* opening a port.. @ 2003-01-08 12:12 mdew 2003-01-08 12:33 ` Dharmendra.T 2003-01-08 12:53 ` mdew 0 siblings, 2 replies; 26+ messages in thread From: mdew @ 2003-01-08 12:12 UTC (permalink / raw) To: netfilter Hi, Just *testing* this out.. iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT yet, when i try to telnet to it, mdew:~# telnet 127.0.0.1 4662 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused Yeah I know I have lots of unnessary rules, but im only testing 'em...it just seems a little strange that i cant see 4662 (Edonkey port) on the router. -mdew ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-08 12:12 opening a port mdew @ 2003-01-08 12:33 ` Dharmendra.T 2003-01-08 12:52 ` mdew 2003-01-08 13:02 ` Robert Botha 2003-01-08 12:53 ` mdew 1 sibling, 2 replies; 26+ messages in thread From: Dharmendra.T @ 2003-01-08 12:33 UTC (permalink / raw) To: mdew; +Cc: netfilter On Wed, 2003-01-08 at 17:42, mdew wrote: > > Hi, > Just *testing* this out.. > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT > > yet, when i try to telnet to it, > > mdew:~# telnet 127.0.0.1 4662 > Trying 127.0.0.1... > telnet: Unable to connect to remote host: Connection refused > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it > just seems a little strange that i cant see 4662 (Edonkey port) on the > router. > > -mdew > > Note: telnet 127.0.0.1 port This will not go through any of the interfaces(eth*). You should allow this through -i lo. Here some how you are getting connected and you are getting the response connection refused. Probably you are not running the service on the router!. -- Dharmendra.T Linux Enthu ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-08 12:33 ` Dharmendra.T @ 2003-01-08 12:52 ` mdew 2003-01-08 14:24 ` Rob Sterenborg ` (2 more replies) 2003-01-08 13:02 ` Robert Botha 1 sibling, 3 replies; 26+ messages in thread From: mdew @ 2003-01-08 12:52 UTC (permalink / raw) To: Dharmendra.T; +Cc: netfilter On Thu, 2003-01-09 at 01:33, Dharmendra.T wrote: > > > On Wed, 2003-01-08 at 17:42, mdew wrote: > > > > Hi, > > Just *testing* this out.. > > > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT > > > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT > > > > yet, when i try to telnet to it, > > > > mdew:~# telnet 127.0.0.1 4662 > > Trying 127.0.0.1... > > telnet: Unable to connect to remote host: Connection refused > > > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it > > just seems a little strange that i cant see 4662 (Edonkey port) on the > > router. > > > > -mdew > > > > > Note: > telnet 127.0.0.1 port > > This will not go through any of the interfaces(eth*). You should allow > this through -i lo. > > Here some how you are getting connected and you are getting the response > connection refused. Probably you are not running the service on the > router!. > > -- > Dharmendra.T > Linux Enthu > ok, telnet from another machine to the router. telnet 10.0.0.6 4662 Trying 10.0.0.6... telnet: Unable to connect to remote host: Connection refused what "service" should I be running? I simply want 4662 open both ways. -mdew ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-08 12:52 ` mdew @ 2003-01-08 14:24 ` Rob Sterenborg 2003-01-09 1:58 ` mdew 2003-01-09 2:41 ` mdew 2003-01-08 14:40 ` Rodrigo Hidalgo 2003-01-09 4:10 ` Dharmendra.T 2 siblings, 2 replies; 26+ messages in thread From: Rob Sterenborg @ 2003-01-08 14:24 UTC (permalink / raw) To: netfilter > ok, telnet from another machine to the router. > > telnet 10.0.0.6 4662 > Trying 10.0.0.6... > telnet: Unable to connect to remote host: Connection refused > > what "service" should I be running? I simply want 4662 open both ways. # netstat -an|grep 4662 should tell you if your box is listening at all on port 4662. If you run eDonkey server on the firewall box, open port in the INPUT chain. If your eDonkey server is *behind* the firewall, open the port in the FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain. Rob ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-08 14:24 ` Rob Sterenborg @ 2003-01-09 1:58 ` mdew 2003-01-09 2:41 ` mdew 1 sibling, 0 replies; 26+ messages in thread From: mdew @ 2003-01-09 1:58 UTC (permalink / raw) To: Rob Sterenborg; +Cc: netfilter On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote: > > ok, telnet from another machine to the router. > > > > telnet 10.0.0.6 4662 > > Trying 10.0.0.6... > > telnet: Unable to connect to remote host: Connection refused > > > > what "service" should I be running? I simply want 4662 open both ways. > > # netstat -an|grep 4662 > should tell you if your box is listening at all on port 4662. > > If you run eDonkey server on the firewall box, open port in the INPUT > chain. > If your eDonkey server is *behind* the firewall, open the port in the > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain. the edonkey server is behind the firewall 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662 iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT like that? ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-08 14:24 ` Rob Sterenborg 2003-01-09 1:58 ` mdew @ 2003-01-09 2:41 ` mdew 2003-01-09 4:55 ` Dharmendra.T 2003-01-09 8:21 ` Rob Sterenborg 1 sibling, 2 replies; 26+ messages in thread From: mdew @ 2003-01-09 2:41 UTC (permalink / raw) To: Rob Sterenborg; +Cc: netfilter On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote: > > ok, telnet from another machine to the router. > > > > telnet 10.0.0.6 4662 > > Trying 10.0.0.6... > > telnet: Unable to connect to remote host: Connection refused > > > > what "service" should I be running? I simply want 4662 open both ways. > > # netstat -an|grep 4662 > should tell you if your box is listening at all on port 4662. > > If you run eDonkey server on the firewall box, open port in the INPUT > chain. > If your eDonkey server is *behind* the firewall, open the port in the > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain. the edonkey server is behind the firewall 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662 iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT like that? ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 2:41 ` mdew @ 2003-01-09 4:55 ` Dharmendra.T 2003-01-09 6:16 ` mdew 2003-01-09 8:21 ` Rob Sterenborg 1 sibling, 1 reply; 26+ messages in thread From: Dharmendra.T @ 2003-01-09 4:55 UTC (permalink / raw) To: mdew; +Cc: Rob Sterenborg, netfilter On Thu, 2003-01-09 at 08:11, mdew wrote: > On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote: > > > ok, telnet from another machine to the router. > > > > > > telnet 10.0.0.6 4662 > > > Trying 10.0.0.6... > > > telnet: Unable to connect to remote host: Connection refused > > > > > > what "service" should I be running? I simply want 4662 open both ways. > > > > # netstat -an|grep 4662 > > should tell you if your box is listening at all on port 4662. > > > > If you run eDonkey server on the firewall box, open port in the INPUT > > chain. > > If your eDonkey server is *behind* the firewall, open the port in the > > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain. > > the edonkey server is behind the firewall > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662 > This should work without the last rule. iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT > > like that? > > > -- Dharmendra.T Linux Enthu ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 4:55 ` Dharmendra.T @ 2003-01-09 6:16 ` mdew 2003-01-09 6:26 ` Dharmendra.T 0 siblings, 1 reply; 26+ messages in thread From: mdew @ 2003-01-09 6:16 UTC (permalink / raw) To: Dharmendra.T; +Cc: Rob Sterenborg, netfilter On Thu, 2003-01-09 at 17:55, Dharmendra.T wrote: > On Thu, 2003-01-09 at 08:11, mdew wrote: > > On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote: > > > > ok, telnet from another machine to the router. > > > > > > > > telnet 10.0.0.6 4662 > > > > Trying 10.0.0.6... > > > > telnet: Unable to connect to remote host: Connection refused > > > > > > > > what "service" should I be running? I simply want 4662 open both ways. > > > > > > # netstat -an|grep 4662 > > > should tell you if your box is listening at all on port 4662. > > > > > > If you run eDonkey server on the firewall box, open port in the INPUT > > > chain. > > > If your eDonkey server is *behind* the firewall, open the port in the > > > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain. > > > > the edonkey server is behind the firewall > > > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662 > > > > This should work without the last rule. > > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT > > > > like that? the router isnt picking this up.. mdew:~# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662 mdew:~# iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT mdew:~# netstat -an|grep 4662 mdew:~# mdew@nirvana:~$ nmap 10.0.0.6 Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) Interesting ports on debian (10.0.0.6): (The 1598 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 110/tcp open pop-3 113/tcp open auth 135/tcp filtered loc-srv 139/tcp filtered netbios-ssn 8080/tcp open http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 2.545 seconds ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 6:16 ` mdew @ 2003-01-09 6:26 ` Dharmendra.T 2003-01-09 6:45 ` mdew 0 siblings, 1 reply; 26+ messages in thread From: Dharmendra.T @ 2003-01-09 6:26 UTC (permalink / raw) To: mdew; +Cc: netfilter On Thu, 2003-01-09 at 11:46, mdew wrote: > On Thu, 2003-01-09 at 17:55, Dharmendra.T wrote: > > On Thu, 2003-01-09 at 08:11, mdew wrote: > > > On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote: > > > > > ok, telnet from another machine to the router. > > > > > > > > > > telnet 10.0.0.6 4662 > > > > > Trying 10.0.0.6... > > > > > telnet: Unable to connect to remote host: Connection refused > > > > > > > > > > what "service" should I be running? I simply want 4662 open both ways. > > > > > > > > # netstat -an|grep 4662 > > > > should tell you if your box is listening at all on port 4662. > > > > > > > > If you run eDonkey server on the firewall box, open port in the INPUT > > > > chain. > > > > If your eDonkey server is *behind* the firewall, open the port in the > > > > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain. > > > > > > the edonkey server is behind the firewall > > > > > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x > > > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662 > > > > > > > This should work without the last rule. > > > > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT > > > > > > like that? > > the router isnt picking this up.. > > mdew:~# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 > --dport 4662 -j DNAT --to 10.0.0.6:4662 > mdew:~# iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j > ACCEPT > mdew:~# netstat -an|grep 4662 > mdew:~# > > mdew@nirvana:~$ nmap 10.0.0.6 > > Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) > Interesting ports on debian (10.0.0.6): > (The 1598 ports scanned but not shown below are in state: closed) > Port State Service > 22/tcp open ssh > 25/tcp open smtp > 110/tcp open pop-3 > 113/tcp open auth > 135/tcp filtered loc-srv > 139/tcp filtered netbios-ssn > 8080/tcp open http-proxy > > Nmap run completed -- 1 IP address (1 host up) scanned in 2.545 seconds > > > As said you are not running any service on that port so the port is not listening, Try the rules by listening a port using nc(netcat) # nc -l -p 4662 And then run nmap. You should get listed this port! -- Dharmendra.T Linux Enthu ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 6:26 ` Dharmendra.T @ 2003-01-09 6:45 ` mdew 2003-01-09 6:53 ` Dharmendra.T 0 siblings, 1 reply; 26+ messages in thread From: mdew @ 2003-01-09 6:45 UTC (permalink / raw) To: Dharmendra.T; +Cc: netfilter On Thu, 2003-01-09 at 19:26, Dharmendra.T wrote: > On Thu, 2003-01-09 at 11:46, mdew wrote: > > On Thu, 2003-01-09 at 17:55, Dharmendra.T wrote: > > > On Thu, 2003-01-09 at 08:11, mdew wrote: > > > > On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote: > > > > > > ok, telnet from another machine to the router. > > > > > > > > > > > > telnet 10.0.0.6 4662 > > > > > > Trying 10.0.0.6... > > > > > > telnet: Unable to connect to remote host: Connection refused > > > > > > > > > > > > what "service" should I be running? I simply want 4662 open both ways. > > > > > > > > > > # netstat -an|grep 4662 > > > > > should tell you if your box is listening at all on port 4662. > > > > > > > > > > If you run eDonkey server on the firewall box, open port in the INPUT > > > > > chain. > > > > > If your eDonkey server is *behind* the firewall, open the port in the > > > > > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain. > > > > > > > > the edonkey server is behind the firewall > > > > > > > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x > > > > > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662 > > > > > > > > > > This should work without the last rule. > > > > > > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT > > > > > > > > like that? > > > > the router isnt picking this up.. > > > > mdew:~# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 > > --dport 4662 -j DNAT --to 10.0.0.6:4662 > > mdew:~# iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j > > ACCEPT > > mdew:~# netstat -an|grep 4662 > > mdew:~# > > > > mdew@nirvana:~$ nmap 10.0.0.6 > > > > Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) > > Interesting ports on debian (10.0.0.6): > > (The 1598 ports scanned but not shown below are in state: closed) > > Port State Service > > 22/tcp open ssh > > 25/tcp open smtp > > 110/tcp open pop-3 > > 113/tcp open auth > > 135/tcp filtered loc-srv > > 139/tcp filtered netbios-ssn > > 8080/tcp open http-proxy > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 2.545 seconds > > > > > > > As said you are not running any service on that port so the port is not > listening, Try the rules by listening a port using nc(netcat) > > # nc -l -p 4662 > > And then run nmap. You should get listed this port! > > -- > Dharmendra.T > Linux Enthu mdew:~# nc -l -p 4662 ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~# (some strange characters, then it quits) mdew:~# netstat -an|grep 4662 mdew:~# nirvana:/home/mdew# nmap 10.0.0.6 Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) Interesting ports on debian (10.0.0.6): (The 1591 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 110/tcp open pop-3 111/tcp filtered sunrpc 113/tcp open auth 135/tcp filtered loc-srv 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 199/tcp filtered smux 826/tcp filtered unknown 953/tcp filtered rndc 8080/tcp open http-proxy ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 6:45 ` mdew @ 2003-01-09 6:53 ` Dharmendra.T 2003-01-09 7:04 ` mdew 0 siblings, 1 reply; 26+ messages in thread From: Dharmendra.T @ 2003-01-09 6:53 UTC (permalink / raw) To: mdew; +Cc: netfilter > > > > # nc -l -p 4662 > > > > And then run nmap. You should get listed this port! > > > > -- > > Dharmendra.T > > Linux Enthu > > mdew:~# nc -l -p 4662 > ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~# > > (some strange characters, then it quits) > > mdew:~# netstat -an|grep 4662 > mdew:~# > > nirvana:/home/mdew# nmap 10.0.0.6 > > Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) > Interesting ports on debian (10.0.0.6): > (The 1591 ports scanned but not shown below are in state: closed) > Port State Service > 22/tcp open ssh > 25/tcp open smtp > 110/tcp open pop-3 > 111/tcp filtered sunrpc > 113/tcp open auth > 135/tcp filtered loc-srv > 136/tcp filtered profile > 137/tcp filtered netbios-ns > 138/tcp filtered netbios-dgm > 139/tcp filtered netbios-ssn > 199/tcp filtered smux > 826/tcp filtered unknown > 953/tcp filtered rndc > 8080/tcp open http-proxy > > > > nc, I mean to say netcat.? -- Dharmendra.T Linux Enthu ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 6:53 ` Dharmendra.T @ 2003-01-09 7:04 ` mdew 2003-01-09 8:04 ` Jörg Esser 2003-01-09 8:11 ` Dharmendra.T 0 siblings, 2 replies; 26+ messages in thread From: mdew @ 2003-01-09 7:04 UTC (permalink / raw) To: Dharmendra.T; +Cc: netfilter On Thu, 2003-01-09 at 19:53, Dharmendra.T wrote: > > > > > > # nc -l -p 4662 > > > > > > And then run nmap. You should get listed this port! > > > > > > -- > > > Dharmendra.T > > > Linux Enthu > > > > mdew:~# nc -l -p 4662 > > ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~# > > > > (some strange characters, then it quits) > > > > mdew:~# netstat -an|grep 4662 > > mdew:~# > > > > nirvana:/home/mdew# nmap 10.0.0.6 > > > > Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) > > Interesting ports on debian (10.0.0.6): > > (The 1591 ports scanned but not shown below are in state: closed) > > Port State Service > > 22/tcp open ssh > > 25/tcp open smtp > > 110/tcp open pop-3 > > 111/tcp filtered sunrpc > > 113/tcp open auth > > 135/tcp filtered loc-srv > > 136/tcp filtered profile > > 137/tcp filtered netbios-ns > > 138/tcp filtered netbios-dgm > > 139/tcp filtered netbios-ssn > > 199/tcp filtered smux > > 826/tcp filtered unknown > > 953/tcp filtered rndc > > 8080/tcp open http-proxy > > > > > > > > > > nc, I mean to say netcat.? it was netcat apt-get install netcat ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-09 7:04 ` mdew @ 2003-01-09 8:04 ` Jörg Esser 2003-01-09 8:36 ` mdew 2003-01-09 8:11 ` Dharmendra.T 1 sibling, 1 reply; 26+ messages in thread From: Jörg Esser @ 2003-01-09 8:04 UTC (permalink / raw) To: netfilter mdew wrote: >On Thu, 2003-01-09 at 19:53, Dharmendra.T wrote: > > >>>># nc -l -p 4662 >>>> >>>>And then run nmap. You should get listed this port! >>>> >>>>-- >>>>Dharmendra.T >>>>Linux Enthu >>>> >>>> >>>mdew:~# nc -l -p 4662 >>>ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~# >>> >>>(some strange characters, then it quits) >>> >>>mdew:~# netstat -an|grep 4662 >>>mdew:~# >>> >>>nirvana:/home/mdew# nmap 10.0.0.6 >>> >>> nmap -p4662 10.0.0.6 Should work better. and a new version of nmap should work better, too. I heard that when you use nmap as your way it picks just well known ports (/etc/service file ?) and then you won´t get this special port if its not in there.(Maybe I´m wrong) >>>Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) >>>Interesting ports on debian (10.0.0.6): >>>(The 1591 ports scanned but not shown below are in state: closed) >>>Port State Service >>>22/tcp open ssh >>>25/tcp open smtp >>>110/tcp open pop-3 >>>111/tcp filtered sunrpc >>>113/tcp open auth >>>135/tcp filtered loc-srv >>>136/tcp filtered profile >>>137/tcp filtered netbios-ns >>>138/tcp filtered netbios-dgm >>>139/tcp filtered netbios-ssn >>>199/tcp filtered smux >>>826/tcp filtered unknown >>>953/tcp filtered rndc >>>8080/tcp open http-proxy >>> >>> >>> >>> >>> >>> >>nc, I mean to say netcat.? >> >> > >it was netcat > >apt-get install netcat > > > > > > ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-09 8:04 ` Jörg Esser @ 2003-01-09 8:36 ` mdew 0 siblings, 0 replies; 26+ messages in thread From: mdew @ 2003-01-09 8:36 UTC (permalink / raw) To: Jörg Esser; +Cc: netfilter [-- Attachment #1: Type: text/plain, Size: 2089 bytes --] On Thu, 2003-01-09 at 21:04, Jörg Esser wrote: > > > mdew wrote: > > >On Thu, 2003-01-09 at 19:53, Dharmendra.T wrote: > > > > > >>>># nc -l -p 4662 > >>>> > >>>>And then run nmap. You should get listed this port! > >>>> > >>>>-- > >>>>Dharmendra.T > >>>>Linux Enthu > >>>> > >>>> > >>>mdew:~# nc -l -p 4662 > >>>ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~# > >>> > >>>(some strange characters, then it quits) > >>> > >>>mdew:~# netstat -an|grep 4662 > >>>mdew:~# > >>> > >>>nirvana:/home/mdew# nmap 10.0.0.6 > >>> > >>> > nmap -p4662 10.0.0.6 hmm with all the changes it still cant see it nirvana:/home/mdew# nmap -p4662 10.0.0.6 Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) The 1 scanned port on debian (10.0.0.6) is: closed Nmap run completed -- 1 IP address (1 host up) scanned in 0.319 seconds > Should work better. > and a new version of nmap should work better, too. > I heard that when you use nmap as your way it picks just well known > ports (/etc/service file ?) and then you won´t get this special port if > its not in there.(Maybe I´m wrong) > > >>>Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ ) > >>>Interesting ports on debian (10.0.0.6): > >>>(The 1591 ports scanned but not shown below are in state: closed) > >>>Port State Service > >>>22/tcp open ssh > >>>25/tcp open smtp > >>>110/tcp open pop-3 > >>>111/tcp filtered sunrpc > >>>113/tcp open auth > >>>135/tcp filtered loc-srv > >>>136/tcp filtered profile > >>>137/tcp filtered netbios-ns > >>>138/tcp filtered netbios-dgm > >>>139/tcp filtered netbios-ssn > >>>199/tcp filtered smux > >>>826/tcp filtered unknown > >>>953/tcp filtered rndc > >>>8080/tcp open http-proxy > >>> > >>> > >>> > >>> > >>> > >>> > >>nc, I mean to say netcat.? > >> > >> > > > >it was netcat > > > >apt-get install netcat > > > > > > > > > > > > > > > [-- Attachment #2: iptable_list.txt --] [-- Type: text/plain, Size: 11602 bytes --] Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT udp -- anywhere anywhere udp dpt:pop3 ACCEPT udp -- anywhere anywhere udp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp spt:auth ACCEPT tcp -- anywhere anywhere tcp spt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:4661 ACCEPT udp -- anywhere anywhere udp dpt:4661 ACCEPT udp -- anywhere anywhere udp dpt:4661 ACCEPT tcp -- anywhere anywhere tcp dpt:4661 ACCEPT tcp -- anywhere anywhere tcp spt:4661 ACCEPT udp -- anywhere anywhere udp spt:4661 ACCEPT udp -- anywhere anywhere udp spt:4661 ACCEPT tcp -- anywhere anywhere tcp spt:4661 ACCEPT tcp -- anywhere anywhere tcp dpt:4662 ACCEPT udp -- anywhere anywhere udp dpt:4662 ACCEPT udp -- anywhere anywhere udp dpt:4662 ACCEPT tcp -- anywhere anywhere tcp dpt:4662 ACCEPT tcp -- anywhere anywhere tcp spt:4662 ACCEPT udp -- anywhere anywhere udp spt:4662 ACCEPT udp -- anywhere anywhere udp spt:4662 ACCEPT tcp -- anywhere anywhere tcp spt:4662 ACCEPT tcp -- anywhere anywhere tcp dpt:4665 ACCEPT udp -- anywhere anywhere udp dpt:4665 ACCEPT udp -- anywhere anywhere udp dpt:4665 ACCEPT tcp -- anywhere anywhere tcp dpt:4665 ACCEPT tcp -- anywhere anywhere tcp spt:4665 ACCEPT udp -- anywhere anywhere udp spt:4665 ACCEPT udp -- anywhere anywhere udp spt:4665 ACCEPT tcp -- anywhere anywhere tcp spt:4665 REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp spts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp spts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp spt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp spt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp spt:domain ACCEPT tcp -- paul. anywhere tcp dpt:4665 limit: avg 1/hour burst 5 ACCEPT udp -- paul. anywhere udp dpt:4665 limit: avg 1/hour burst 5 ACCEPT udp -- paul. anywhere udp spt:4665 limit: avg 1/hour burst 5 ACCEPT tcp -- paul. anywhere tcp spt:4665 limit: avg 1/hour burst 5 ACCEPT tcp -- anywhere anywhere tcp dpt:4661 ACCEPT tcp -- anywhere anywhere tcp dpt:4661 ACCEPT udp -- anywhere anywhere udp dpt:4661 ACCEPT udp -- anywhere anywhere udp dpt:4661 ACCEPT udp -- anywhere anywhere udp spt:4661 ACCEPT udp -- anywhere anywhere udp spt:4661 ACCEPT tcp -- anywhere anywhere tcp spt:4661 ACCEPT tcp -- anywhere anywhere tcp spt:4661 ACCEPT tcp -- anywhere anywhere tcp dpt:4662 ACCEPT tcp -- anywhere anywhere tcp dpt:4662 ACCEPT udp -- anywhere anywhere udp dpt:4662 ACCEPT udp -- anywhere anywhere udp dpt:4662 ACCEPT udp -- anywhere anywhere udp spt:4662 ACCEPT udp -- anywhere anywhere udp spt:4662 ACCEPT tcp -- anywhere anywhere tcp spt:4662 ACCEPT tcp -- anywhere anywhere tcp spt:4662 ACCEPT tcp -- anywhere anywhere tcp dpt:4665 ACCEPT tcp -- anywhere anywhere tcp dpt:4665 ACCEPT udp -- anywhere anywhere udp dpt:4665 ACCEPT udp -- anywhere anywhere udp dpt:4665 ACCEPT udp -- anywhere anywhere udp spt:4665 ACCEPT udp -- anywhere anywhere udp spt:4665 ACCEPT tcp -- anywhere anywhere tcp spt:4665 ACCEPT tcp -- anywhere anywhere tcp spt:4665 REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable ACCEPT tcp -- anywhere 10.0.0.6 tcp dpt:4662 Chain OUTPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-w ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 7:04 ` mdew 2003-01-09 8:04 ` Jörg Esser @ 2003-01-09 8:11 ` Dharmendra.T 2003-01-09 8:24 ` mdew 1 sibling, 1 reply; 26+ messages in thread From: Dharmendra.T @ 2003-01-09 8:11 UTC (permalink / raw) To: mdew; +Cc: netfilter it was netcat > > apt-get install netcat > > try with netcat and let us know. -- Dharmendra.T Linux Enthu ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 8:11 ` Dharmendra.T @ 2003-01-09 8:24 ` mdew 2003-01-09 20:38 ` Athan 0 siblings, 1 reply; 26+ messages in thread From: mdew @ 2003-01-09 8:24 UTC (permalink / raw) To: Dharmendra.T; +Cc: netfilter On Thu, 2003-01-09 at 21:11, Dharmendra.T wrote: > it was netcat > > > > apt-get install netcat > > > > > > try with netcat and let us know. > > -- > Dharmendra.T > Linux Enthu mdew:/bin# ls -al netcat lrwxrwxrwx 1 root root 2 Jan 9 19:34 netcat -> nc mdew:~# netcat -help [v1.10] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port] options: -e prog program to exec after connect [dangerous!!] -b allow broadcasts -g gateway source-routing hop point[s], up to 8 -G num source-routing pointer: 4, 8, 12, ... -h this cruft -i secs delay interval for lines sent, ports scanned -l listen mode, for inbound connects -n numeric-only IP addresses, no DNS -o file hex dump of traffic -p port local port number -r randomize local and remote ports -q secs quit after EOF on stdin and delay of secs -s addr local source address -t answer TELNET negotiation -u UDP mode -v verbose [use twice to be more verbose] -w secs timeout for connects and final net reads -z zero-I/O mode [used for scanning] port numbers can be individual or ranges: lo-hi [inclusive] mdew:~# netcat -p 4662 no destination mdew:~# nc -l -p 4662 ã;ãÛûÇΨºUû×JüGâ°ødfg<øÁoÆmdew:~# netcat Cmd line: mdew:~# netcat -l -p 4662 ã;ãÛûÇΨºUû×JüGâ°ødfg<øÁoÆmdew:~# netcat -l -p 4662 ãP<H¹ogÝT'␉´\¾ä6▒http://emule-project.net<6ÁoÆmdew:~# ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-09 8:24 ` mdew @ 2003-01-09 20:38 ` Athan 0 siblings, 0 replies; 26+ messages in thread From: Athan @ 2003-01-09 20:38 UTC (permalink / raw) To: mdew; +Cc: Dharmendra.T, netfilter [-- Attachment #1: Type: text/plain, Size: 870 bytes --] On Thu, Jan 09, 2003 at 09:24:32PM +1300, mdew wrote: > mdew:~# netcat -p 4662 > no destination > mdew:~# nc -l -p 4662 > ??;??????????????U????J??G??????dfg<????o??mdew:~# netcat > Cmd line: > mdew:~# netcat -l -p 4662 > ??;??????????????U????J??G??????dfg<????o??mdew:~# netcat -l -p 4662 > ??P<H??og??T'?????\????6???http://emule-project.net<6??o??mdew:~# I suspect you'll find that's other eDonkey clients connecting to the netcat ;). Why not just make SURE you're running the client for testing this? You'll know when it's working as the eDonkey client will have clients connecting. -Ath -- - Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/ Finger athan(at)fysh.org for PGP key "And it's me who is my enemy. Me who beats me up. Me who makes the monsters. Me who strips my confidence." Paula Cole - ME [-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 2:41 ` mdew 2003-01-09 4:55 ` Dharmendra.T @ 2003-01-09 8:21 ` Rob Sterenborg 2003-01-09 9:51 ` mdew 1 sibling, 1 reply; 26+ messages in thread From: Rob Sterenborg @ 2003-01-09 8:21 UTC (permalink / raw) To: netfilter > > # netstat -an|grep 4662 > > should tell you if your box is listening at all on port 4662. > > > > If you run eDonkey server on the firewall box, open port in > the INPUT > > chain. > > If your eDonkey server is *behind* the firewall, open the > port in the > > FORWARD chain, and add a DNAT rule in the nat table -> > PREROUTING chain. > > the edonkey server is behind the firewall > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 > --dport 4662 -j DNAT --to 10.0.0.6:4662 > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT > > like that? If default policy for FORWARD is ACCEPT then it should work without the FORWARD, else you need it. For me such a setup works. If you do a netstat -an on the eDonkey box (you don't need netcat to do that) and it doesn't report 4662 then eDonkey is not running/listening and you can never connect. About opening ports for eDonkey, from the eDonkey website : (http://www.edonkey2000.com/documentation/index.html) ==== 2. Software Firewall If you are running software like Norton Personal Firewall, Tiny Firewall, Zone Alarm, BlackIce or <...snip...> Alternatively, with some more advanced firewalls, or firewall settings you will need to open ports 4661 and 4662 TCP for both incoming and out going connections, as well as port 4665 UDP for both incoming and outgoing connections. 3. Hardware firewall Setting up your hardware firewall is a tad more difficult, but if you have one chances are you know what your doing. You will need to set it to allow both incoming and outgoing connections on 4661 & 4662 TCP and port 4665 UDP. ==== So you need to open more ports than just 4662/tcp I think. And IMHO you want a statefull packetfilter, if you haven't made it already statefull. (iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT) Rob ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 8:21 ` Rob Sterenborg @ 2003-01-09 9:51 ` mdew 2003-01-09 10:35 ` Rob Sterenborg 0 siblings, 1 reply; 26+ messages in thread From: mdew @ 2003-01-09 9:51 UTC (permalink / raw) To: Rob Sterenborg; +Cc: netfilter On Thu, 2003-01-09 at 21:21, Rob Sterenborg wrote: > > > # netstat -an|grep 4662 > > > should tell you if your box is listening at all on port 4662. > > > > > > If you run eDonkey server on the firewall box, open port in > > the INPUT > > > chain. > > > If your eDonkey server is *behind* the firewall, open the > > port in the > > > FORWARD chain, and add a DNAT rule in the nat table -> > > PREROUTING chain. > > > > the edonkey server is behind the firewall > > > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 > > --dport 4662 -j DNAT --to 10.0.0.6:4662 > > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT > > > > like that? > > If default policy for FORWARD is ACCEPT then it should work without the > FORWARD, else you need it. > > For me such a setup works. > > If you do a netstat -an on the eDonkey box (you don't need netcat to do > that) and it doesn't report 4662 then eDonkey is not running/listening > and you can never connect. > > About opening ports for eDonkey, from the eDonkey website : > (http://www.edonkey2000.com/documentation/index.html) > ==== > 2. Software Firewall > If you are running software like Norton Personal Firewall, Tiny > Firewall, Zone Alarm, BlackIce or <...snip...> > Alternatively, with some more advanced firewalls, or firewall settings > you will need to open ports 4661 and 4662 TCP for both incoming and out > going connections, as well as port 4665 UDP for both incoming and > outgoing connections. > > 3. Hardware firewall > Setting up your hardware firewall is a tad more difficult, but if you > have one chances are you know what your doing. You will need to set it > to allow both incoming and outgoing connections on 4661 & 4662 TCP and > port 4665 UDP. > ==== > So you need to open more ports than just 4662/tcp I think. > And IMHO you want a statefull packetfilter, if you haven't made it > already statefull. > (iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT) > > > Rob > > ok heres my current script, yes its inefficient, but thats not the major problem.. 4662 port :/ I relise that theres more ports available for edonkey to use, but opening ONE port would be a start. i added "iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT" without anything happening... /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_conntrack_irc /sbin/modprobe ip_nat_irc /sbin/modprobe ip_nat_ftp # <<<<< COMPLETE-BLOCKAGE SMB/Samba Traffic >>>>> iptables -A FORWARD -o eth1 -p tcp --dport 135:139 -j REJECT iptables -A FORWARD -o eth1 -p udp --dport 135:139 -j REJECT iptables -A FORWARD -o eth1 -p tcp --sport 135:139 -j REJECT iptables -A FORWARD -o eth1 -p udp --sport 135:139 -j REJECT iptables -A FORWARD -o eth0 -p tcp --dport 135:139 -j REJECT iptables -A FORWARD -o eth0 -p tcp --sport 135:139 -j REJECT iptables -A FORWARD -o eth0 -p udp --sport 135:139 -j REJECT iptables -A FORWARD -o eth0 -p udp --dport 135:139 -j REJECT iptables -A INPUT -i eth0 -p tcp --dport 135:139 -j REJECT iptables -A INPUT -i eth0 -p udp --dport 135:139 -j REJECT iptables -A INPUT -i eth0 -p tcp --sport 135:139 -j REJECT iptables -A INPUT -i eth0 -p udp --sport 135:139 -j REJECT iptables -A INPUT -i eth1 -p tcp --dport 135:139 -j REJECT iptables -A INPUT -i eth1 -p udp --dport 135:139 -j REJECT iptables -A INPUT -i eth1 -p tcp --sport 135:139 -j REJECT iptables -A INPUT -i eth1 -p udp --sport 135:139 -j REJECT iptables -A OUTPUT -o eth0 -p tcp --dport 135:139 -j REJECT iptables -A OUTPUT -o eth0 -p udp --dport 135:139 -j REJECT iptables -A OUTPUT -o eth0 -p tcp --sport 135:139 -j REJECT iptables -A OUTPUT -o eth0 -p udp --sport 135:139 -j REJECT iptables -A OUTPUT -o eth1 -p tcp --dport 135:139 -j REJECT iptables -A OUTPUT -o eth1 -p udp --dport 135:139 -j REJECT iptables -A OUTPUT -o eth1 -p tcp --sport 135:139 -j REJECT iptables -A OUTPUT -o eth1 -p udp --sport 135:139 -j REJECT iptables -A INPUT -i eth0 -p tcp --dport 113 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 113 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 113 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 113 -j ACCEPT iptables -A FORWARD -p tcp --dport auth -i eth0 -j ACCEPT iptables -A FORWARD -p tcp --sport auth -i eth0 -j ACCEPT iptables -A FORWARD -p tcp --dport auth -i eth1 -j ACCEPT iptables -A FORWARD -p tcp --sport auth -i eth1 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --dport 113 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --dport 113 -j ACCEPT iptables -A FORWARD -i eth0 -p tcp --dport 113 -j ACCEPT iptables -A FORWARD -i eth1 -p tcp --dport 113 -j ACCEPT iptables -A FORWARD -p tcp -s 10.0.0.9 --dport 4665 -m limit --limit 1/hour -j ACCEPT iptables -A FORWARD -p udp -s 10.0.0.9 --dport 4665 -m limit --limit 1/hour -j ACCEPT iptables -A FORWARD -p udp -s 10.0.0.9 --sport 4665 -m limit --limit 1/hour -j ACCEPT iptables -A FORWARD -p tcp -s 10.0.0.9 --sport 4665 -m limit --limit 1/hour -j ACCEPT # Block Outside the Network iptables -A FORWARD -o eth0 -p tcp --dport 111 -j REJECT iptables -A INPUT -i eth0 -p tcp --dport 111 -j REJECT iptables -A FORWARD -o eth0 -p tcp --dport 199 -j REJECT iptables -A INPUT -i eth0 -p tcp --dport 199 -j REJECT iptables -A FORWARD -o eth0 -p tcp --dport 826 -j REJECT iptables -A INPUT -i eth0 -p tcp --dport 826 -j REJECT iptables -A FORWARD -o eth0 -p tcp --dport 953 -j REJECT iptables -A INPUT -i eth0 -p tcp --dport 953 -j REJECT # Block Inside the Network iptables -A FORWARD -o eth1 -p tcp --dport 111 -j REJECT iptables -A INPUT -i eth1 -p tcp --dport 111 -j REJECT iptables -A FORWARD -o eth1 -p tcp --dport 199 -j REJECT iptables -A INPUT -i eth1 -p tcp --dport 199 -j REJECT iptables -A FORWARD -o eth1 -p tcp --dport 826 -j REJECT iptables -A INPUT -i eth1 -p tcp --dport 826 -j REJECT iptables -A INPUT -i eth1 -p tcp --dport 953 -j REJECT iptables -A INPUT -i eth0 -p tcp --dport 4661 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 4661 -j ACCEPT iptables -A INPUT -i eth1 -p udp --dport 4661 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 4661 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 4661 -j ACCEPT iptables -A INPUT -i eth1 -p udp --sport 4661 -j ACCEPT iptables -A INPUT -i eth0 -p udp --sport 4661 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 4661 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --dport 4661 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --dport 4661 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --dport 4661 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --dport 4661 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --sport 4661 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --sport 4661 -j ACCEPT ptables -A FORWARD -o eth0 -p tcp --sport 4661 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 4665 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 4665 -j ACCEPT iptables -A INPUT -i eth1 -p udp --dport 4665 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 4665 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --sport 4665 -j ACCEPT iptables -A INPUT -i eth1 -p udp --sport 4665 -j ACCEPT iptables -A INPUT -i eth0 -p udp --sport 4665 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --sport 4665 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --dport 4665 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --dport 4665 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --dport 4665 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --dport 4665 -j ACCEPT iptables -A FORWARD -o eth0 -p udp --sport 4665 -j ACCEPT iptables -A FORWARD -o eth1 -p udp --sport 4665 -j ACCEPT iptables -A FORWARD -o eth1 -p tcp --sport 4665 -j ACCEPT iptables -A FORWARD -o eth0 -p tcp --sport 4665 -j ACCEPT ^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port.. 2003-01-09 9:51 ` mdew @ 2003-01-09 10:35 ` Rob Sterenborg 0 siblings, 0 replies; 26+ messages in thread From: Rob Sterenborg @ 2003-01-09 10:35 UTC (permalink / raw) Cc: netfilter > ok heres my current script, yes its inefficient, but thats > not the major problem.. 4662 port :/ I relise that theres > more ports available for edonkey to use, but opening ONE port > would be a start. > > i added "iptables -A FORWARD -m state --state > RELATED,ESTABLISHED -j ACCEPT" without anything happening... > <snip> > iptables -A FORWARD -o eth1 -p udp --dport 4665 -j ACCEPT > iptables -A FORWARD -o eth0 -p udp --dport 4665 -j ACCEPT > iptables -A FORWARD -o eth0 -p udp --sport 4665 -j ACCEPT > iptables -A FORWARD -o eth1 -p udp --sport 4665 -j ACCEPT > iptables -A FORWARD -o eth1 -p tcp --sport 4665 -j ACCEPT > iptables -A FORWARD -o eth0 -p tcp --sport 4665 -j ACCEPT > Okay, let's leave these rules alone for a moment. *IS* your eDonkey server running/listening. If you do a netstat -an *on the machine that's supposed to be running eDonkey* (you don't need netcat to do this) then it must report one (or more) ports belonging to eDonkey as listening . If not, you can try whatever you want but it won't work ; you will never connect, not even local. Forwarding is not going to help you then and AFAIK you can't test if forwarding is working (which doesn't say it's impossible ; I just don't know how). Besides, going back to the ruleset, I don't see an "echo 1 > /proc/sys/net/ipv4/ip_forward". You may have setup the rules correctly but it's not going to forward anything untill you did the above "echo". Rob ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-08 12:52 ` mdew 2003-01-08 14:24 ` Rob Sterenborg @ 2003-01-08 14:40 ` Rodrigo Hidalgo 2003-01-09 4:10 ` Dharmendra.T 2 siblings, 0 replies; 26+ messages in thread From: Rodrigo Hidalgo @ 2003-01-08 14:40 UTC (permalink / raw) To: mdew; +Cc: netfilter Hi, I guess youre scenario is like this: some_machine - - - Router - - - - server_maybe_not_existing(4662) If you want to be able to get any positive respons you should do a some_machine> telnet server_maybe_not_existing 4662 The router will not tell you the port is open. Good Luck! /r On 9 Jan 2003, mdew wrote: > Date: 09 Jan 2003 01:52:07 +1300 > From: mdew <mdew@mdew.dyndns.org> > To: Dharmendra.T <dharmu@nsecure.net> > Cc: netfilter <netfilter@lists.netfilter.org> > Subject: Re: opening a port.. > > On Thu, 2003-01-09 at 01:33, Dharmendra.T wrote: > > > > > > On Wed, 2003-01-08 at 17:42, mdew wrote: > > > > > > Hi, > > > Just *testing* this out.. > > > > > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT > > > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT > > > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT > > > > > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT > > > > > > yet, when i try to telnet to it, > > > > > > mdew:~# telnet 127.0.0.1 4662 > > > Trying 127.0.0.1... > > > telnet: Unable to connect to remote host: Connection refused > > > > > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it > > > just seems a little strange that i cant see 4662 (Edonkey port) on the > > > router. > > > > > > -mdew > > > > > > > > Note: > > telnet 127.0.0.1 port > > > > This will not go through any of the interfaces(eth*). You should allow > > this through -i lo. > > > > Here some how you are getting connected and you are getting the response > > connection refused. Probably you are not running the service on the > > router!. > > > > -- > > Dharmendra.T > > Linux Enthu > > > ok, telnet from another machine to the router. > > telnet 10.0.0.6 4662 > Trying 10.0.0.6... > telnet: Unable to connect to remote host: Connection refused > > what "service" should I be running? I simply want 4662 open both ways. > > -mdew > > ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-08 12:52 ` mdew 2003-01-08 14:24 ` Rob Sterenborg 2003-01-08 14:40 ` Rodrigo Hidalgo @ 2003-01-09 4:10 ` Dharmendra.T 2 siblings, 0 replies; 26+ messages in thread From: Dharmendra.T @ 2003-01-09 4:10 UTC (permalink / raw) To: mdew; +Cc: netfilter On Wed, 2003-01-08 at 18:22, mdew wrote: > On Thu, 2003-01-09 at 01:33, Dharmendra.T wrote: > > > > > > On Wed, 2003-01-08 at 17:42, mdew wrote: > > > > > > Hi, > > > Just *testing* this out.. > > > > > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT > > > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT > > > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT > > > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT > > > > > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT > > > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT > > > > > > yet, when i try to telnet to it, > > > > > > mdew:~# telnet 127.0.0.1 4662 > > > Trying 127.0.0.1... > > > telnet: Unable to connect to remote host: Connection refused > > > > > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it > > > just seems a little strange that i cant see 4662 (Edonkey port) on the > > > router. > > > > > > -mdew > > > > > > > > Note: > > telnet 127.0.0.1 port > > > > This will not go through any of the interfaces(eth*). You should allow > > this through -i lo. > > > > Here some how you are getting connected and you are getting the response > > connection refused. Probably you are not running the service on the > > router!. > > > > -- > > Dharmendra.T > > Linux Enthu > > > ok, telnet from another machine to the router. > > telnet 10.0.0.6 4662 > Trying 10.0.0.6... > telnet: Unable to connect to remote host: Connection refused > > what "service" should I be running? I simply want 4662 open both ways. > > -mdew > Install nc and run #nc -l -p 4662 And then try to connect. Some service should be running on the port else you will get the same error message. -- Dharmendra.T Linux Enthu ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-08 12:33 ` Dharmendra.T 2003-01-08 12:52 ` mdew @ 2003-01-08 13:02 ` Robert Botha 1 sibling, 0 replies; 26+ messages in thread From: Robert Botha @ 2003-01-08 13:02 UTC (permalink / raw) To: mdew; +Cc: netfilter Check if the service is listening..and if it's listening on *:4662 or on a specific interface. netstat -tupln|grep ":4662" ----- Original Message ----- From: "Dharmendra.T" <dharmu@nsecure.net> To: "mdew" <mdew@mdew.dyndns.org> Cc: "netfilter" <netfilter@lists.netfilter.org> Sent: Wednesday, January 08, 2003 2:33 PM Subject: Re: opening a port.. > > > On Wed, 2003-01-08 at 17:42, mdew wrote: > > > > Hi, > > Just *testing* this out.. > > > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT > > > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT > > > > yet, when i try to telnet to it, > > > > mdew:~# telnet 127.0.0.1 4662 > > Trying 127.0.0.1... > > telnet: Unable to connect to remote host: Connection refused > > > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it > > just seems a little strange that i cant see 4662 (Edonkey port) on the > > router. > > > > -mdew > > > > > Note: > telnet 127.0.0.1 port > > This will not go through any of the interfaces(eth*). You should allow > this through -i lo. > > Here some how you are getting connected and you are getting the response > connection refused. Probably you are not running the service on the > router!. > > -- > Dharmendra.T > Linux Enthu > > > > > ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-08 12:12 opening a port mdew 2003-01-08 12:33 ` Dharmendra.T @ 2003-01-08 12:53 ` mdew 2003-01-08 13:54 ` Raymond Leach 1 sibling, 1 reply; 26+ messages in thread From: mdew @ 2003-01-08 12:53 UTC (permalink / raw) To: mdew-pop3; +Cc: netfilter On Thu, 2003-01-09 at 01:12, mdew wrote: > > Hi, > Just *testing* this out.. > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT > > yet, when i try to telnet to it, > > mdew:~# telnet 127.0.0.1 4662 > Trying 127.0.0.1... > telnet: Unable to connect to remote host: Connection refused > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it > just seems a little strange that i cant see 4662 (Edonkey port) on the > router. > > -mdew ok, from another machine->router. (same problem) telnet 10.0.0.6 4662 Trying 10.0.0.6... telnet: Unable to connect to remote host: Connection refused ^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port.. 2003-01-08 12:53 ` mdew @ 2003-01-08 13:54 ` Raymond Leach 0 siblings, 0 replies; 26+ messages in thread From: Raymond Leach @ 2003-01-08 13:54 UTC (permalink / raw) To: mdew; +Cc: Netfilter Mailing List [-- Attachment #1: Type: text/plain, Size: 2514 bytes --] On Wed, 2003-01-08 at 14:53, mdew wrote: > On Thu, 2003-01-09 at 01:12, mdew wrote: > > > > Hi, > > Just *testing* this out.. > > > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT > > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT > > > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT > > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT > > > > yet, when i try to telnet to it, > > > > mdew:~# telnet 127.0.0.1 4662 > > Trying 127.0.0.1... > > telnet: Unable to connect to remote host: Connection refused > > > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it > > just seems a little strange that i cant see 4662 (Edonkey port) on the > > router. > > > > -mdew > > ok, from another machine->router. (same problem) > > telnet 10.0.0.6 4662 > Trying 10.0.0.6... > telnet: Unable to connect to remote host: Connection refused > Connection refused means the router is not listening on that port ... > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ( Raymond Leach ) ) Knowledge Factory ( ( ) ) Tel: +27 11 445 8100 ( ( Fax: +27 11 445 8101 ) ) ( ( http://www.knowledgefactory.co.za/ ) ) http://www.saptg.co.za/ ( ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ o o o o .--. .--. | o_o| |o_o | | \_:| |:_/ | / / \\ // \ \ ( | |) (| | ) /`\_ _/'\ /'\_ _/`\ \___)=(___/ \___)=(___/ [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
[parent not found: <FD8F124A387AD6119F7900A0D218B321561E53@hslex01.hslbz.local>]
* RE: opening a port.. [not found] <FD8F124A387AD6119F7900A0D218B321561E53@hslex01.hslbz.local> @ 2003-01-09 10:40 ` Rob Sterenborg 0 siblings, 0 replies; 26+ messages in thread From: Rob Sterenborg @ 2003-01-09 10:40 UTC (permalink / raw) To: 'Jörg Esser', 'netfilter' > I heard that when you use nmap as your way it picks just well known > ports (/etc/service file ?) and then you won´t get this > special port if > its not in there.(Maybe I´m wrong) I have a /usr/share/nmap/nmap-services file. I think nmap is picking that file to scan for services. It's more detailed than /etc/services, but indeed it doesn't include eDonkey ports. Rob ^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2003-01-09 20:38 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-08 12:12 opening a port mdew
2003-01-08 12:33 ` Dharmendra.T
2003-01-08 12:52 ` mdew
2003-01-08 14:24 ` Rob Sterenborg
2003-01-09 1:58 ` mdew
2003-01-09 2:41 ` mdew
2003-01-09 4:55 ` Dharmendra.T
2003-01-09 6:16 ` mdew
2003-01-09 6:26 ` Dharmendra.T
2003-01-09 6:45 ` mdew
2003-01-09 6:53 ` Dharmendra.T
2003-01-09 7:04 ` mdew
2003-01-09 8:04 ` Jörg Esser
2003-01-09 8:36 ` mdew
2003-01-09 8:11 ` Dharmendra.T
2003-01-09 8:24 ` mdew
2003-01-09 20:38 ` Athan
2003-01-09 8:21 ` Rob Sterenborg
2003-01-09 9:51 ` mdew
2003-01-09 10:35 ` Rob Sterenborg
2003-01-08 14:40 ` Rodrigo Hidalgo
2003-01-09 4:10 ` Dharmendra.T
2003-01-08 13:02 ` Robert Botha
2003-01-08 12:53 ` mdew
2003-01-08 13:54 ` Raymond Leach
[not found] <FD8F124A387AD6119F7900A0D218B321561E53@hslex01.hslbz.local>
2003-01-09 10:40 ` Rob Sterenborg
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox