From: Jason Opperisano <opie@817west.com>
To: netfilter@lists.netfilter.org
Subject: Re: Shareaza and IPtables
Date: Sun, 14 Nov 2004 12:32:23 -0500 [thread overview]
Message-ID: <20041114173223.GA1071@bender.817west.com> (raw)
In-Reply-To: <20041114041647.120.qmail@web40727.mail.yahoo.com>
On Sat, Nov 13, 2004 at 08:16:47PM -0800, Tasha Smith wrote:
> Hii Everyone,
>
> I am running Shareza(P2P) program on my laptop behind my Router/Firewall running
> Linix 7.3 and Iptables 1.2.7a. Iam trying to open up port 6346 on my firewall so
> it forwards it to my laptop where Sharaza is running. My OUTBOUND rule is
> already sent to ACCEPT
> # Set the default policy to drop.
> $iptables --policy INPUT DROP
> $iptables --policy FORWARD DROP
> $iptables --policy OUTPUT ACCEPT
the OUTPUT chain covers packets originating from the firewall
itself--your FORWARD policy; which covers packets routed through the
firewall, is set to DROP.
> $iptables -t nat --policy PREROUTING ACCEPT
> $iptables -t nat --policy OUTPUT ACCEPT
> $iptables -t nat --policy POSTROUTING ACCEPT
>
> Here is Shareza's connection test the i keep timing out on.
> http://www.crucial-forums.com/connectiontest/
>
> I have Shareza's port configured to 6346.
> My firewall rule that i thought should work but are not are here. This is for
> emule as well. Any help guys to get this going. I googled but couldnt find
> anything really useful on this.
something useful would be to clue us into whether eth1 is internal or
external--i'm going to *assume* it's internal and eth0 is external...
> #My rules for EMULE;
> $iptables -A INPUT -p tcp --dport 4662 -j ACCEPT
> $iptables -A OUTPUT -p tcp -m multiport --sport 4661,4662 -j ACCEPT
> $iptables -t nat -A PREROUTING -p tcp --dport 4662 -j DNAT --to 192.168.0.69
how's about a NAT rule for shareaza?
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 6346 \
-j DNAT --to-destination $LAPTOP_IP
> #These are my Forwarding rules.
> $iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp -m multiport --dport 25,80,110,443 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp --dport 21 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp --dport 22 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp -m multiport --dport
> 1040,1043,1046,1047,1048,1050,1051,1052,1053,1054 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p udp --dport 500 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p 50 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p 51 -j ACCEPT
> #$iptables -A FORWARD -i eth1 -p udp --dport 10000 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p udp --dport 1863 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp --dport 1863 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp -m multiport --dport 135,137,138,139 -j
> ACCEPT
> $iptables -A FORWARD -i eth1 -p udp -m multiport --dport 135,137,138,139 -j
> ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp --dport 1214 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p udp --dport 1214 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p udp --dport 2644 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp --dport 3389 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p udp --dport 3389 -j ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp -m multiport --dport 6344,6345,6346,6347 -j
> ACCEPT
> $iptables -A FORWARD -i eth1 -p udp -m multiport --dport 6344,6345,6346,6347 -j
> ACCEPT
> $iptables -A FORWARD -i eth1 -p tcp -m multiport --dport 4242,4661,4662 -j
> ACCEPT
> $iptables -A FORWARD -i eth1 -p udp -m multiport --dport 4661,4662,4772 -j
> ACCEPT
> $iptables -A FORWARD -p tcp --dport 4662 -i eth0 -o eth1 -j ACCEPT
> $iptables -A FORWARD -p udp --dport 4662 -i eth0 -o eth1 -j ACCEPT
how's about a rule for shareaza?
iptables -A FORWARD -i eth0 -o eth1 -p tcp \
--dport 6346 -d $LAPTOP_IP -j ACCEPT
> # Enables Packet Forwarding
> $iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
-j
--
Jason Opperisano <opie@817west.com>
next prev parent reply other threads:[~2004-11-14 17:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-14 4:16 Shareaza and IPtables Tasha Smith
2004-11-14 17:32 ` Jason Opperisano [this message]
2004-11-14 18:06 ` Lopsch
2004-11-14 21:05 ` Tasha Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20041114173223.GA1071@bender.817west.com \
--to=opie@817west.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox