. From the sounds of this you are NOT directly connected to the internet -- the above two rules completely moot all of the rules below as I would suppose that the 192.168.0.x addresses are the inside ip's for your network -- this machine is NOT the gateway -- Correct?
| L41n wrote: |
| Code: |
# Internet
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
# Secure webs
/sbin/iptables -A INPUT -p tcp -m tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Passive and active FTP
/sbin/iptables -A INPUT -p tcp -m tcp --sport 20:21 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
# DNS1
/sbin/iptables -A INPUT -s 80.58.32.33 -p udp -m udp --sport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -d 80.58.32.33 -p udp -m udp --dport 53 -j ACCEPT
# DNS2
/sbin/iptables -A INPUT -s 80.58.0.97 -p udp -m udp --sport 53 -j ACCEPT
/sbin/iptables -A OUTPUT -d 80.58.0.97 -p udp -m udp --dport 53 -j ACCEPT
## P2P rules
# aMule:
iptables -A INPUT -p UDP --dport 4665 -j ACCEPT
iptables -A INPUT -p UDP --dport 4672 -j ACCEPT
iptables -A INPUT -p TCP --dport 4662 -j ACCEPT
iptables -A INPUT -p TCP --dport 4661 -j ACCEPT
#Bittorrent
iptables -A INPUT -p TCP --dport 6881 -j ACCEPT
iptables -A INPUT -p TCP --dport 6882 -j ACCEPT
iptables -A INPUT -p TCP --dport 6883 -j ACCEPT
iptables -A INPUT -p TCP --dport 6884 -j ACCEPT |
that it could make to have access to Bittorrent and aMule?, thanks. |
You need to ensure that you are correctly NATting and Forwarding ports at the GATEWAY device.
_________________
sufficiently advanced systems are indistinguishable from magic.
Lets get magical |
|
| Back to top |
|
|
didier30
Apprentice
Joined: 28 Mar 2004
Posts: 225
Location: nîmes (30)
|
| Posted: Mon Sep 12, 2005 8:30 pm Post subject: |
|
|
Excuse me but my english is a little poor
here's my configuration of iptables which amule work but only on LowID (i'm behind a router and i don't access to it)
| Code: | iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol tcp --dport 4662 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol tcp --sport 4662 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol udp --dport 4672 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol udp --sport 4672 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol tcp --dport 4661 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol tcp --sport 5661 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol tcp --dport 5661 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol tcp --sport 5661 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol udp --dport 4665 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol udp --sport 4665 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol tcp --dport 4711 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol tcp --sport 4711 -m state --state ESTABLISHED,RELATED -j ACCEPT |
replace $EXTERNEL_INTERFACE by your way to the net : eth0 or ppp0
if it you serve
_________________
Athlon 4200+ doublecore socket AM2 - 2Go RAM dual channel - Nvidia 6800 GS 512Mo
~amd64
KFreeFlight, a FlightGear GUI frontend for FlightGear available at http://kfreeflight.sourceforge.net |
|
| Back to top |
|
|
didier30
Apprentice
Joined: 28 Mar 2004
Posts: 225
Location: nîmes (30)
|
| Posted: Mon Sep 12, 2005 9:03 pm Post subject: |
|
|
sorry
it's the good code
| Code: | iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol tcp --dport 4662 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol tcp --sport 4662 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol udp --dport 4672 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol udp --sport 4672 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol udp --dport 4665 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol udp --sport 4665 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol tcp --dport 4661 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol tcp --sport 4661 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE --protocol tcp --dport 5661 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $EXTERNAL_INTERFACE --protocol tcp --sport 5661 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
_________________
Athlon 4200+ doublecore socket AM2 - 2Go RAM dual channel - Nvidia 6800 GS 512Mo
~amd64
KFreeFlight, a FlightGear GUI frontend for FlightGear available at http://kfreeflight.sourceforge.net |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
