|
| Author |
Message |
Johnbhoy
|
|
Post subject: Emule + Firewall
 Posted: Nov 07, 2004 - 08:58 PM
|
|
Starting Bug
Joined: Nov 07, 2004
Posts: 2
Status: Offline
|
|
Hello
Have read the other posts serveral times re this. Trying to get Emule to work on two pcs i have in the house. THey both work fine with no firewall but have problems when using firewalls. I have tried adopting other peoples scripts etc but there are a few things i am unsure of.
Using the script below i can connect to emule on the ED2K link but the KAD link is not working for some reason. I have changed the preferences connection on enule to 49128 for tcp and 49130 for udp. I know i am dropping packets on udp ports 4672 and 5672 and i thin k this is where the problem is but i have not idea how to remedy this.
# Minimum firewall script - 07/05/04
# For DSL router
# Allow no incoming connections, all outgoing, and
# specified UDP ports for SNTP, DNS, L2TP, DHCP, traceroute,
# IPSec, IKE, FTP, POP3 and ICMP.
# Flush all existing filters
remote ipfilter flush input internet
remote ipfilter flush output internet
remote ipfilter flush transmit internet
remote ipfilter flush receive internet
eth ip filter flush input 0
eth ip filter flush output 0
eth ip filter flush transmit 0
eth ip filter flush receive 0
# Ident
remote ipfilter append input accept -p tcp -dp 113 internet
remote ipfilter append output accept -p tcp -sp 113 internet
remote ipfilter append input accept -p tcp -sp 113 internet
remote ipfilter append output accept -p tcp -dp 113 internet
# Emule for John files client and server
remote ipfilter append input accept -p tcp -sp 49120:49150 internet
remote ipfilter append output accept -p tcp -dp 49120:49150 internet
remote ipfilter append input accept -p tcp -dp 49120:49150 internet
remote ipfilter append output accept -p tcp -sp 49120:49150 internet
# Emule for Scott files client and server
remote ipfilter append input accept -p tcp -sp 52750:52780 internet
remote ipfilter append output accept -p tcp -dp 52750:52780 internet
remote ipfilter append input accept -p tcp -dp 52750:52780 internet
remote ipfilter append output accept -p tcp -sp 52750:52780 internet
# No incoming connections, allow all other TCP
remote ipfilter append input drop -p tcp -tcp syn internet
remote ipfilter append input accept -p tcp internet
remote ipfilter append output accept -p tcp internet
# SNTP
# - allow requests and responses to the router only
#
remote ipfilter append receive accept -p udp -dp 8123 -sp 123 internet
remote ipfilter append transmit accept -p udp -dp 123 -sp 8123 internet
remote ipfilter append input accept -p udp -sp 123 internet
remote ipfilter append output accept -p udp -dp 123 internet
eth ip filter append output drop -p udp -sp 123 0
eth ip filter append output drop -p udp -dp 123 0
# DNS
remote ipfilter append input accept -p udp -sp 53 internet
remote ipfilter append output accept -p udp -dp 53 internet
# L2TP
remote ipfilter append input accept -p udp -sp 1701 internet
remote ipfilter append output accept -p udp -dp 1701 internet
# POP3
remote ipfilter append input accept -p tcp -sp 110 internet
remote ipfilter append output accept -p tcp -dp 110 internet
# FTP
remote ipfilter append input accept -p tcp -sp 20:21 internet
remote ipfilter append output accept -p tcp -dp 20:21 internet
# DHCP
remote ipfilter append input accept -p udp -sp 67 internet
remote ipfilter append output accept -p udp -dp 67 internet
# Allow ICMP Echo Reply, Dest Unreachable, Echo Requests,
# and Time Exceeded from the WAN
remote ipfilter append input accept -p icmp -sp 0 internet
remote ipfilter append input accept -p icmp -sp 3 internet
remote ipfilter append input accept -p icmp -sp 8 internet
remote ipfilter append input accept -p icmp -sp 11 internet
# Allow ICMP Echo Reply, Echo Request to the WAN
remote ipfilter append output accept -p icmp -sp 0 internet
remote ipfilter append output accept -p icmp -sp 8 internet
# Allow traceroute
remote ipfilter append output accept -p udp -dp 33434:33500 -sp 1024:65535 internet
# Allow IPSec, IKE packets
remote ipfilter append input accept -p udp -sp 500 -dp 500 internet
remote ipfilter append input accept -p 50 internet
remote ipfilter append input accept -p 51 internet
remote ipfilter append output accept -p udp -sp 500 -dp 500 internet
remote ipfilter append output accept -p 50 internet
remote ipfilter append output accept -p 51 internet
# IRC
remote ipfilter append input accept -p tcp -dp 6667 internet
remote ipfilter append output accept -p tcp -sp 6667 internet
# Ident
remote ipfilter append input accept -p tcp -dp 113 internet
remote ipfilter append output accept -p tcp -sp 113 internet
# Drop all other traffic not listed above
remote ipfilter append input drop internet
remote ipfilter append output drop internet
# Turn on ip filter watch for debugging
remote ipfilter watch on internet
save
I am using Nat and dhcp and think i have forward the relevant ports to the pcs so i am a bit stuck as to why its not working.
I run the test on the emule website and my tcp connection is fine but the udp fails.
Anyhelp with this would be much appreciated |
|
|
| |
|
|
|
 |
|
eusty
|
|
|
Post subject: RE: Emule + Firewall
Posted: Nov 07, 2004 - 09:38 PM
|
|
Bug Admin
Joined: Aug 28, 2003
Posts: 1101
Location: King's Lynn
Status: Offline
|
|
You have specified TCP connections to be allowed, but no UDP.
I'm don't use emule, but you need to allow UDP on ports 4672 and 5672 in both directions if you think that is the problem.
remote ipfilter append input accept -p udp -sp xxx internet
remote ipfilter append output accept -p udp -dp xxx internet |
_________________
Steve
www.uk-bug.net
|
| |
|
|
|
|
|
Johnbhoy
|
|
|
Post subject: RE: Emule + Firewall
Posted: Nov 07, 2004 - 10:53 PM
|
|
Starting Bug
Joined: Nov 07, 2004
Posts: 2
Status: Offline
|
|
Thank you.
I did notice that myself after posting. Have gone through it again and added the appropriate lines. Have now got them both connecting so all it sweet.
One questions though that i can't seem to find an answer for.
Will only allowing a certain amount of ports (via the fireall) slow things down in emule (or any file sharing application). The reason i ask as my flatmate is convinced that emule is running slower with the firewall on. IE does it make a difference that when the firewall is on, it only allows access to certain amount of ports for tcp and udp, but when its not on, emule can access any ports if wants to thus increasing the amount of sources for downloads.
I would have thought the fact that the router only forwards the ports that are required would not have made a difference to the amount of sources for downloads.
Again if that makes any sense and you have idea.Ta |
|
|
| |
|
|
|
|
|
eusty
|
|
|
Post subject: RE: Emule + Firewall
Posted: Nov 08, 2004 - 06:38 AM
|
|
Bug Admin
Joined: Aug 28, 2003
Posts: 1101
Location: King's Lynn
Status: Offline
|
|
| It might possibly have an effect, an idea would to be to make two scripts, one which is emule friendly and another to use when you are not using emule. |
_________________
Steve
www.uk-bug.net
|
| |
|
|
|
|
|
|
| |
|
Broadband UK
Find the cheapest, fastest broadband where you live
Other Stories
- Mobile broadband to replace Wi-Fi?
(Mar 10, 2008)
- Pipex will be no more
(Mar 06, 2008)
- PlusNet tops BroadbandChoices.co.uk Customer Awards
(Mar 06, 2008)
- Be plans coverage expansion
(Mar 05, 2008)
- Wi-Fi use on train soars
(Mar 04, 2008)
- 24Mbps for under a tenner
(Mar 04, 2008)
- Virgin numbers soar
(Feb 28, 2008)
- iPlayer costs us money claim ISPs
(Feb 24, 2008)
- Government plans broadband review
(Feb 24, 2008)
- ISPs give thumbs down to regulation
(Feb 21, 2008)
|
FAQ
Search
Register
Log in to check your private messages
Log in
