Security - Emule + Firewall Johnbhoy - Nov 07, 2004 - 08:58 PM Post subject: Emule + Firewall
Hello
Have read the other posts serveral times re this. Trying to get Emule to work on two pcs i have in the house. THey both work fine with no firewall but have problems when using firewalls. I have tried adopting other peoples scripts etc but there are a few things i am unsure of.
Using the script below i can connect to emule on the ED2K link but the KAD link is not working for some reason. I have changed the preferences connection on enule to 49128 for tcp and 49130 for udp. I know i am dropping packets on udp ports 4672 and 5672 and i thin k this is where the problem is but i have not idea how to remedy this.
# Minimum firewall script - 07/05/04
# For DSL router
# Allow no incoming connections, all outgoing, and
# specified UDP ports for SNTP, DNS, L2TP, DHCP, traceroute,
# IPSec, IKE, FTP, POP3 and ICMP.
# Flush all existing filters
remote ipfilter flush input internet
remote ipfilter flush output internet
remote ipfilter flush transmit internet
remote ipfilter flush receive internet
eth ip filter flush input 0
eth ip filter flush output 0
eth ip filter flush transmit 0
eth ip filter flush receive 0
# Emule for John files client and server
remote ipfilter append input accept -p tcp -sp 49120:49150 internet
remote ipfilter append output accept -p tcp -dp 49120:49150 internet
remote ipfilter append input accept -p tcp -dp 49120:49150 internet
remote ipfilter append output accept -p tcp -sp 49120:49150 internet
# Emule for Scott files client and server
remote ipfilter append input accept -p tcp -sp 52750:52780 internet
remote ipfilter append output accept -p tcp -dp 52750:52780 internet
remote ipfilter append input accept -p tcp -dp 52750:52780 internet
remote ipfilter append output accept -p tcp -sp 52750:52780 internet
# No incoming connections, allow all other TCP
remote ipfilter append input drop -p tcp -tcp syn internet
remote ipfilter append input accept -p tcp internet
remote ipfilter append output accept -p tcp internet
# SNTP
# - allow requests and responses to the router only
#
remote ipfilter append receive accept -p udp -dp 8123 -sp 123 internet
remote ipfilter append transmit accept -p udp -dp 123 -sp 8123 internet
remote ipfilter append input accept -p udp -sp 123 internet
remote ipfilter append output accept -p udp -dp 123 internet
eth ip filter append output drop -p udp -sp 123 0
eth ip filter append output drop -p udp -dp 123 0
# DNS
remote ipfilter append input accept -p udp -sp 53 internet
remote ipfilter append output accept -p udp -dp 53 internet
# Drop all other traffic not listed above
remote ipfilter append input drop internet
remote ipfilter append output drop internet
# Turn on ip filter watch for debugging
remote ipfilter watch on internet
save
I am using Nat and dhcp and think i have forward the relevant ports to the pcs so i am a bit stuck as to why its not working.
I run the test on the emule website and my tcp connection is fine but the udp fails.
Anyhelp with this would be much appreciated
eusty - Nov 07, 2004 - 09:38 PM Post subject: RE: Emule + Firewall
You have specified TCP connections to be allowed, but no UDP.
I'm don't use emule, but you need to allow UDP on ports 4672 and 5672 in both directions if you think that is the problem.
remote ipfilter append input accept -p udp -sp xxx internet
remote ipfilter append output accept -p udp -dp xxx internetJohnbhoy - Nov 07, 2004 - 10:53 PM Post subject: RE: Emule + Firewall
Thank you.
I did notice that myself after posting. Have gone through it again and added the appropriate lines. Have now got them both connecting so all it sweet.
One questions though that i can't seem to find an answer for.
Will only allowing a certain amount of ports (via the fireall) slow things down in emule (or any file sharing application). The reason i ask as my flatmate is convinced that emule is running slower with the firewall on. IE does it make a difference that when the firewall is on, it only allows access to certain amount of ports for tcp and udp, but when its not on, emule can access any ports if wants to thus increasing the amount of sources for downloads.
I would have thought the fact that the router only forwards the ports that are required would not have made a difference to the amount of sources for downloads.
Again if that makes any sense and you have idea.Ta
eusty - Nov 08, 2004 - 06:38 AM Post subject: RE: Emule + Firewall
It might possibly have an effect, an idea would to be to make two scripts, one which is emule friendly and another to use when you are not using emule.