iptable for emule lowid
發表於 : 2006-02-26 10:38:08
解決 emule lowid
http://gentoo-wiki.com/HOWTO_setup_a_home-server
Note for all eMule/xMule/iMule/aMule ? Users
LowID's suck, so here's a solution to become a HighID in the world-famous p2p-network... the basic idea behind the following iptables-statements is to forward specific server's ports to the machine behind the firewall using an eMule-client.
The following sketch should illustrate the situation:
/\----------\/\ _________ .............. intranet------------|
| internet >--| cable |-----| gentoo-box |--------| 192.168.0.10|
| eMULE-Network | | modem | eth0.........eth1 | 192.168.0.11|
\/ \/\/\/\/\/\/ -------- 123.1.1.1 192.168.0.1 | ... |
| 192.168.0.99|
emule-client's IP: 192.168.0.11 |-------------|
1. Now we'll forward the required ports from the Gentoo box to the emule-client-box: Serverport (4661 ? see below), clientport (4662), exchangeport (4672) and the webport (4771):
# iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4662 -j DNAT --to 192.168.0.11:4662
# iptables -t nat -I PREROUTING -i eth0 -p udp --dport 4672 -j DNAT --to 192.168.0.11:4672
# iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4771 -j DNAT --to 192.168.0.11:4771
2. Enable forwarding rules to allow the above port forwarding connections to progress through the gentoo-box:
# iptables -I FORWARD -i eth0 -p tcp -d 192.168.0.11/32 --dport 4662 -j ACCEPT
# iptables -I FORWARD -i eth0 -p udp -d 192.168.0.11/32 --dport 4672 -j ACCEPT
# iptables -I FORWARD -i eth0 -p tcp -d 192.168.0.11/32 --dport 4771 -j ACCEPT
3. Enable forwarding rules to allow our internal client to get to allowed ports:
# iptables -I FORWARD -i eth0 -p tcp -s 192.168.0.11/32 --dport 4661 -j ACCEPT
# iptables -I FORWARD -i eth0 -p tcp -s 192.168.0.11/32 --dport 4662 -j ACCEPT
# iptables -I FORWARD -i eth0 -p udp -s 192.168.0.11/32 --dport 4672 -j ACCEPT
# iptables -I FORWARD -i eth0 -p tcp -s 192.168.0.11/32 --dport 4771 -j ACCEPT
4. Allow any established or related connections on to the external interface be forwarded on
# iptables -I FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Voilà! No more annoying lowID's!!
Remark: If you plan to run the emule-client on your gentoo-server, then you only need similar rules like 2 and 3, replacing the 'FORWARD' by 'INPUT' and not applying the '-d / -s192.168.0.11/32' switches.
http://gentoo-wiki.com/HOWTO_setup_a_home-server
Note for all eMule/xMule/iMule/aMule ? Users
LowID's suck, so here's a solution to become a HighID in the world-famous p2p-network... the basic idea behind the following iptables-statements is to forward specific server's ports to the machine behind the firewall using an eMule-client.
The following sketch should illustrate the situation:
/\----------\/\ _________ .............. intranet------------|
| internet >--| cable |-----| gentoo-box |--------| 192.168.0.10|
| eMULE-Network | | modem | eth0.........eth1 | 192.168.0.11|
\/ \/\/\/\/\/\/ -------- 123.1.1.1 192.168.0.1 | ... |
| 192.168.0.99|
emule-client's IP: 192.168.0.11 |-------------|
1. Now we'll forward the required ports from the Gentoo box to the emule-client-box: Serverport (4661 ? see below), clientport (4662), exchangeport (4672) and the webport (4771):
# iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4662 -j DNAT --to 192.168.0.11:4662
# iptables -t nat -I PREROUTING -i eth0 -p udp --dport 4672 -j DNAT --to 192.168.0.11:4672
# iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4771 -j DNAT --to 192.168.0.11:4771
2. Enable forwarding rules to allow the above port forwarding connections to progress through the gentoo-box:
# iptables -I FORWARD -i eth0 -p tcp -d 192.168.0.11/32 --dport 4662 -j ACCEPT
# iptables -I FORWARD -i eth0 -p udp -d 192.168.0.11/32 --dport 4672 -j ACCEPT
# iptables -I FORWARD -i eth0 -p tcp -d 192.168.0.11/32 --dport 4771 -j ACCEPT
3. Enable forwarding rules to allow our internal client to get to allowed ports:
# iptables -I FORWARD -i eth0 -p tcp -s 192.168.0.11/32 --dport 4661 -j ACCEPT
# iptables -I FORWARD -i eth0 -p tcp -s 192.168.0.11/32 --dport 4662 -j ACCEPT
# iptables -I FORWARD -i eth0 -p udp -s 192.168.0.11/32 --dport 4672 -j ACCEPT
# iptables -I FORWARD -i eth0 -p tcp -s 192.168.0.11/32 --dport 4771 -j ACCEPT
4. Allow any established or related connections on to the external interface be forwarded on
# iptables -I FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
Voilà! No more annoying lowID's!!
Remark: If you plan to run the emule-client on your gentoo-server, then you only need similar rules like 2 and 3, replacing the 'FORWARD' by 'INPUT' and not applying the '-d / -s192.168.0.11/32' switches.