# Shorewall and Edonkey, a pain in the butt.

## alexou2643

Well i've been playing lately with shorewall, but i still have some problem with LowID on xmule/edonkey...and i'm not sure that my rules are OK with all that.

Just so you know I opened my firewall to internet, and i have only 4 chains.

 *Quote:*   

> 
> 
> ACCEPT	loc	fw	tcp	21	        	#FTP client
> 
> ACCEPT	loc	fw	tcp	22	        	#SSH
> ...

 

So what do you think about my rules for the whole edonkey stuff...i don't see why i can't get a high ID

----------

## To

I don't use edonkey but emule. So I'm not into edonkey's config. 

On emule you have a TCP and other UDP ports that you can specify.

And those are the only ports that you need to setup the others are handle by NAT.

```
DNAT            net             loc:10.10.10.2  tcp     4662

DNAT            net             loc:10.10.10.2  udp     4672
```

On my case 10.10.10.2 is my internal IP.

I no longer use shorewall but I script that I made, but I think this still works.

I allways get HighID.

Tó

----------

## ronmon

My config is similar to To's for xmule:

```

ACCEPT  net loc                     tcp 4662

ACCEPT  net loc                     udp 4672

DNAT    net loc:192.168.0.2         tcp 4662

DNAT    net loc:192.168.0.2         udp 4672

```

----------

## alexou2643

but it still doesn't work: LowID.. :Sad: 

 *Quote:*   

> 
> 
> ACCEPT	loc	fw	tcp	21	        	#FTP client
> 
> ACCEPT	loc	fw	tcp	22	        	#SSH
> ...

 

----------

## Birnenpfluecker

Try to open port 4665 udp. It is suggested at xmule.org.

Cannot tell you if it works cause I have problems with starting my firewall, but under Windows I had to open this port too. Otherwise it wouldn't work.

----------

## ronmon

 *Quote:*   

> 
> 
> ACCEPT net fw tcp 4662 #EDONKEY
> 
> ACCEPT net fw udp 4672 #EDONKEY
> ...

 

I think these should be 'net loc'. That's how mine works.

----------

## alexou2643

 *ronmon wrote:*   

>  *Quote:*   
> 
> ACCEPT net fw tcp 4662 #EDONKEY
> 
> ACCEPT net fw udp 4672 #EDONKEY
> ...

 

Well...i put it in my chain "net fw" cause I happen to use my server/firewall to use edonkey, it's not a production server at all, so i don't mind too much about security.

So anyway, i know what you mean, but as you can see in the bottom lines, i think i authorized the connection to these ports from the net on the chain "net loc" the DNAT lines.

But here is the problem, if it can't work for the simple chain "net fw", how could it work to any chain else?!

Maybe it's about my whole configurations?

shorewall.conf:

 *Quote:*   

> 
> 
> ##############################################################################
> 
> #  /etc/shorewall/shorewall.conf V1.4 - Change the following variables to
> ...

 

policy:

 *Quote:*   

> 
> 
> #SOURCE		DEST		POLICY		LOG LEVEL	LIMIT:BURST
> 
> loc		net		ACCEPT
> ...

 

masq:

 *Quote:*   

> 
> 
> #INTERFACE		SUBNET		ADDRESS
> 
> ppp0			192.168.1.0/24     
> ...

 

interfaces:

 *Quote:*   

> 
> 
> #ZONE	INTERFACE	BROADCAST	OPTIONS
> 
> net	ppp0		-	        
> ...

 

----------

