# ipfw & aMule & jails



## livebrain (Jan 14, 2009)

My problem is that i cant get highid. I dont use amule that much, but it would be great if i understood how to do this the "proper" way.

*sac* its one jail, and it has aMule running.
sac = 192.168.10.100
amule = 4662tcp and 4672udp

my natd.conf has this:
(i think that natd.conf is not he problem because if i do :
ipfw add allow all from any to any i have highid)
_
redirect_port tcp 192.168.10.100:4662 4662
redirect_port udp 192.168.10.100:4672 4672
_

my ipfw rules are:


> ipfw="/sbin/ipfw -q add"
> ext="tun0"
> /sbin/ipfw -q -f flush
> ks=check-state
> ...



cumps


----------



## SirDice (Jan 15, 2009)

I use mldonkey and PF, should be quite similar. The relevant bits of pf.conf look like this:


```
mlnet="192.168.1.190"
donkey_port="6466"
donkey_port2="6470"
overnet_port="20268"
bt_port="6882"
bt_port2="6881"

#MLDonkey
rdr on $ext_if inet proto tcp to port $donkey_port -> $mlnet port $donkey_port
rdr on $ext_if inet proto udp to port $donkey_port2 -> $mlnet port $donkey_port2
rdr on $ext_if inet proto { tcp, udp } to port $overnet_port -> $mlnet port $overnet_port
rdr on $ext_if inet proto { tcp, udp } to port $bt_port -> $mlnet port $bt_port
rdr on $ext_if inet proto tcp to port $bt_port2 -> $mlnet port $bt_port2

#MLDonkey
pass in on $ext_if proto tcp from any to $mlnet port $donkey_port keep state
pass in on $ext_if proto udp from any to $mlnet port $donkey_port2 keep state
pass in on $ext_if proto { tcp, udp } from any to $mlnet port $overnet_port keep state
pass in on $ext_if proto { tcp, udp } from any to $mlnet port $bt_port keep state
pass in on $ext_if proto tcp from any to $mlnet port $bt_port2 keep state
```


----------



## livebrain (Jan 15, 2009)

whats that overnet ?


----------



## livebrain (Jan 15, 2009)

I block everything in and out. 
"ipfw deny all from any to any" is the "standard" rule.
I had some rules a few days ago that worked, I had rules for higher ports (49150-65535) allowing everything that connects to and from those ports. but i cant get it working :| 
because (i may be wrong) they connect to me using the 4662/4672 but i answer using one random port from 49150-65535 ? and the same aplies to them ? so i need to allow that range?


----------



## SirDice (Jan 15, 2009)

livebrain said:
			
		

> whats that overnet ?



There was a moment when the edonkey protocol moved over to overnet. IIRC this never really took off. I just opened it as it does seem to get used. Mldonkey does several difffent P2P, donkey and torrent are the most popular but it also supports fasttrack, filetp and it used to support openNAP. I like it because I can run just the core (without a gui) on my server and use a GUI on my laptop to control it.


----------



## SirDice (Jan 15, 2009)

livebrain said:
			
		

> I block everything in and out.
> "ipfw deny all from any to any" is the "standard" rule.
> I had some rules a few days ago that worked, I had rules for higher ports (49150-65535) allowing everything that connects to and from those ports. but i cant get it working :|
> because (i may be wrong) they connect to me using the 4662/4672 but i answer using one random port from 49150-65535 ? and the same aplies to them ? so i need to allow that range?



Not sure about aMule but on mldonkey the ports are configurable. It took a bit of fiddling to get both the P2P and the firewall in sync. Netstat -an and sockstat are your friends :e


----------

