[Shorewall-users] mldonkey/edonkey - servers not connected

Discussion:

bruma

2007-07-08 20:41:09 UTC

Hi,

I'm running mldonkey on same box as shorewall.
I follow this http://mldonkey.sourceforge.net/ShorewallConfiguration to open
ports for edonkey protocol

I add in /etc/shorewall/rules:

# eDonkey 2000
ACCEPT net $FW tcp 4662
ACCEPT net $FW udp 4666

but I could not connect to any edonkey server.
I check logs and notice that udp traffic on port 4666 is still dropped.
Jul 8 22:35:57 BSN-77-157-156 Shorewall:fw2net:REJECT: IN= OUT=ppp0 MAC=
SRC=132.71.17.156 DST=213.150.62.180 LEN=34 TOS=00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=4666 DPT=4665 LEN=14

Why?

regards Brumela

David Mohr

2007-07-08 21:25:54 UTC

Permalink

Post by bruma
Hi,
I'm running mldonkey on same box as shorewall.
I follow this
http://mldonkey.sourceforge.net/ShorewallConfiguration to
open ports for edonkey protocol
# eDonkey 2000
ACCEPT net $FW tcp 4662
ACCEPT net $FW udp 4666
but I could not connect to any edonkey server.
I check logs and notice that udp traffic on port 4666 is still dropped.
Jul 8 22:35:57 BSN-77-157-156 Shorewall:fw2net:REJECT: IN= OUT=ppp0 MAC=
SRC=132.71.17.156 DST=213.150.62.180 LEN=34 TOS=00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=4666 DPT=4665 LEN=14
Why?

Because as the log message you quote says, the destination port is
4665, which you have not allowed.

~David

bruma

2007-07-09 11:32:08 UTC

Permalink

Post by David Mohr
Because as the log message you quote says, the destination port is
4665, which you have not allowed.

In last two weeks I switched from firewall builder to shorewall. As I
remember opening two ports
tcp 4662
udp 4666
on firewall builder was enough to allow edonkey traffic.
So I guess I have to open more ports on shorewall?
What's the rule to do this?

Brumela

Andrew Suffield

2007-07-09 12:17:00 UTC

Permalink

Post by bruma

Post by David Mohr
Because as the log message you quote says, the destination port is
4665, which you have not allowed.

In last two weeks I switched from firewall builder to shorewall. As I
remember opening two ports
tcp 4662
udp 4666
on firewall builder was enough to allow edonkey traffic.

edonkey has always used one tcp port, and one udp port three places
higher. 4662 and 4666 will never have worked.

Tristan DEFERT

2007-07-09 12:27:31 UTC

Permalink

Post by Andrew Suffield

Post by bruma

Post by David Mohr
Because as the log message you quote says, the destination port is
4665, which you have not allowed.

In last two weeks I switched from firewall builder to shorewall. As I
remember opening two ports
tcp 4662
udp 4666
on firewall builder was enough to allow edonkey traffic.

edonkey has always used one tcp port, and one udp port three places
higher. 4662 and 4666 will never have worked.

I'm not so sure of that, because these ports are also configured on
client side. But this should be default config.

* in my /etc/shorewall/params i use:

# Gnutella 2 ports:
GNUTELLA2_TCP=6346
GNUTELLA2_UDP=6347,4637
# Edonkey ports:
EDONKEY_TCP=4662
EDONKEY_UDP=4662,4666
# Active P2P protocols:
P2P_TCP=$GNUTELLA2_TCP,$EDONKEY_TCP
P2P_UDP=$GNUTELLA2_UDP,$EDONKEY_UDP

and i allow from wan side these P2P_TCP/UDP traffic.
But: my fw IS my p2p client. If it is not, you should consider port
forwarding to your p2p client.

Post by Andrew Suffield
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Shorewall-users mailing list
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Andrew Suffield

2007-07-09 12:52:39 UTC

Permalink

Post by Tristan DEFERT

Post by Andrew Suffield

Post by bruma

Post by David Mohr
Because as the log message you quote says, the destination port is
4665, which you have not allowed.

In last two weeks I switched from firewall builder to shorewall. As I
remember opening two ports
tcp 4662
udp 4666
on firewall builder was enough to allow edonkey traffic.

edonkey has always used one tcp port, and one udp port three places
higher. 4662 and 4666 will never have worked.

I'm not so sure of that, because these ports are also configured on
client side. But this should be default config.

Only one value can be configured. The other is always +/- 3 from
it. This is built into the protocol (yes, it's strange).

bruma

2007-07-09 19:06:03 UTC

Permalink

Post by David Mohr
Because as the log message you quote says, the destination port is
4665, which you have not allowed.

Yes, I haven't allowed this traffic, but I was not aware of that. Yes
I'm a shorewall newbie.
The problem was in default policy rules which I took from
two-interfaces example.

I add this line to policy file
$FW net ACCEPT

and now it's working :)