ipfw & aMule & jails

L

livebrain

My problem is that i cant get highid. I dont use amule that much, but it would be great if i understood how to do this the "proper" way.

sac its one jail, and it has aMule running.
sac = 192.168.10.100
amule = 4662tcp and 4672udp

my natd.conf has this:
(i think that natd.conf is not he problem because if i do :
ipfw add allow all from any to any i have highid)

redirect_port tcp 192.168.10.100:4662 4662
redirect_port udp 192.168.10.100:4672 4672


my ipfw rules are:
ipfw="/sbin/ipfw -q add"
ext="tun0"
/sbin/ipfw -q -f flush
ks=check-state
skip="skipto 500"
ipdns="195.23.129.126,194.79.69.222"
ports="80,443,6667"

$ipfw 100 divert natd ip from any to any in via $ext
$ipfw 101 $ks

$ipfw 200 allow all from any to $ipdns 53 out via $ext keep-state
$ipfw 202 allow icmp from any to any out via $ext keep-state

$ipfw 203 allow all from 192.168.1.11 to 192.168.1.1,192.168.10.100,192.168.11.100 keep-state

$ipfw 204 allow all from 192.168.10.100 to 192.168.10.100

### AMULE ###
$ipfw 300 allow all from any to any 4662 keep-state
$ipfw 302 allow all from any to any 4672 keep-state
$ipfw 304 allow all from any to any 49152-65535 keep-state

$ipfw 500 divert natd all from any to any out via $ext
Click to expand...

cumps
 
I use mldonkey and PF, should be quite similar. The relevant bits of pf.conf look like this:

Code: 
mlnet="192.168.1.190"
donkey_port="6466"
donkey_port2="6470"
overnet_port="20268"
bt_port="6882"
bt_port2="6881"

#MLDonkey
rdr on $ext_if inet proto tcp to port $donkey_port -> $mlnet port $donkey_port
rdr on $ext_if inet proto udp to port $donkey_port2 -> $mlnet port $donkey_port2
rdr on $ext_if inet proto { tcp, udp } to port $overnet_port -> $mlnet port $overnet_port
rdr on $ext_if inet proto { tcp, udp } to port $bt_port -> $mlnet port $bt_port
rdr on $ext_if inet proto tcp to port $bt_port2 -> $mlnet port $bt_port2

#MLDonkey
pass in on $ext_if proto tcp from any to $mlnet port $donkey_port keep state
pass in on $ext_if proto udp from any to $mlnet port $donkey_port2 keep state
pass in on $ext_if proto { tcp, udp } from any to $mlnet port $overnet_port keep state
pass in on $ext_if proto { tcp, udp } from any to $mlnet port $bt_port keep state
pass in on $ext_if proto tcp from any to $mlnet port $bt_port2 keep state
 
I block everything in and out.
"ipfw deny all from any to any" is the "standard" rule.
I had some rules a few days ago that worked, I had rules for higher ports (49150-65535) allowing everything that connects to and from those ports. but i cant get it working :|
because (i may be wrong) they connect to me using the 4662/4672 but i answer using one random port from 49150-65535 ? and the same aplies to them ? so i need to allow that range?
 
livebrain said:
whats that overnet ?
Click to expand...

There was a moment when the edonkey protocol moved over to overnet. IIRC this never really took off. I just opened it as it does seem to get used. Mldonkey does several difffent P2P, donkey and torrent are the most popular but it also supports fasttrack, filetp and it used to support openNAP. I like it because I can run just the core (without a gui) on my server and use a GUI on my laptop to control it.
 
livebrain said:
I block everything in and out.
"ipfw deny all from any to any" is the "standard" rule.
I had some rules a few days ago that worked, I had rules for higher ports (49150-65535) allowing everything that connects to and from those ports. but i cant get it working :|
because (i may be wrong) they connect to me using the 4662/4672 but i answer using one random port from 49150-65535 ? and the same aplies to them ? so i need to allow that range?
Click to expand...

Not sure about aMule but on mldonkey the ports are configurable. It took a bit of fiddling to get both the P2P and the firewall in sync. Netstat -an and sockstat are your friends :e
 
You must log in or register to reply here.
Back
Top