limewire using random ports with iptables enabled

frenzy.usa · #1 (**permalink**) December 24th, 2007

Need help with forwarding the ports used by limewire. What ports do I need to open or what rules do I need for Iptables to get limewire to connect and download successfully?

If I set the firewall to drop all FORWARDed traffic unless I allow it, even if I open up ports 49423 & 6346 (UDP and TCP) for inbound and outbound traffic, limewire does not want to connect. If I set the firewall to accept all FORWARD traffic I get 5 green bars within two minutes of starting limewire and can successfully download stuff.

Firewall logs show that limewire is trying to connect using random ports when the firewall is set to drop all FORWARDed traffic.

Server OS: Fedora Core 6
Firewall software on server: Iptables v 1.3.8
Client OS: Windows XP Pro SP2
Limewire version: 4.14.12
Java Runtime: 1.6.0_03
Listen on port: 49423
Manual port forwarding: 49423

Iptables rules for limewire:

Code:

#!/bin/bash

# Filename: iptables.lw.A
#
# Open Limewire ports
# Created 2007-12-21 by Nathan Weiler
# Last updated 2007-12-24 by Nathan Weiler
#
# 2007-12-24
#   -Changed '-A' to '-I' to insert rules in correct location
#    in the chain
#   -Added rules for INPUT chain on FILTER table
#

echo "Opening ports for limewire"

IPT_BIN="/sbin/iptables"
LW_PORT=49423

# NAT table
#
# PREROUTING chain
$IPT_BIN -t nat -I PREROUTING 11 -p tcp -m tcp --dport $LW_PORT -j DNAT --to-destination 192.168.1.203:$LW_PORT
$IPT_BIN -t nat -I PREROUTING 12 -p udp -m udp --dport $LW_PORT -j DNAT --to-destination 192.168.1.203:$LW_PORT
#
# POSTROUTING chain
$IPT_BIN -t nat -I POSTROUTING 2 -p tcp -m tcp -o eth0 --dport $LW_PORT -d 192.168.1.203 -j ACCEPT

# FILTER table
#
# FORWARD chain
#
# TCP
$IPT_BIN -t filter -I FORWARD 12 -s 192.168.1.203 -i eth0 -o eth1 -p tcp -m tcp --dport $LW_PORT -j ACCEPT
$IPT_BIN -t filter -I FORWARD 13 -d 192.168.1.203 -i eth1 -o eth0 -p tcp -m tcp --sport $LW_PORT -j ACCEPT
#
# UDP 
$IPT_BIN -t filter -I FORWARD 14 -s 192.168.1.203 -i eth0 -o eth1 -p udp -m udp --sport $LW_PORT -j ACCEPT
$IPT_BIN -t filter -I FORWARD 15 -d 192.168.1.203 -i eth1 -o eth0 -p udp -m udp --dport $LW_PORT -j ACCEPT
#
# INPUT chain
$IPT_BIN -t filter -I INPUT 11 -i eth1 -d 10.0.0.139 -p tcp -m tcp --dport $LW_PORT -j ACCEPT

If I use the 2 rules below, limewire will connect and downloads are successful but I do not want to use them because they open ALL TCP and UDP ports to and from my computer.
$IPT_BIN -t filter -$1 FORWARD -s 192.168.1.203 -i eth0 -o eth1 -j ACCEPT
$IPT_BIN -t filter -$1 FORWARD -d 192.168.1.203 -i eth1 -o eth0 -j ACCEPT

frenzy.usa · #2 (**permalink**) January 4th, 2008

Did some more testing and research. The bash script below is what I currently use to allow limewire to work through iptables.

For instructions on how to write your own iptables rules type 'man iptables' in a terminal screen.

Hope this helps some else.

Code:

#!/bin/bash

#
# filename: lw_iptables_rules
# chown: root:root   <-- must be owned and run by root or script will fail
# chmod: 700
#

# Open/close ports (TCP and UDP) 1025 to 50000 for Limewire
#
#
# Created 2007-12-27 by frenzy.usa
# Last updated 2007-12-27 by frenzy.usa
#

# Location of your iptables binary
IPT_BIN="/sbin/iptables"

# IP address of computer that is running limewire
LW_HOST=192.168.1.203

if [ "$1" = "A" ]
then
  echo "Opening limewire ports"
  # TCP ports
  $IPT_BIN -t filter -I FORWARD -p tcp -m tcp -m multiport -s $LW_HOST -i eth0 -o eth1 --ports 1025:50000 -j ACCEPT
  $IPT_BIN -t filter -I FORWARD -p tcp -m tcp -m multiport -d $LW_HOST -i eth1 -o eth0 --ports 1025:50000 -j ACCEPT

  # UDP ports
  $IPT_BIN -t filter -I FORWARD -p udp -m udp -m multiport -s $LW_HOST -i eth0 -o eth1 --ports 1025:50000 -j ACCEPT
  $IPT_BIN -t filter -I FORWARD -p udp -m udp -m multiport -d $LW_HOST -i eth1 -o eth0 --ports 1025:50000 -j ACCEPT

elif [ "$1" = "D" ]
then
  echo "Closing limewire ports"
  # TCP ports
  $IPT_BIN -t filter -D FORWARD -p tcp -m tcp -m multiport -s $LW_HOST -i eth0 -o eth1 --ports 1025: -j ACCEPT
  $IPT_BIN -t filter -D FORWARD -p tcp -m tcp -m multiport -d $LW_HOST -i eth1 -o eth0 --ports 1025: -j ACCEPT

  # UDP ports
  $IPT_BIN -t filter -D FORWARD -p udp -m udp -m multiport -s $LW_HOST -i eth0 -o eth1 --ports 1025: -j ACCEPT
  $IPT_BIN -t filter -D FORWARD -p udp -m udp -m multiport -d $LW_HOST -i eth1 -o eth0 --ports 1025: -j ACCEPT


else
  echo "Usage: $(basename $0) [A|D]"
  echo "      A:  Open ports for limewire"
  echo "      D:  Close ports for limewire"
fi