* opening a port..
@ 2003-01-08 12:12 mdew
2003-01-08 12:33 ` Dharmendra.T
2003-01-08 12:53 ` mdew
0 siblings, 2 replies; 26+ messages in thread
From: mdew @ 2003-01-08 12:12 UTC (permalink / raw)
To: netfilter
Hi,
Just *testing* this out..
iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
yet, when i try to telnet to it,
mdew:~# telnet 127.0.0.1 4662
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Yeah I know I have lots of unnessary rules, but im only testing 'em...it
just seems a little strange that i cant see 4662 (Edonkey port) on the
router.
-mdew
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-08 12:12 opening a port mdew
@ 2003-01-08 12:33 ` Dharmendra.T
2003-01-08 12:52 ` mdew
2003-01-08 13:02 ` Robert Botha
2003-01-08 12:53 ` mdew
1 sibling, 2 replies; 26+ messages in thread
From: Dharmendra.T @ 2003-01-08 12:33 UTC (permalink / raw)
To: mdew; +Cc: netfilter
On Wed, 2003-01-08 at 17:42, mdew wrote:
>
> Hi,
> Just *testing* this out..
>
> iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
>
> iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
> iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
>
> yet, when i try to telnet to it,
>
> mdew:~# telnet 127.0.0.1 4662
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
>
> Yeah I know I have lots of unnessary rules, but im only testing 'em...it
> just seems a little strange that i cant see 4662 (Edonkey port) on the
> router.
>
> -mdew
>
>
Note:
telnet 127.0.0.1 port
This will not go through any of the interfaces(eth*). You should allow
this through -i lo.
Here some how you are getting connected and you are getting the response
connection refused. Probably you are not running the service on the
router!.
--
Dharmendra.T
Linux Enthu
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-08 12:33 ` Dharmendra.T
@ 2003-01-08 12:52 ` mdew
2003-01-08 14:24 ` Rob Sterenborg
` (2 more replies)
2003-01-08 13:02 ` Robert Botha
1 sibling, 3 replies; 26+ messages in thread
From: mdew @ 2003-01-08 12:52 UTC (permalink / raw)
To: Dharmendra.T; +Cc: netfilter
On Thu, 2003-01-09 at 01:33, Dharmendra.T wrote:
>
>
> On Wed, 2003-01-08 at 17:42, mdew wrote:
> >
> > Hi,
> > Just *testing* this out..
> >
> > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
> >
> > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
> >
> > yet, when i try to telnet to it,
> >
> > mdew:~# telnet 127.0.0.1 4662
> > Trying 127.0.0.1...
> > telnet: Unable to connect to remote host: Connection refused
> >
> > Yeah I know I have lots of unnessary rules, but im only testing 'em...it
> > just seems a little strange that i cant see 4662 (Edonkey port) on the
> > router.
> >
> > -mdew
> >
> >
> Note:
> telnet 127.0.0.1 port
>
> This will not go through any of the interfaces(eth*). You should allow
> this through -i lo.
>
> Here some how you are getting connected and you are getting the response
> connection refused. Probably you are not running the service on the
> router!.
>
> --
> Dharmendra.T
> Linux Enthu
>
ok, telnet from another machine to the router.
telnet 10.0.0.6 4662
Trying 10.0.0.6...
telnet: Unable to connect to remote host: Connection refused
what "service" should I be running? I simply want 4662 open both ways.
-mdew
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-08 12:12 opening a port mdew
2003-01-08 12:33 ` Dharmendra.T
@ 2003-01-08 12:53 ` mdew
2003-01-08 13:54 ` Raymond Leach
1 sibling, 1 reply; 26+ messages in thread
From: mdew @ 2003-01-08 12:53 UTC (permalink / raw)
To: mdew-pop3; +Cc: netfilter
On Thu, 2003-01-09 at 01:12, mdew wrote:
>
> Hi,
> Just *testing* this out..
>
> iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
> iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
> iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
> iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
>
> iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
> iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
> iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
> iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
>
> yet, when i try to telnet to it,
>
> mdew:~# telnet 127.0.0.1 4662
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
>
> Yeah I know I have lots of unnessary rules, but im only testing 'em...it
> just seems a little strange that i cant see 4662 (Edonkey port) on the
> router.
>
> -mdew
ok, from another machine->router. (same problem)
telnet 10.0.0.6 4662
Trying 10.0.0.6...
telnet: Unable to connect to remote host: Connection refused
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-08 12:33 ` Dharmendra.T
2003-01-08 12:52 ` mdew
@ 2003-01-08 13:02 ` Robert Botha
1 sibling, 0 replies; 26+ messages in thread
From: Robert Botha @ 2003-01-08 13:02 UTC (permalink / raw)
To: mdew; +Cc: netfilter
Check if the service is listening..and if it's listening on *:4662 or on a
specific interface.
netstat -tupln|grep ":4662"
----- Original Message -----
From: "Dharmendra.T" <dharmu@nsecure.net>
To: "mdew" <mdew@mdew.dyndns.org>
Cc: "netfilter" <netfilter@lists.netfilter.org>
Sent: Wednesday, January 08, 2003 2:33 PM
Subject: Re: opening a port..
>
>
> On Wed, 2003-01-08 at 17:42, mdew wrote:
> >
> > Hi,
> > Just *testing* this out..
> >
> > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
> >
> > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
> >
> > yet, when i try to telnet to it,
> >
> > mdew:~# telnet 127.0.0.1 4662
> > Trying 127.0.0.1...
> > telnet: Unable to connect to remote host: Connection refused
> >
> > Yeah I know I have lots of unnessary rules, but im only testing 'em...it
> > just seems a little strange that i cant see 4662 (Edonkey port) on the
> > router.
> >
> > -mdew
> >
> >
> Note:
> telnet 127.0.0.1 port
>
> This will not go through any of the interfaces(eth*). You should allow
> this through -i lo.
>
> Here some how you are getting connected and you are getting the response
> connection refused. Probably you are not running the service on the
> router!.
>
> --
> Dharmendra.T
> Linux Enthu
>
>
>
>
>
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-08 12:53 ` mdew
@ 2003-01-08 13:54 ` Raymond Leach
0 siblings, 0 replies; 26+ messages in thread
From: Raymond Leach @ 2003-01-08 13:54 UTC (permalink / raw)
To: mdew; +Cc: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 2514 bytes --]
On Wed, 2003-01-08 at 14:53, mdew wrote:
> On Thu, 2003-01-09 at 01:12, mdew wrote:
> >
> > Hi,
> > Just *testing* this out..
> >
> > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
> >
> > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
> > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
> >
> > yet, when i try to telnet to it,
> >
> > mdew:~# telnet 127.0.0.1 4662
> > Trying 127.0.0.1...
> > telnet: Unable to connect to remote host: Connection refused
> >
> > Yeah I know I have lots of unnessary rules, but im only testing 'em...it
> > just seems a little strange that i cant see 4662 (Edonkey port) on the
> > router.
> >
> > -mdew
>
> ok, from another machine->router. (same problem)
>
> telnet 10.0.0.6 4662
> Trying 10.0.0.6...
> telnet: Unable to connect to remote host: Connection refused
>
Connection refused means the router is not listening on that port ...
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o o
o o
.--. .--.
| o_o| |o_o |
| \_:| |:_/ |
/ / \\ // \ \
( | |) (| | )
/`\_ _/'\ /'\_ _/`\
\___)=(___/ \___)=(___/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-08 12:52 ` mdew
@ 2003-01-08 14:24 ` Rob Sterenborg
2003-01-09 1:58 ` mdew
2003-01-09 2:41 ` mdew
2003-01-08 14:40 ` Rodrigo Hidalgo
2003-01-09 4:10 ` Dharmendra.T
2 siblings, 2 replies; 26+ messages in thread
From: Rob Sterenborg @ 2003-01-08 14:24 UTC (permalink / raw)
To: netfilter
> ok, telnet from another machine to the router.
>
> telnet 10.0.0.6 4662
> Trying 10.0.0.6...
> telnet: Unable to connect to remote host: Connection refused
>
> what "service" should I be running? I simply want 4662 open both ways.
# netstat -an|grep 4662
should tell you if your box is listening at all on port 4662.
If you run eDonkey server on the firewall box, open port in the INPUT
chain.
If your eDonkey server is *behind* the firewall, open the port in the
FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain.
Rob
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-08 12:52 ` mdew
2003-01-08 14:24 ` Rob Sterenborg
@ 2003-01-08 14:40 ` Rodrigo Hidalgo
2003-01-09 4:10 ` Dharmendra.T
2 siblings, 0 replies; 26+ messages in thread
From: Rodrigo Hidalgo @ 2003-01-08 14:40 UTC (permalink / raw)
To: mdew; +Cc: netfilter
Hi,
I guess youre scenario is like this:
some_machine - - - Router - - - - server_maybe_not_existing(4662)
If you want to be able to get any positive respons you should do a
some_machine> telnet server_maybe_not_existing 4662
The router will not tell you the port is open.
Good Luck!
/r
On 9 Jan 2003, mdew wrote:
> Date: 09 Jan 2003 01:52:07 +1300
> From: mdew <mdew@mdew.dyndns.org>
> To: Dharmendra.T <dharmu@nsecure.net>
> Cc: netfilter <netfilter@lists.netfilter.org>
> Subject: Re: opening a port..
>
> On Thu, 2003-01-09 at 01:33, Dharmendra.T wrote:
> >
> >
> > On Wed, 2003-01-08 at 17:42, mdew wrote:
> > >
> > > Hi,
> > > Just *testing* this out..
> > >
> > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
> > >
> > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
> > >
> > > yet, when i try to telnet to it,
> > >
> > > mdew:~# telnet 127.0.0.1 4662
> > > Trying 127.0.0.1...
> > > telnet: Unable to connect to remote host: Connection refused
> > >
> > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it
> > > just seems a little strange that i cant see 4662 (Edonkey port) on the
> > > router.
> > >
> > > -mdew
> > >
> > >
> > Note:
> > telnet 127.0.0.1 port
> >
> > This will not go through any of the interfaces(eth*). You should allow
> > this through -i lo.
> >
> > Here some how you are getting connected and you are getting the response
> > connection refused. Probably you are not running the service on the
> > router!.
> >
> > --
> > Dharmendra.T
> > Linux Enthu
> >
> ok, telnet from another machine to the router.
>
> telnet 10.0.0.6 4662
> Trying 10.0.0.6...
> telnet: Unable to connect to remote host: Connection refused
>
> what "service" should I be running? I simply want 4662 open both ways.
>
> -mdew
>
>
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-08 14:24 ` Rob Sterenborg
@ 2003-01-09 1:58 ` mdew
2003-01-09 2:41 ` mdew
1 sibling, 0 replies; 26+ messages in thread
From: mdew @ 2003-01-09 1:58 UTC (permalink / raw)
To: Rob Sterenborg; +Cc: netfilter
On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote:
> > ok, telnet from another machine to the router.
> >
> > telnet 10.0.0.6 4662
> > Trying 10.0.0.6...
> > telnet: Unable to connect to remote host: Connection refused
> >
> > what "service" should I be running? I simply want 4662 open both ways.
>
> # netstat -an|grep 4662
> should tell you if your box is listening at all on port 4662.
>
> If you run eDonkey server on the firewall box, open port in the INPUT
> chain.
> If your eDonkey server is *behind* the firewall, open the port in the
> FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain.
the edonkey server is behind the firewall
210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662
iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
like that?
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-08 14:24 ` Rob Sterenborg
2003-01-09 1:58 ` mdew
@ 2003-01-09 2:41 ` mdew
2003-01-09 4:55 ` Dharmendra.T
2003-01-09 8:21 ` Rob Sterenborg
1 sibling, 2 replies; 26+ messages in thread
From: mdew @ 2003-01-09 2:41 UTC (permalink / raw)
To: Rob Sterenborg; +Cc: netfilter
On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote:
> > ok, telnet from another machine to the router.
> >
> > telnet 10.0.0.6 4662
> > Trying 10.0.0.6...
> > telnet: Unable to connect to remote host: Connection refused
> >
> > what "service" should I be running? I simply want 4662 open both ways.
>
> # netstat -an|grep 4662
> should tell you if your box is listening at all on port 4662.
>
> If you run eDonkey server on the firewall box, open port in the INPUT
> chain.
> If your eDonkey server is *behind* the firewall, open the port in the
> FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain.
the edonkey server is behind the firewall
210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662
iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
like that?
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-08 12:52 ` mdew
2003-01-08 14:24 ` Rob Sterenborg
2003-01-08 14:40 ` Rodrigo Hidalgo
@ 2003-01-09 4:10 ` Dharmendra.T
2 siblings, 0 replies; 26+ messages in thread
From: Dharmendra.T @ 2003-01-09 4:10 UTC (permalink / raw)
To: mdew; +Cc: netfilter
On Wed, 2003-01-08 at 18:22, mdew wrote:
> On Thu, 2003-01-09 at 01:33, Dharmendra.T wrote:
> >
> >
> > On Wed, 2003-01-08 at 17:42, mdew wrote:
> > >
> > > Hi,
> > > Just *testing* this out..
> > >
> > > iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
> > > iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
> > >
> > > iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
> > > iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
> > >
> > > yet, when i try to telnet to it,
> > >
> > > mdew:~# telnet 127.0.0.1 4662
> > > Trying 127.0.0.1...
> > > telnet: Unable to connect to remote host: Connection refused
> > >
> > > Yeah I know I have lots of unnessary rules, but im only testing 'em...it
> > > just seems a little strange that i cant see 4662 (Edonkey port) on the
> > > router.
> > >
> > > -mdew
> > >
> > >
> > Note:
> > telnet 127.0.0.1 port
> >
> > This will not go through any of the interfaces(eth*). You should allow
> > this through -i lo.
> >
> > Here some how you are getting connected and you are getting the response
> > connection refused. Probably you are not running the service on the
> > router!.
> >
> > --
> > Dharmendra.T
> > Linux Enthu
> >
> ok, telnet from another machine to the router.
>
> telnet 10.0.0.6 4662
> Trying 10.0.0.6...
> telnet: Unable to connect to remote host: Connection refused
>
> what "service" should I be running? I simply want 4662 open both ways.
>
> -mdew
>
Install nc and run
#nc -l -p 4662
And then try to connect. Some service should be running on the port else
you will get the same error message.
--
Dharmendra.T
Linux Enthu
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 2:41 ` mdew
@ 2003-01-09 4:55 ` Dharmendra.T
2003-01-09 6:16 ` mdew
2003-01-09 8:21 ` Rob Sterenborg
1 sibling, 1 reply; 26+ messages in thread
From: Dharmendra.T @ 2003-01-09 4:55 UTC (permalink / raw)
To: mdew; +Cc: Rob Sterenborg, netfilter
On Thu, 2003-01-09 at 08:11, mdew wrote:
> On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote:
> > > ok, telnet from another machine to the router.
> > >
> > > telnet 10.0.0.6 4662
> > > Trying 10.0.0.6...
> > > telnet: Unable to connect to remote host: Connection refused
> > >
> > > what "service" should I be running? I simply want 4662 open both ways.
> >
> > # netstat -an|grep 4662
> > should tell you if your box is listening at all on port 4662.
> >
> > If you run eDonkey server on the firewall box, open port in the INPUT
> > chain.
> > If your eDonkey server is *behind* the firewall, open the port in the
> > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain.
>
> the edonkey server is behind the firewall
>
> 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662
>
This should work without the last rule.
iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
>
> like that?
>
>
>
--
Dharmendra.T
Linux Enthu
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 4:55 ` Dharmendra.T
@ 2003-01-09 6:16 ` mdew
2003-01-09 6:26 ` Dharmendra.T
0 siblings, 1 reply; 26+ messages in thread
From: mdew @ 2003-01-09 6:16 UTC (permalink / raw)
To: Dharmendra.T; +Cc: Rob Sterenborg, netfilter
On Thu, 2003-01-09 at 17:55, Dharmendra.T wrote:
> On Thu, 2003-01-09 at 08:11, mdew wrote:
> > On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote:
> > > > ok, telnet from another machine to the router.
> > > >
> > > > telnet 10.0.0.6 4662
> > > > Trying 10.0.0.6...
> > > > telnet: Unable to connect to remote host: Connection refused
> > > >
> > > > what "service" should I be running? I simply want 4662 open both ways.
> > >
> > > # netstat -an|grep 4662
> > > should tell you if your box is listening at all on port 4662.
> > >
> > > If you run eDonkey server on the firewall box, open port in the INPUT
> > > chain.
> > > If your eDonkey server is *behind* the firewall, open the port in the
> > > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain.
> >
> > the edonkey server is behind the firewall
> >
> > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
> >
> > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662
> >
>
> This should work without the last rule.
>
> iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
> >
> > like that?
the router isnt picking this up..
mdew:~# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12
--dport 4662 -j DNAT --to 10.0.0.6:4662
mdew:~# iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j
ACCEPT
mdew:~# netstat -an|grep 4662
mdew:~#
mdew@nirvana:~$ nmap 10.0.0.6
Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
Interesting ports on debian (10.0.0.6):
(The 1598 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
110/tcp open pop-3
113/tcp open auth
135/tcp filtered loc-srv
139/tcp filtered netbios-ssn
8080/tcp open http-proxy
Nmap run completed -- 1 IP address (1 host up) scanned in 2.545 seconds
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 6:16 ` mdew
@ 2003-01-09 6:26 ` Dharmendra.T
2003-01-09 6:45 ` mdew
0 siblings, 1 reply; 26+ messages in thread
From: Dharmendra.T @ 2003-01-09 6:26 UTC (permalink / raw)
To: mdew; +Cc: netfilter
On Thu, 2003-01-09 at 11:46, mdew wrote:
> On Thu, 2003-01-09 at 17:55, Dharmendra.T wrote:
> > On Thu, 2003-01-09 at 08:11, mdew wrote:
> > > On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote:
> > > > > ok, telnet from another machine to the router.
> > > > >
> > > > > telnet 10.0.0.6 4662
> > > > > Trying 10.0.0.6...
> > > > > telnet: Unable to connect to remote host: Connection refused
> > > > >
> > > > > what "service" should I be running? I simply want 4662 open both ways.
> > > >
> > > > # netstat -an|grep 4662
> > > > should tell you if your box is listening at all on port 4662.
> > > >
> > > > If you run eDonkey server on the firewall box, open port in the INPUT
> > > > chain.
> > > > If your eDonkey server is *behind* the firewall, open the port in the
> > > > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain.
> > >
> > > the edonkey server is behind the firewall
> > >
> > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
> > >
> > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662
> > >
> >
> > This should work without the last rule.
> >
> > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
> > >
> > > like that?
>
> the router isnt picking this up..
>
> mdew:~# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12
> --dport 4662 -j DNAT --to 10.0.0.6:4662
> mdew:~# iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j
> ACCEPT
> mdew:~# netstat -an|grep 4662
> mdew:~#
>
> mdew@nirvana:~$ nmap 10.0.0.6
>
> Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
> Interesting ports on debian (10.0.0.6):
> (The 1598 ports scanned but not shown below are in state: closed)
> Port State Service
> 22/tcp open ssh
> 25/tcp open smtp
> 110/tcp open pop-3
> 113/tcp open auth
> 135/tcp filtered loc-srv
> 139/tcp filtered netbios-ssn
> 8080/tcp open http-proxy
>
> Nmap run completed -- 1 IP address (1 host up) scanned in 2.545 seconds
> >
>
As said you are not running any service on that port so the port is not
listening, Try the rules by listening a port using nc(netcat)
# nc -l -p 4662
And then run nmap. You should get listed this port!
--
Dharmendra.T
Linux Enthu
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 6:26 ` Dharmendra.T
@ 2003-01-09 6:45 ` mdew
2003-01-09 6:53 ` Dharmendra.T
0 siblings, 1 reply; 26+ messages in thread
From: mdew @ 2003-01-09 6:45 UTC (permalink / raw)
To: Dharmendra.T; +Cc: netfilter
On Thu, 2003-01-09 at 19:26, Dharmendra.T wrote:
> On Thu, 2003-01-09 at 11:46, mdew wrote:
> > On Thu, 2003-01-09 at 17:55, Dharmendra.T wrote:
> > > On Thu, 2003-01-09 at 08:11, mdew wrote:
> > > > On Thu, 2003-01-09 at 03:24, Rob Sterenborg wrote:
> > > > > > ok, telnet from another machine to the router.
> > > > > >
> > > > > > telnet 10.0.0.6 4662
> > > > > > Trying 10.0.0.6...
> > > > > > telnet: Unable to connect to remote host: Connection refused
> > > > > >
> > > > > > what "service" should I be running? I simply want 4662 open both ways.
> > > > >
> > > > > # netstat -an|grep 4662
> > > > > should tell you if your box is listening at all on port 4662.
> > > > >
> > > > > If you run eDonkey server on the firewall box, open port in the INPUT
> > > > > chain.
> > > > > If your eDonkey server is *behind* the firewall, open the port in the
> > > > > FORWARD chain, and add a DNAT rule in the nat table -> PREROUTING chain.
> > > >
> > > > the edonkey server is behind the firewall
> > > >
> > > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
> > > >
> > > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 --dport 4662 -j DNAT --to 10.0.0.6:4662
> > > >
> > >
> > > This should work without the last rule.
> > >
> > > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
> > > >
> > > > like that?
> >
> > the router isnt picking this up..
> >
> > mdew:~# iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12
> > --dport 4662 -j DNAT --to 10.0.0.6:4662
> > mdew:~# iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j
> > ACCEPT
> > mdew:~# netstat -an|grep 4662
> > mdew:~#
> >
> > mdew@nirvana:~$ nmap 10.0.0.6
> >
> > Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
> > Interesting ports on debian (10.0.0.6):
> > (The 1598 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 22/tcp open ssh
> > 25/tcp open smtp
> > 110/tcp open pop-3
> > 113/tcp open auth
> > 135/tcp filtered loc-srv
> > 139/tcp filtered netbios-ssn
> > 8080/tcp open http-proxy
> >
> > Nmap run completed -- 1 IP address (1 host up) scanned in 2.545 seconds
> > >
> >
>
> As said you are not running any service on that port so the port is not
> listening, Try the rules by listening a port using nc(netcat)
>
> # nc -l -p 4662
>
> And then run nmap. You should get listed this port!
>
> --
> Dharmendra.T
> Linux Enthu
mdew:~# nc -l -p 4662
ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~#
(some strange characters, then it quits)
mdew:~# netstat -an|grep 4662
mdew:~#
nirvana:/home/mdew# nmap 10.0.0.6
Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
Interesting ports on debian (10.0.0.6):
(The 1591 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
110/tcp open pop-3
111/tcp filtered sunrpc
113/tcp open auth
135/tcp filtered loc-srv
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
199/tcp filtered smux
826/tcp filtered unknown
953/tcp filtered rndc
8080/tcp open http-proxy
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 6:45 ` mdew
@ 2003-01-09 6:53 ` Dharmendra.T
2003-01-09 7:04 ` mdew
0 siblings, 1 reply; 26+ messages in thread
From: Dharmendra.T @ 2003-01-09 6:53 UTC (permalink / raw)
To: mdew; +Cc: netfilter
> >
> > # nc -l -p 4662
> >
> > And then run nmap. You should get listed this port!
> >
> > --
> > Dharmendra.T
> > Linux Enthu
>
> mdew:~# nc -l -p 4662
> ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~#
>
> (some strange characters, then it quits)
>
> mdew:~# netstat -an|grep 4662
> mdew:~#
>
> nirvana:/home/mdew# nmap 10.0.0.6
>
> Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
> Interesting ports on debian (10.0.0.6):
> (The 1591 ports scanned but not shown below are in state: closed)
> Port State Service
> 22/tcp open ssh
> 25/tcp open smtp
> 110/tcp open pop-3
> 111/tcp filtered sunrpc
> 113/tcp open auth
> 135/tcp filtered loc-srv
> 136/tcp filtered profile
> 137/tcp filtered netbios-ns
> 138/tcp filtered netbios-dgm
> 139/tcp filtered netbios-ssn
> 199/tcp filtered smux
> 826/tcp filtered unknown
> 953/tcp filtered rndc
> 8080/tcp open http-proxy
>
>
>
>
nc, I mean to say netcat.?
--
Dharmendra.T
Linux Enthu
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 6:53 ` Dharmendra.T
@ 2003-01-09 7:04 ` mdew
2003-01-09 8:04 ` Jörg Esser
2003-01-09 8:11 ` Dharmendra.T
0 siblings, 2 replies; 26+ messages in thread
From: mdew @ 2003-01-09 7:04 UTC (permalink / raw)
To: Dharmendra.T; +Cc: netfilter
On Thu, 2003-01-09 at 19:53, Dharmendra.T wrote:
> > >
> > > # nc -l -p 4662
> > >
> > > And then run nmap. You should get listed this port!
> > >
> > > --
> > > Dharmendra.T
> > > Linux Enthu
> >
> > mdew:~# nc -l -p 4662
> > ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~#
> >
> > (some strange characters, then it quits)
> >
> > mdew:~# netstat -an|grep 4662
> > mdew:~#
> >
> > nirvana:/home/mdew# nmap 10.0.0.6
> >
> > Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
> > Interesting ports on debian (10.0.0.6):
> > (The 1591 ports scanned but not shown below are in state: closed)
> > Port State Service
> > 22/tcp open ssh
> > 25/tcp open smtp
> > 110/tcp open pop-3
> > 111/tcp filtered sunrpc
> > 113/tcp open auth
> > 135/tcp filtered loc-srv
> > 136/tcp filtered profile
> > 137/tcp filtered netbios-ns
> > 138/tcp filtered netbios-dgm
> > 139/tcp filtered netbios-ssn
> > 199/tcp filtered smux
> > 826/tcp filtered unknown
> > 953/tcp filtered rndc
> > 8080/tcp open http-proxy
> >
> >
> >
> >
>
> nc, I mean to say netcat.?
it was netcat
apt-get install netcat
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-09 7:04 ` mdew
@ 2003-01-09 8:04 ` Jörg Esser
2003-01-09 8:36 ` mdew
2003-01-09 8:11 ` Dharmendra.T
1 sibling, 1 reply; 26+ messages in thread
From: Jörg Esser @ 2003-01-09 8:04 UTC (permalink / raw)
To: netfilter
mdew wrote:
>On Thu, 2003-01-09 at 19:53, Dharmendra.T wrote:
>
>
>>>># nc -l -p 4662
>>>>
>>>>And then run nmap. You should get listed this port!
>>>>
>>>>--
>>>>Dharmendra.T
>>>>Linux Enthu
>>>>
>>>>
>>>mdew:~# nc -l -p 4662
>>>ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~#
>>>
>>>(some strange characters, then it quits)
>>>
>>>mdew:~# netstat -an|grep 4662
>>>mdew:~#
>>>
>>>nirvana:/home/mdew# nmap 10.0.0.6
>>>
>>>
nmap -p4662 10.0.0.6
Should work better.
and a new version of nmap should work better, too.
I heard that when you use nmap as your way it picks just well known
ports (/etc/service file ?) and then you won´t get this special port if
its not in there.(Maybe I´m wrong)
>>>Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
>>>Interesting ports on debian (10.0.0.6):
>>>(The 1591 ports scanned but not shown below are in state: closed)
>>>Port State Service
>>>22/tcp open ssh
>>>25/tcp open smtp
>>>110/tcp open pop-3
>>>111/tcp filtered sunrpc
>>>113/tcp open auth
>>>135/tcp filtered loc-srv
>>>136/tcp filtered profile
>>>137/tcp filtered netbios-ns
>>>138/tcp filtered netbios-dgm
>>>139/tcp filtered netbios-ssn
>>>199/tcp filtered smux
>>>826/tcp filtered unknown
>>>953/tcp filtered rndc
>>>8080/tcp open http-proxy
>>>
>>>
>>>
>>>
>>>
>>>
>>nc, I mean to say netcat.?
>>
>>
>
>it was netcat
>
>apt-get install netcat
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 7:04 ` mdew
2003-01-09 8:04 ` Jörg Esser
@ 2003-01-09 8:11 ` Dharmendra.T
2003-01-09 8:24 ` mdew
1 sibling, 1 reply; 26+ messages in thread
From: Dharmendra.T @ 2003-01-09 8:11 UTC (permalink / raw)
To: mdew; +Cc: netfilter
it was netcat
>
> apt-get install netcat
>
>
try with netcat and let us know.
--
Dharmendra.T
Linux Enthu
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 2:41 ` mdew
2003-01-09 4:55 ` Dharmendra.T
@ 2003-01-09 8:21 ` Rob Sterenborg
2003-01-09 9:51 ` mdew
1 sibling, 1 reply; 26+ messages in thread
From: Rob Sterenborg @ 2003-01-09 8:21 UTC (permalink / raw)
To: netfilter
> > # netstat -an|grep 4662
> > should tell you if your box is listening at all on port 4662.
> >
> > If you run eDonkey server on the firewall box, open port in
> the INPUT
> > chain.
> > If your eDonkey server is *behind* the firewall, open the
> port in the
> > FORWARD chain, and add a DNAT rule in the nat table ->
> PREROUTING chain.
>
> the edonkey server is behind the firewall
>
> 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
>
> iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12
> --dport 4662 -j DNAT --to 10.0.0.6:4662
> iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
>
> like that?
If default policy for FORWARD is ACCEPT then it should work without the
FORWARD, else you need it.
For me such a setup works.
If you do a netstat -an on the eDonkey box (you don't need netcat to do
that) and it doesn't report 4662 then eDonkey is not running/listening
and you can never connect.
About opening ports for eDonkey, from the eDonkey website :
(http://www.edonkey2000.com/documentation/index.html)
====
2. Software Firewall
If you are running software like Norton Personal Firewall, Tiny
Firewall, Zone Alarm, BlackIce or <...snip...>
Alternatively, with some more advanced firewalls, or firewall settings
you will need to open ports 4661 and 4662 TCP for both incoming and out
going connections, as well as port 4665 UDP for both incoming and
outgoing connections.
3. Hardware firewall
Setting up your hardware firewall is a tad more difficult, but if you
have one chances are you know what your doing. You will need to set it
to allow both incoming and outgoing connections on 4661 & 4662 TCP and
port 4665 UDP.
====
So you need to open more ports than just 4662/tcp I think.
And IMHO you want a statefull packetfilter, if you haven't made it
already statefull.
(iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT)
Rob
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 8:11 ` Dharmendra.T
@ 2003-01-09 8:24 ` mdew
2003-01-09 20:38 ` Athan
0 siblings, 1 reply; 26+ messages in thread
From: mdew @ 2003-01-09 8:24 UTC (permalink / raw)
To: Dharmendra.T; +Cc: netfilter
On Thu, 2003-01-09 at 21:11, Dharmendra.T wrote:
> it was netcat
> >
> > apt-get install netcat
> >
> >
>
> try with netcat and let us know.
>
> --
> Dharmendra.T
> Linux Enthu
mdew:/bin# ls -al netcat
lrwxrwxrwx 1 root root 2 Jan 9 19:34 netcat -> nc
mdew:~# netcat -help
[v1.10]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-e prog program to exec after connect
[dangerous!!]
-b allow broadcasts
-g gateway source-routing hop point[s], up to 8
-G num source-routing pointer: 4, 8, 12, ...
-h this cruft
-i secs delay interval for lines sent, ports
scanned
-l listen mode, for inbound connects
-n numeric-only IP addresses, no DNS
-o file hex dump of traffic
-p port local port number
-r randomize local and remote ports
-q secs quit after EOF on stdin and delay of
secs
-s addr local source address
-t answer TELNET negotiation
-u UDP mode
-v verbose [use twice to be more verbose]
-w secs timeout for connects and final net reads
-z zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive]
mdew:~# netcat -p 4662
no destination
mdew:~# nc -l -p 4662
ã;ãÛûÇΨºUû×JüGâ°ødfg<øÁoÆmdew:~# netcat
Cmd line:
mdew:~# netcat -l -p 4662
ã;ãÛûÇΨºUû×JüGâ°ødfg<øÁoÆmdew:~# netcat -l -p 4662
ãP<H¹ogÝT'␉´\¾ä6▒http://emule-project.net<6ÁoÆmdew:~#
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-09 8:04 ` Jörg Esser
@ 2003-01-09 8:36 ` mdew
0 siblings, 0 replies; 26+ messages in thread
From: mdew @ 2003-01-09 8:36 UTC (permalink / raw)
To: Jörg Esser; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 2089 bytes --]
On Thu, 2003-01-09 at 21:04, Jörg Esser wrote:
>
>
> mdew wrote:
>
> >On Thu, 2003-01-09 at 19:53, Dharmendra.T wrote:
> >
> >
> >>>># nc -l -p 4662
> >>>>
> >>>>And then run nmap. You should get listed this port!
> >>>>
> >>>>--
> >>>>Dharmendra.T
> >>>>Linux Enthu
> >>>>
> >>>>
> >>>mdew:~# nc -l -p 4662
> >>>ãP<H¹ogÝT'b´\Y6▒http://emule-project.net<6Ñ~ÖEmdew:~#
> >>>
> >>>(some strange characters, then it quits)
> >>>
> >>>mdew:~# netstat -an|grep 4662
> >>>mdew:~#
> >>>
> >>>nirvana:/home/mdew# nmap 10.0.0.6
> >>>
> >>>
> nmap -p4662 10.0.0.6
hmm
with all the changes it still cant see it
nirvana:/home/mdew# nmap -p4662 10.0.0.6
Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
The 1 scanned port on debian (10.0.0.6) is: closed
Nmap run completed -- 1 IP address (1 host up) scanned in 0.319 seconds
> Should work better.
> and a new version of nmap should work better, too.
> I heard that when you use nmap as your way it picks just well known
> ports (/etc/service file ?) and then you won´t get this special port if
> its not in there.(Maybe I´m wrong)
>
> >>>Starting nmap V. 3.10ALPHA4 ( www.insecure.org/nmap/ )
> >>>Interesting ports on debian (10.0.0.6):
> >>>(The 1591 ports scanned but not shown below are in state: closed)
> >>>Port State Service
> >>>22/tcp open ssh
> >>>25/tcp open smtp
> >>>110/tcp open pop-3
> >>>111/tcp filtered sunrpc
> >>>113/tcp open auth
> >>>135/tcp filtered loc-srv
> >>>136/tcp filtered profile
> >>>137/tcp filtered netbios-ns
> >>>138/tcp filtered netbios-dgm
> >>>139/tcp filtered netbios-ssn
> >>>199/tcp filtered smux
> >>>826/tcp filtered unknown
> >>>953/tcp filtered rndc
> >>>8080/tcp open http-proxy
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>nc, I mean to say netcat.?
> >>
> >>
> >
> >it was netcat
> >
> >apt-get install netcat
> >
> >
> >
> >
> >
> >
>
>
>
[-- Attachment #2: iptable_list.txt --]
[-- Type: text/plain, Size: 11602 bytes --]
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp
REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp spt:auth
ACCEPT tcp -- anywhere anywhere tcp spt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:4661
ACCEPT udp -- anywhere anywhere udp dpt:4661
ACCEPT udp -- anywhere anywhere udp dpt:4661
ACCEPT tcp -- anywhere anywhere tcp dpt:4661
ACCEPT tcp -- anywhere anywhere tcp spt:4661
ACCEPT udp -- anywhere anywhere udp spt:4661
ACCEPT udp -- anywhere anywhere udp spt:4661
ACCEPT tcp -- anywhere anywhere tcp spt:4661
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4662
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT tcp -- anywhere anywhere tcp spt:4662
ACCEPT udp -- anywhere anywhere udp spt:4662
ACCEPT udp -- anywhere anywhere udp spt:4662
ACCEPT tcp -- anywhere anywhere tcp spt:4662
ACCEPT tcp -- anywhere anywhere tcp dpt:4665
ACCEPT udp -- anywhere anywhere udp dpt:4665
ACCEPT udp -- anywhere anywhere udp dpt:4665
ACCEPT tcp -- anywhere anywhere tcp dpt:4665
ACCEPT tcp -- anywhere anywhere tcp spt:4665
ACCEPT udp -- anywhere anywhere udp spt:4665
ACCEPT udp -- anywhere anywhere udp spt:4665
ACCEPT tcp -- anywhere anywhere tcp spt:4665
REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:netbios-ns:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp spt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp spt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:auth
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT tcp -- paul. anywhere tcp dpt:4665 limit: avg 1/hour burst 5
ACCEPT udp -- paul. anywhere udp dpt:4665 limit: avg 1/hour burst 5
ACCEPT udp -- paul. anywhere udp spt:4665 limit: avg 1/hour burst 5
ACCEPT tcp -- paul. anywhere tcp spt:4665 limit: avg 1/hour burst 5
ACCEPT tcp -- anywhere anywhere tcp dpt:4661
ACCEPT tcp -- anywhere anywhere tcp dpt:4661
ACCEPT udp -- anywhere anywhere udp dpt:4661
ACCEPT udp -- anywhere anywhere udp dpt:4661
ACCEPT udp -- anywhere anywhere udp spt:4661
ACCEPT udp -- anywhere anywhere udp spt:4661
ACCEPT tcp -- anywhere anywhere tcp spt:4661
ACCEPT tcp -- anywhere anywhere tcp spt:4661
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4662
ACCEPT udp -- anywhere anywhere udp spt:4662
ACCEPT udp -- anywhere anywhere udp spt:4662
ACCEPT tcp -- anywhere anywhere tcp spt:4662
ACCEPT tcp -- anywhere anywhere tcp spt:4662
ACCEPT tcp -- anywhere anywhere tcp dpt:4665
ACCEPT tcp -- anywhere anywhere tcp dpt:4665
ACCEPT udp -- anywhere anywhere udp dpt:4665
ACCEPT udp -- anywhere anywhere udp dpt:4665
ACCEPT udp -- anywhere anywhere udp spt:4665
ACCEPT udp -- anywhere anywhere udp spt:4665
ACCEPT tcp -- anywhere anywhere tcp spt:4665
ACCEPT tcp -- anywhere anywhere tcp spt:4665
REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:111 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:smux reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:826 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:953 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere 10.0.0.6 tcp dpt:4662
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spts:135:netbios-ssn reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spts:135:netbios-ssn reject-w
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 8:21 ` Rob Sterenborg
@ 2003-01-09 9:51 ` mdew
2003-01-09 10:35 ` Rob Sterenborg
0 siblings, 1 reply; 26+ messages in thread
From: mdew @ 2003-01-09 9:51 UTC (permalink / raw)
To: Rob Sterenborg; +Cc: netfilter
On Thu, 2003-01-09 at 21:21, Rob Sterenborg wrote:
> > > # netstat -an|grep 4662
> > > should tell you if your box is listening at all on port 4662.
> > >
> > > If you run eDonkey server on the firewall box, open port in
> > the INPUT
> > > chain.
> > > If your eDonkey server is *behind* the firewall, open the
> > port in the
> > > FORWARD chain, and add a DNAT rule in the nat table ->
> > PREROUTING chain.
> >
> > the edonkey server is behind the firewall
> >
> > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x
> >
> > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12
> > --dport 4662 -j DNAT --to 10.0.0.6:4662
> > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT
> >
> > like that?
>
> If default policy for FORWARD is ACCEPT then it should work without the
> FORWARD, else you need it.
>
> For me such a setup works.
>
> If you do a netstat -an on the eDonkey box (you don't need netcat to do
> that) and it doesn't report 4662 then eDonkey is not running/listening
> and you can never connect.
>
> About opening ports for eDonkey, from the eDonkey website :
> (http://www.edonkey2000.com/documentation/index.html)
> ====
> 2. Software Firewall
> If you are running software like Norton Personal Firewall, Tiny
> Firewall, Zone Alarm, BlackIce or <...snip...>
> Alternatively, with some more advanced firewalls, or firewall settings
> you will need to open ports 4661 and 4662 TCP for both incoming and out
> going connections, as well as port 4665 UDP for both incoming and
> outgoing connections.
>
> 3. Hardware firewall
> Setting up your hardware firewall is a tad more difficult, but if you
> have one chances are you know what your doing. You will need to set it
> to allow both incoming and outgoing connections on 4661 & 4662 TCP and
> port 4665 UDP.
> ====
> So you need to open more ports than just 4662/tcp I think.
> And IMHO you want a statefull packetfilter, if you haven't made it
> already statefull.
> (iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT)
>
>
> Rob
>
>
ok heres my current script, yes its inefficient, but thats not the major
problem.. 4662 port :/ I relise that theres more ports available for
edonkey to use, but opening ONE port would be a start.
i added "iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j
ACCEPT" without anything happening...
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_irc
/sbin/modprobe ip_nat_ftp
# <<<<< COMPLETE-BLOCKAGE SMB/Samba Traffic >>>>>
iptables -A FORWARD -o eth1 -p tcp --dport 135:139 -j REJECT
iptables -A FORWARD -o eth1 -p udp --dport 135:139 -j REJECT
iptables -A FORWARD -o eth1 -p tcp --sport 135:139 -j REJECT
iptables -A FORWARD -o eth1 -p udp --sport 135:139 -j REJECT
iptables -A FORWARD -o eth0 -p tcp --dport 135:139 -j REJECT
iptables -A FORWARD -o eth0 -p tcp --sport 135:139 -j REJECT
iptables -A FORWARD -o eth0 -p udp --sport 135:139 -j REJECT
iptables -A FORWARD -o eth0 -p udp --dport 135:139 -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 135:139 -j REJECT
iptables -A INPUT -i eth0 -p udp --dport 135:139 -j REJECT
iptables -A INPUT -i eth0 -p tcp --sport 135:139 -j REJECT
iptables -A INPUT -i eth0 -p udp --sport 135:139 -j REJECT
iptables -A INPUT -i eth1 -p tcp --dport 135:139 -j REJECT
iptables -A INPUT -i eth1 -p udp --dport 135:139 -j REJECT
iptables -A INPUT -i eth1 -p tcp --sport 135:139 -j REJECT
iptables -A INPUT -i eth1 -p udp --sport 135:139 -j REJECT
iptables -A OUTPUT -o eth0 -p tcp --dport 135:139 -j REJECT
iptables -A OUTPUT -o eth0 -p udp --dport 135:139 -j REJECT
iptables -A OUTPUT -o eth0 -p tcp --sport 135:139 -j REJECT
iptables -A OUTPUT -o eth0 -p udp --sport 135:139 -j REJECT
iptables -A OUTPUT -o eth1 -p tcp --dport 135:139 -j REJECT
iptables -A OUTPUT -o eth1 -p udp --dport 135:139 -j REJECT
iptables -A OUTPUT -o eth1 -p tcp --sport 135:139 -j REJECT
iptables -A OUTPUT -o eth1 -p udp --sport 135:139 -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 113 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 113 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 113 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 113 -j ACCEPT
iptables -A FORWARD -p tcp --dport auth -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --sport auth -i eth0 -j ACCEPT
iptables -A FORWARD -p tcp --dport auth -i eth1 -j ACCEPT
iptables -A FORWARD -p tcp --sport auth -i eth1 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --dport 113 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --dport 113 -j ACCEPT
iptables -A FORWARD -i eth0 -p tcp --dport 113 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 113 -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.9 --dport 4665 -m limit --limit
1/hour -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.9 --dport 4665 -m limit --limit
1/hour -j ACCEPT
iptables -A FORWARD -p udp -s 10.0.0.9 --sport 4665 -m limit --limit
1/hour -j ACCEPT
iptables -A FORWARD -p tcp -s 10.0.0.9 --sport 4665 -m limit --limit
1/hour -j ACCEPT
# Block Outside the Network
iptables -A FORWARD -o eth0 -p tcp --dport 111 -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 111 -j REJECT
iptables -A FORWARD -o eth0 -p tcp --dport 199 -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 199 -j REJECT
iptables -A FORWARD -o eth0 -p tcp --dport 826 -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 826 -j REJECT
iptables -A FORWARD -o eth0 -p tcp --dport 953 -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 953 -j REJECT
# Block Inside the Network
iptables -A FORWARD -o eth1 -p tcp --dport 111 -j REJECT
iptables -A INPUT -i eth1 -p tcp --dport 111 -j REJECT
iptables -A FORWARD -o eth1 -p tcp --dport 199 -j REJECT
iptables -A INPUT -i eth1 -p tcp --dport 199 -j REJECT
iptables -A FORWARD -o eth1 -p tcp --dport 826 -j REJECT
iptables -A INPUT -i eth1 -p tcp --dport 826 -j REJECT
iptables -A INPUT -i eth1 -p tcp --dport 953 -j REJECT
iptables -A INPUT -i eth0 -p tcp --dport 4661 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 4661 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport 4661 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 4661 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 4661 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --sport 4661 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 4661 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 4661 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --dport 4661 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --dport 4661 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --dport 4661 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --dport 4661 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --sport 4661 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --sport 4661 -j ACCEPT
ptables -A FORWARD -o eth0 -p tcp --sport 4661 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 4662 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --sport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --dport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --sport 4662 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --sport 4662 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 4665 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 4665 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --dport 4665 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --dport 4665 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --sport 4665 -j ACCEPT
iptables -A INPUT -i eth1 -p udp --sport 4665 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --sport 4665 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 4665 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --dport 4665 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --dport 4665 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --dport 4665 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --dport 4665 -j ACCEPT
iptables -A FORWARD -o eth0 -p udp --sport 4665 -j ACCEPT
iptables -A FORWARD -o eth1 -p udp --sport 4665 -j ACCEPT
iptables -A FORWARD -o eth1 -p tcp --sport 4665 -j ACCEPT
iptables -A FORWARD -o eth0 -p tcp --sport 4665 -j ACCEPT
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
2003-01-09 9:51 ` mdew
@ 2003-01-09 10:35 ` Rob Sterenborg
0 siblings, 0 replies; 26+ messages in thread
From: Rob Sterenborg @ 2003-01-09 10:35 UTC (permalink / raw)
Cc: netfilter
> ok heres my current script, yes its inefficient, but thats
> not the major problem.. 4662 port :/ I relise that theres
> more ports available for edonkey to use, but opening ONE port
> would be a start.
>
> i added "iptables -A FORWARD -m state --state
> RELATED,ESTABLISHED -j ACCEPT" without anything happening...
>
<snip>
> iptables -A FORWARD -o eth1 -p udp --dport 4665 -j ACCEPT
> iptables -A FORWARD -o eth0 -p udp --dport 4665 -j ACCEPT
> iptables -A FORWARD -o eth0 -p udp --sport 4665 -j ACCEPT
> iptables -A FORWARD -o eth1 -p udp --sport 4665 -j ACCEPT
> iptables -A FORWARD -o eth1 -p tcp --sport 4665 -j ACCEPT
> iptables -A FORWARD -o eth0 -p tcp --sport 4665 -j ACCEPT
>
Okay, let's leave these rules alone for a moment.
*IS* your eDonkey server running/listening. If you do a netstat -an *on
the machine that's supposed to be running eDonkey* (you don't need
netcat to do this) then it must report one (or more) ports belonging to
eDonkey as listening .
If not, you can try whatever you want but it won't work ; you will never
connect, not even local. Forwarding is not going to help you then and
AFAIK you can't test if forwarding is working (which doesn't say it's
impossible ; I just don't know how).
Besides, going back to the ruleset, I don't see an "echo 1 >
/proc/sys/net/ipv4/ip_forward". You may have setup the rules correctly
but it's not going to forward anything untill you did the above "echo".
Rob
^ permalink raw reply [flat|nested] 26+ messages in thread
* Re: opening a port..
2003-01-09 8:24 ` mdew
@ 2003-01-09 20:38 ` Athan
0 siblings, 0 replies; 26+ messages in thread
From: Athan @ 2003-01-09 20:38 UTC (permalink / raw)
To: mdew; +Cc: Dharmendra.T, netfilter
[-- Attachment #1: Type: text/plain, Size: 870 bytes --]
On Thu, Jan 09, 2003 at 09:24:32PM +1300, mdew wrote:
> mdew:~# netcat -p 4662
> no destination
> mdew:~# nc -l -p 4662
> ??;??????????????U????J??G??????dfg<????o??mdew:~# netcat
> Cmd line:
> mdew:~# netcat -l -p 4662
> ??;??????????????U????J??G??????dfg<????o??mdew:~# netcat -l -p 4662
> ??P<H??og??T'?????\????6???http://emule-project.net<6??o??mdew:~#
I suspect you'll find that's other eDonkey clients connecting to the
netcat ;). Why not just make SURE you're running the client for testing
this? You'll know when it's working as the eDonkey client will have
clients connecting.
-Ath
--
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
Finger athan(at)fysh.org for PGP key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]
^ permalink raw reply [flat|nested] 26+ messages in thread
* RE: opening a port..
[not found] <FD8F124A387AD6119F7900A0D218B321561E53@hslex01.hslbz.local>
@ 2003-01-09 10:40 ` Rob Sterenborg
0 siblings, 0 replies; 26+ messages in thread
From: Rob Sterenborg @ 2003-01-09 10:40 UTC (permalink / raw)
To: 'Jörg Esser', 'netfilter'
> I heard that when you use nmap as your way it picks just well known
> ports (/etc/service file ?) and then you won´t get this
> special port if
> its not in there.(Maybe I´m wrong)
I have a /usr/share/nmap/nmap-services file. I think nmap is picking
that file to scan for services. It's more detailed than /etc/services,
but indeed it doesn't include eDonkey ports.
Rob
^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2003-01-09 20:38 UTC | newest]
Thread overview: 26+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-01-08 12:12 opening a port mdew
2003-01-08 12:33 ` Dharmendra.T
2003-01-08 12:52 ` mdew
2003-01-08 14:24 ` Rob Sterenborg
2003-01-09 1:58 ` mdew
2003-01-09 2:41 ` mdew
2003-01-09 4:55 ` Dharmendra.T
2003-01-09 6:16 ` mdew
2003-01-09 6:26 ` Dharmendra.T
2003-01-09 6:45 ` mdew
2003-01-09 6:53 ` Dharmendra.T
2003-01-09 7:04 ` mdew
2003-01-09 8:04 ` Jörg Esser
2003-01-09 8:36 ` mdew
2003-01-09 8:11 ` Dharmendra.T
2003-01-09 8:24 ` mdew
2003-01-09 20:38 ` Athan
2003-01-09 8:21 ` Rob Sterenborg
2003-01-09 9:51 ` mdew
2003-01-09 10:35 ` Rob Sterenborg
2003-01-08 14:40 ` Rodrigo Hidalgo
2003-01-09 4:10 ` Dharmendra.T
2003-01-08 13:02 ` Robert Botha
2003-01-08 12:53 ` mdew
2003-01-08 13:54 ` Raymond Leach
[not found] <FD8F124A387AD6119F7900A0D218B321561E53@hslex01.hslbz.local>
2003-01-09 10:40 ` Rob Sterenborg
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.