ShorewallConfiguration
For those of you who are using [ShoreWall] here are the necessary steps to correctly configure it to allow incoming connections to MLDonkey.
This example is based on the output provided by this bash script. Port numbers may be different for you. Please correct the port numbers to match your MLDonkey's configuration.
Output given but the script :
$ ~/bin/checkMLDonkey.sh Checking MLDonkey configuration files: BitTorrent [[Client]] : ENABLED [[TCP: 6882]] BitTorrent [[Tracker]] : ENABLED [[TCP: 6881]] Direct Connect : WARNING Configuration file \"/home/gcn/.mldonkey/directconnect.ini\" is missing eDonkey 2000 : ENABLED [[TCP: 4662 / UDP: 4666]] FastTrack : ENABLED [[TCP: 1214]] Gnutella : ENABLED [[TCP: 6346 / UDP: 6346]] Gnutella2 : ENABLED [[TCP: 6347 / UDP: 6347]] Open Napster : WARNING No ports found in the file \"/home/gcn/.mldonkey/opennap.ini\" Overnet : ENABLED [[TCP: 12206 / UDP: 12206]] SoulSeek : DISABLED
Now we know which TCP and UDP ports are opened by MLDonkey, here is how to configure shorewall.
In this example, we assume the \"$FW\" zone is the host on which MLDonkey is running. The \"net\" zone is the zone corresponding to the interface connected to the Internet.
/etc/shorewall/rules :
#################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP ## MLDonkey running on the server # BitTorrent ACCEPT net $FW tcp 6881,6882 # eDonkey 2000 ACCEPT net $FW tcp 4662 ACCEPT net $FW udp 4666 # FastTrack ACCEPT net $FW tcp 1214 # Gnutella 1/2 ACCEPT net $FW tcp 6346,6347 ACCEPT net $FW udp 6346,6347 # Overnet ACCEPT net $FW tcp 12206 ACCEPT net $FW udp 12206
Now, suppose you've got a gateway. This gateway have at least two network interfaces (ethX, pppX, whatever...). One is connected to the internet (shorewall's \"net\" zone) and the other one is connected to you LAN (shorewall's \"loc\" zone). MLDonkey is not running on the Shorewall machine but on another machine inside your LAN which is using private IP addresses as described in the [[1]]. We must use DNAT (Destination Network Address Translation aka. Port Forwarding) to tell your firewall to forward incoming connections on the \"net\" interface to the host running MLDonkey on the LAN.
For the following example we assume:
- The \"net\" zone is the zone corresponding to the Internet's interface
- The \"loc\" zone is the zone corresponding to your Local Area Network.
- 192.168.0.2 is the host which is running MLDonkey (correct this to reflect your network setup).
/etc/shorewall/rules :
#################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP ## MLDonkey running on a \"private\" host # BitTorrent DNAT net loc:192.168.0.2 tcp 6881,6882 # eDonkey 2000 DNAT net loc:192.168.0.2 tcp 4662 DNAT net loc:192.168.0.2 udp 4666 # FastTrack DNAT net loc:192.168.0.2 tcp 1214 # Gnutella 1/2 DNAT net loc:192.168.0.2 tcp 6346,6347 DNAT net loc:192.168.0.2 udp 6346,6347 # Overnet DNAT net loc:192.168.0.2 tcp 12206 DNAT net loc:192.168.0.2 udp 12206