[sclug] iptables and port forwarding

Patrick Kirk patrick at kirks.net
Sat Oct 25 09:05:46 UTC 2003 

Hi all,

I am trying to run emule behind a firewall and finding it a bit of  a 
pain.  Basically I need tcp port 4661 4662 and udp 4665 to appear to be 
on my firewalled machine.

What I've come up with is this:

# Define system variables
PATH=/sbin:$PATH; export PATH
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
hostname=enterprise
any="0.0.0.0/0.0.0.0"

# Define connection variables

EXTIF="ppp0"
INTIF="eth0"
# Find address ETH0-ROUTE-MASK
EXTIP="`ifconfig $EXTIF | grep inet | cut -d':' -f 2 | cut -f1 -d' '`"
EXTGW="`route -n | grep -A 4 UG | awk '{ print $2}'`"
INTIP="`ifconfig eth0 | grep inet | cut -d':' -f 2 | cut -f1 -d' '`"
INTMASK="`ifconfig $INTIF | grep Mask | cut -d : -f 4`"
INTLAN=$INTIP'/'$INTMASK
# Show it works just in case I run it interactively
echo "   External Interface:  $EXTIF"
echo "   External Address:  $EXTIP"

[snip]

# eMule on Voyager
echo "Enabling tcp port 4661 and 4662 and udp port 4665 forwarding to 
Voyager"

# Masquerade (SNAT) outgoing traffic
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.25 -p tcp --sport 4661 -j 
MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.25 -p tcp --sport 4662 -j 
MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.25 -p udp --sport 4665 -j 
MASQUERADE

# DNAT incoming traffic
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 4661 -j DNAT 
--to-destination 192.168.0.25
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p tcp --dport 4662 -j DNAT 
--to-destination 192.168.0.25
$IPTABLES -t nat -A PREROUTING -i $EXTIF -p udp --dport 4665 -j DNAT 
--to-destination 192.168.0.25

[snip]

It doesn't work - my machine has low-id which means that it is a second 
class peer on emule and the emule credit system really punishes that. 
An illustration of the problem:

open:~$ nmap -p 4661 217.35.29.108

Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ )
Warning:  You are not root -- using TCP pingscan rather than ICMP
Interesting ports on host217-35-29-108.in-addr.btopenworld.com 
(217.35.29.108):
Port       State       Service
4661/tcp   filtered    unknown#

It should be _open_


Can anyone point out what I need to add to make port forwarding work?



-- 

Best regards,


Patrick Kirk
Mobile: 07876 560 646

More information about the Sclug mailing list