|  | 
| 
 | |||||||
| Register | FAQ | The Twelve Commandments | Members List | Calendar | Arcade | Find the Best VPN | Today's Posts | Search | 
| Tips & Tricks For help with file formats, viruses, security, etc. This section is not for questions about problems with Gnutella program clients, downloading, connecting, etc. | 
|  | LinkBack | Thread Tools | Display Modes | 
| 
 | |||
|  How I SOLVED the ULTIMATE Firewall Hell  OK, here is the ULTIMATE firewall hell (or, at least, worse than any other configs I've heard of). I have drilled port 6346 all the way through so that my machine (and other machines on my local network) can expose 6346 without firewall constraints.  I thought I'd share my experiences. I'm behind three levels of "firewalls": 1 - A VoIP Gateway (D-Link DVG-1220M) 2 - A LinkSys BEFSX-41 Broadband Router 3 - A Linux Server/Firewall (SuSE 9.3) This is my home network, so I'm sysadm on all this gear. Here are the particulars (the technique should work on any other hardware assuming it can be configured in a similar fashion). First, here is my network configuration (some addressesses have been changed for security): Code:                    Internet
                       |
            =======================
            |    Cable Modem      |  LinkSys BEFCMU10
            =======================
                       |
            =======================
            | WAN: via DHCP       |  VoIP Router
            | GW:  via DHCP       |  D-Link DVG-1120M
            | LAN: 192.168.15.1   |
            =======================
                       |
            =======================
            | WAN: 192.168.15.100 |  Broadband Router
            | GW:  192.168.15.1   |  LinkSys BEFSX-41
            | LAN: 10.168.1.1     |
            =======================
                       |
            =======================
            | WAN: DHCP           |  Linux Server
            | GW:  10.168.1.1     |  SuSE 9.3 Pro
            | LAN: 192.168.1.99   |
            =======================
                       |
            =======================
            | GigE Switch ('hub') |  D-Link DGS-1008G
            =======================
                |              |
  ====================    ====================
  | IP: 192.168.1.10 |    | IP: 192.168.1.11 |
  | GW: 192.168.1.99 |    | GW: 192.168.1.99 |
  ====================    ====================
       Home PC #1               Home PC #2The first device is my VoIP router. Cake. Browse to it (my model defaults to 192.168.15.1). Simply configure port forwarding to send 6346 to the WAN address of the next device (the BroadBand Rouer). For my model, that's in Configure_Lan_Port -> NAT_Configuration -> Virtual_Server_Configuration. I configure both TCP/UDP to forward 6346-6346 to 192.168.15.100 port 6346-6346. OK, now the packets are getting to the BroadBand router. Configure the BroadBand router in the same general manner as the VoIP router - ie, port forward 6346 to the WAN address if the next device (the Linux Server). Since the BB router is "sandwitched" between devices, it should have static (and private) IP addresses for BOTH the WAN (Internet) and LAN (Netork) sides. For my device, I go to Basic_Setup and configure the WAN (Internet) as a Static address, 192.168.15.100, netmask 255.255.255.0, GateWay 192.168.15.1 (the LAN address of the upstream device). I set the LAN (Local IP) address to a different network (private) network, 10.168.1.1. Then go to the "Port Forwarding" section (which, in newer firmware, is called "Applications & Gaming") and configure 6346-6346 TCP/UDP to forward to the WAN address (same port #) of the next device (the Linux Server). The Linux Server is configurd for IP Masquerading (with two NICS - eth0 and eth1, and two IP addresses, one for the LAN side (my home network) and one for the WAN side). I configure (using YaST, since I'm on SuSE) it to masquerade inbound packets on port 6346 from the server's WAN address to the server's own LAN address. That makes the port available to the Linux server itself, as well as all downstream clients that use this server as their gateway (ie, all of my home PCs). Now, this is a "real" firewall, which means it filters inbound AND outbound traffic, so I need to also define reciprocal rules to allow 6346 from the server's LAN to the server's WAN (or some folks configure the firewall to allow ALL outbound traffic from the trusted network, but that's stupid, IMHO). Since LimeWire doesn't see a firewall, there's no need to configure any firewall settings. It doesn't matter what you do in this section (you can leave it on the UPnP default, which is a laugh - AS IF a well-configured ipfilter firewall is gonna let the client tell it what to do!) And, volla - it works. Cheers! | 
| 
 |  | 
|  Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post | 
| The ultimate Vista problem (To me). | GlenGlenGlen | General Vista, Windows 7 or later Support | 6 | April 16th, 2007 06:33 AM | 
| Vista Ultimate and LimeWire PRO 4.10.0 | Lord Grievous | General Vista, Windows 7 or later Support | 10 | February 17th, 2007 08:29 AM | 
| The Ultimate Limewire Media Player! | guitar4life399 | New Feature Requests | 1 | August 28th, 2006 05:45 AM | 
| LW using too much CPU? PROBLEM SOLVED! | CptChipJew | General Mac OSX Support | 45 | December 23rd, 2002 07:36 PM | 
| Ultimate Radio | Unregistered | XoloX Feature Request | 0 | October 13th, 2001 01:15 PM |