Thread: limewire using random ports with iptables enabled
View Single Post
  #1 (permalink)  
Old December 24th, 2007
frenzy.usa frenzy.usa is offline
Apprentice
  
Join Date: December 23rd, 2007
Posts: 6
frenzy.usa is flying high
Default limewire using random ports with iptables enabled
Need help with forwarding the ports used by limewire. What ports do I need to open or what rules do I need for Iptables to get limewire to connect and download successfully?

If I set the firewall to drop all FORWARDed traffic unless I allow it, even if I open up ports 49423 & 6346 (UDP and TCP) for inbound and outbound traffic, limewire does not want to connect. If I set the firewall to accept all FORWARD traffic I get 5 green bars within two minutes of starting limewire and can successfully download stuff.

Firewall logs show that limewire is trying to connect using random ports when the firewall is set to drop all FORWARDed traffic.

Server OS: Fedora Core 6
Firewall software on server: Iptables v 1.3.8
Client OS: Windows XP Pro SP2
Limewire version: 4.14.12
Java Runtime: 1.6.0_03
Listen on port: 49423
Manual port forwarding: 49423

Iptables rules for limewire:
Code:
#!/bin/bash

# Filename: iptables.lw.A
#
# Open Limewire ports
# Created 2007-12-21 by Nathan Weiler
# Last updated 2007-12-24 by Nathan Weiler
#
# 2007-12-24
#   -Changed '-A' to '-I' to insert rules in correct location
#    in the chain
#   -Added rules for INPUT chain on FILTER table
#

echo "Opening ports for limewire"

IPT_BIN="/sbin/iptables"
LW_PORT=49423

# NAT table
#
# PREROUTING chain
$IPT_BIN -t nat -I PREROUTING 11 -p tcp -m tcp --dport $LW_PORT -j DNAT --to-destination 192.168.1.203:$LW_PORT
$IPT_BIN -t nat -I PREROUTING 12 -p udp -m udp --dport $LW_PORT -j DNAT --to-destination 192.168.1.203:$LW_PORT
#
# POSTROUTING chain
$IPT_BIN -t nat -I POSTROUTING 2 -p tcp -m tcp -o eth0 --dport $LW_PORT -d 192.168.1.203 -j ACCEPT

# FILTER table
#
# FORWARD chain
#
# TCP
$IPT_BIN -t filter -I FORWARD 12 -s 192.168.1.203 -i eth0 -o eth1 -p tcp -m tcp --dport $LW_PORT -j ACCEPT
$IPT_BIN -t filter -I FORWARD 13 -d 192.168.1.203 -i eth1 -o eth0 -p tcp -m tcp --sport $LW_PORT -j ACCEPT
#
# UDP 
$IPT_BIN -t filter -I FORWARD 14 -s 192.168.1.203 -i eth0 -o eth1 -p udp -m udp --sport $LW_PORT -j ACCEPT
$IPT_BIN -t filter -I FORWARD 15 -d 192.168.1.203 -i eth1 -o eth0 -p udp -m udp --dport $LW_PORT -j ACCEPT
#
# INPUT chain
$IPT_BIN -t filter -I INPUT 11 -i eth1 -d 10.0.0.139 -p tcp -m tcp --dport $LW_PORT -j ACCEPT
If I use the 2 rules below, limewire will connect and downloads are successful but I do not want to use them because they open ALL TCP and UDP ports to and from my computer.
$IPT_BIN -t filter -$1 FORWARD -s 192.168.1.203 -i eth0 -o eth1 -j ACCEPT
$IPT_BIN -t filter -$1 FORWARD -d 192.168.1.203 -i eth1 -o eth0 -j ACCEPT
Last edited by frenzy.usa; December 24th, 2007 at 09:31 PM. Reason: Updated Iptables script
Reply With Quote