|
Demand for Gnutella masquerading module (Linux)? Hi, I ask myself if there is demand for Linux masquerading/netfilter module (Kernel 2.4)? This would allow incoming connections behind Linux firewalls/routers (home networks, intranet), less Gnutella Pushs and more available files. Currently this could only achieved through port forwarding, which is not very easy to setup for beginners - at least not default in any distibution (with a loose packetfilter configuration out of the box). If there are more Gnutella servants which support Socks/NAT... or a good Linux proxy/reflector for Gnutella... then there might no demand for a masquerading/netfilter module? Thx for feedback, Moak |
i agree. my only question is will this work in linux 2.4? i used to work with bsd systems which were all nat based, and while i could manually configure forwarding for a single system, i couldn't do anything similar to what linux 2.2's irc or ftp modules allow. at home i still run 2.2 on my server, so i haven't really played around with 2.4 ip routing stuff. still, such a module would be *very* welcome :) |
Yes, NAT is supported in kernel 2.4.x, simple masqueraded forwarding is also possible with older kernels. Right now the feedback for this new linux kernel module is _very_ low... maybe someone want to help coding? Here is a link about "Writing a Module for netfilter" (kernel 2.4) http://www.linux-mag.com/depts/gear.html |
Well. I think we just keep going. It's a great idea and could help administrators a lot. Project starts asap. :) cu Dun3 |
Mailinglist I did setup a mailinglist for developers now. If there are more coders/network or gnutella specialists who would like to help, please join. This is only about gnutella module development, not about gnutella clients. To subscribe to the list: Send an email with the following text to the mail server (inside body, no subject). To: imailsrv@pirate.de subscribe gnutella (nick)name CU, Moak :) [UPDATE] The mailinglist is closed due lack of interest and might be used for another gnutella project in future. |
New one Hey. I just got a message from another person, who wants to join. So maybe this project is really starting up! I'd really love to have this module! cu Dun3 |
I'm using Debian with a 2.4.12 kernel. I have a utility called FWBuilder installed, to allow me to manipulate the iptables stuff graphically. My laptop (Win 2000 most times :-) ) sits behind my linux firewall, and I use Bearshare and/or Phex with no problems. You just have to configure iptables to forward whatever port you are sharing on (default 6346) to your internal machine (in my case the laptop). Everything works fine, I just have to configure my Gnutella client to specify the IP address as the one on my external interface. The actual iptables lines that configures the forwarding is # # Rule #0 # # Gnutella # iptables -N RULE_0 iptables -A OUTPUT -p tcp -m state --state NEW -d 192.168.0.2 --destination-port 6346 -j RULE_0 iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.0.2 --destination-port 6346 -j RULE_0 iptables -A RULE_0 -m state --state NEW -j LOG --log-level debug --log-prefix "RULE 0 -- Accept " iptables -A RULE_0 -m state --state NEW -j ACCEPT but I highly recommend fwbuilder. HTH, Gollo. |
Well. That is true. But well known. Thanks anyway. The problem with this is: It is good for ONE client behind a firewall. But when there are several of them it is hard to maintain. And with DHCP nearly impossible. And your aproach has the problem: If you have a dynamic external IP you have to readjust the force IP-option. That should be done by this module on the fly. Thanks again for your idea. cu Dun3 |
yeah thx from me 2. I will build a FAQ/README as soon as possible, to describe gnutella firewall/router problems and detailed solutions. |
gnutella. Hi, Has the project started yet or was there to low demand? P.S I might help if help is needed D.S Best Regards Magnus |
Re: gnutella. Quote:
send Moak a mail... I think the project hasnīt started, yet! Morgwen |
yeah.. I think we start hmm today... hmm okay soon! Just subscribe to the mailing list. Btw Morgwen would you still like to translate the info text (U know which) into english? Thx, Moak |
Quote:
Hi Moak! :) Yes! You know my actual problems with linux! I have promised to do it, and I will do it... It takes only a little longer... ;) Morgwen |
Hi Dun3, how far is the english translation of the README? :) |
Wow... Completly forgot about that one! Damn... Will be finished soon! Promise. cu Dun3 |
In lack of interest I will quit from this project. The mailinglist will survive, zero traffic, perhaps someone needs it later for another project. The early alpha of the documentaion is available, if someone wanna finish the unfinished send me a message. Sorry & Greets, Moak |
Wouldn't it be better if everyone just ran Linux so no firewall was needed? Would also save everyone from paying some lame *** company $80 every year for a "better" OS with new security holes. |
Quote:
Morgwen :confused: |
You need good security (maintaining of your OS, firewalls, and etc) if you want to keep people out of things you dont want people to see (other networks and etc). I think he was implying that you need to use a firewall to block people from exploiting the vulnerabilities in Microsoft's software (Windows). Which is true but as I said above you also need a firewall for you other Operating Systems you run. I run FreeBSD and I run a firewall. I actually have a 100MHz with 45MB of memory acting as my router and firewall. I'm also running NAT on it. NAT on FreeBSD is really reallly easy to use and configure. Took me like 5 minutes to read about it in the handbook ( http://www.freebsd.org/doc/en_US.ISO...book/natd.html ) and another 5 - 15 minutes to recompile and reboot. I'm running LimeWire behind NAT too. I just force my ip to my public address and it works. :] |
dead ....and alive? Hi, the kernel masquerading/SNAT module project is dead! How about a proxy... is there someone who would like to write a simple Gnutella proxy? It does not even need to be a real superpeer in the beginning, but forwarding descriptors and HTTP traffic from LAN -> internet and visa-versa. (Sound like a job for Max from Mutella.... LOL... no just kidding). I just thought we need something to increase the amount of "hosts accepting incoming connections". It could be a cool project, for example also with network autodetection/autoconfiguration (see UDP-proposal). Just an idea, Moak |
I'm interested in this too. Please dont let it die. |
How to get more volunteers .. maybe? Hmm .. I have an idea .. of how to get more people working on the project ;) System administrators hate gnutella because it is so hard to block (the ones who know anything about it - the other ones think they just block 6346 ;) ) If you go to some security/OS/firewall forum and say 'anyone want to write a module to control gnutella traffic' I bet you will get some responses. The reason this is good is that to either allow or block the traffic requires the same thing - identifying the traffic. This would be good because then your gnutella module will know what is gnutella traffic and what isn't, and so it will actually enhance useage for people who do use gnutella, by increasing their gnutella security and blocking abusive packets before they even reach the client, which may not handle bad packets properly. I don't think I know enough to help you though, but I will be interested to see how the idea progresses. Nos |
| All times are GMT -7. The time now is 07:56 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright Đ 2020 Gnutella Forums.
All Rights Reserved.