OpenWrt Forum Archive

Topic: emule /mlnet and open-wrt

The content of this topic has been archived on 31 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
samson
3 Aug 2005, 17:08

Hi,

I have another question about open-wrt.
I have edited the firewall.user script, to forward the emule dependant ports. The problem is that i have a lowid! What did i wrong?

Here is the script:


root@OpenWrt:/etc# more firewall.user
#!/bin/sh
. /etc/functions.sh

WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)

iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule

### BIG FAT DISCLAIMER
### The "-i $WAN" literally means packets that came in over the $WAN interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.

### Allow SSH from WAN
# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
# iptables        -A input_rule      -i $WAN -p tcp --dport 22 -j ACCEPT

### Port forwarding
iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 4661 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p tcp --dport 4661 -d 192.168.1.9 -j ACCEPT


iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 4662 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p tcp --dport 4662 -d 192.168.1.9 -j ACCEPT


iptables -t nat -A PREROUTING -i $WAN -p udp --dport 4665 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p udp --dport 4665 -d 192.168.1.9 -j ACCEPT


iptables -t nat -A PREROUTING -i $WAN -p udp --dport 4672 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p udp --dport 4672 -d 192.168.1.9 -j ACCEPT


### DMZ (should be placed after port forwarding / accept rules)
# iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
# iptables        -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT


so please tell me what is wrong in this script!?

regards

Samson

Post #2
florian_
3 Aug 2005, 19:40

if you did not change /etc/init.d/S45firewall, then replace -A PREROUTING by -A prerouting_rule

Post #3
yissnn
3 Aug 2005, 19:48

Hello,

First of all; this info, you can find it in the iptables man. It is really complete and helpful.

The problem I see in your code below is the DNAT target is unpropperly used. the argument after DNAT should be
'--to-destination 192.168.1.9'

Try that change and if it doesn't work... just be sure that all the rules have correctly been loaded and look at the way the packets will follow through the chains...

Iurgi


samson wrote:

### Port forwarding
iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 4661 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p tcp --dport 4661 -d 192.168.1.9 -j ACCEPT


iptables -t nat -A PREROUTING -i $WAN -p tcp --dport 4662 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p tcp --dport 4662 -d 192.168.1.9 -j ACCEPT


iptables -t nat -A PREROUTING -i $WAN -p udp --dport 4665 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p udp --dport 4665 -d 192.168.1.9 -j ACCEPT


iptables -t nat -A PREROUTING -i $WAN -p udp --dport 4672 -j DNAT --to 192.168.1.9
iptables        -A FORWARD -i $WAN -p udp --dport 4672 -d 192.168.1.9 -j ACCEPT

Post #4
szhellfire
24 Dec 2008, 15:38

Find out which PORT that used for your EMULE. For example ,My emule use TCP:7558, UDP:7568.
So in the script file firewall.user,I filled the following rules:

iptables -t nat -A prerouting_wan -p tcp --dport 7558 -j DNAT --to 192.168.1.200
iptables        -A forwarding_wan -p tcp --dport 7558 -d 192.168.1.200 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 7568 -j DNAT --to 192.168.1.200
iptables        -A forwarding_wan -p udp --dport 7568 -d 192.168.1.200 -j ACCEPT



My computer's IP address: 192.168.1.200. I can get High_ID in e-mule.

The discussion might have continued from here.