mldonkey-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Mldonkey-users] you heard all this b4, low ID trash :)

From: Sebastián Wilwerth
Subject: Re: [Mldonkey-users] you heard all this b4, low ID trash :)
Date: Mon, 30 Jun 2003 00:42:33 -0300
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030617 
Maybe your upload/download traffic are affecting your connection latency.
Maybe your ISP are filtering the ports for you

Try the attached scripts (edit CMDLINE= in these scripts if necessary).
Note: The tmangler, needs an extra package (iproute2), that can be downloaded from ftp://ftp.inr.ac.ru/ip-routing/iproute2-2.4.7-now-ss010824.tar.gz (Adjust UPLINK= bandwidth if necessary) 

Sebastián.

philippe usenet wrote:


Hi guys

This is the lamest mail you'll read today.
Believe it or not this is *another* mail about Low IDs and port nnnn being unreachable.
Man, I have read tons of docs and manuals, I tried *every* single hardware or software method and I'm still being spitted at by the donkey, yelling 

"+-- From server ProbenPrinz.de [193.111.198.138:4242] ------
| ERROR: Your port 4662 is not reachable. You have a LOWID, look http://www.edonkey2000.com/documentation/lowid.html ! Please correct your network config"
At me everytime I try to connect. Ppl seem to FIND files on my machine in my shared filesystem, only they can't get it ! They must be FURIOUS, MAD at me ! I'm such a bastard ! The machine (name TRS) is a linux box, MDK 9.1, running MLD Release 2.5-3. The network is a switched LAN hooked to french ADSL thru an Alcatel router, it's sold as a modem only but a telnet hack permits to make it route IP. Now one thing is strange, it won't let me setup a default natserver on the router, the telnet session hangs at this point... Oh well. Other machines on this LAN are just clients, I mean web surfing/IM-wasting-time machines. But I also tried to plug TRS directly into the router/modem, making it the only one, and was still having this port problem.
My reasoning is as follows : Since I can bloody SURF the web, thus *getting* and (more importantly for that matter) *putting* stuff, my machine *has* the ability to become a proper p2p client/server, if I'm clever enough to OPEN the good doors... 
Am I right ?
I tried to use various flavors of iptables, the built-in linux firewall that deals with kernel's routing tables. I also tried to use other port numbers. 

At one point I had rules like that :

## start core
#!/bin/sh
# ouvrir les bons ports pour le p2p
echo "firewall START"
iptables -X
iptables -A INPUT -p tcp --destination-port 4661 -j ACCEPT
iptables -A INPUT -p tcp --destination-port 4662 -j ACCEPT
iptables -A INPUT -p udp --destination-port 4665 -j ACCEPT
echo "firewall INPUT OK"
iptables -A OUTPUT -p tcp --destination-port 4661 -j ACCEPT
iptables -A OUTPUT -p tcp --destination-port 4662 -j ACCEPT
iptables -A OUTPUT -p udp --destination-port 4665 -j ACCEPT
echo "firewall OUTPUT OK"
echo "firewall OK"
## end core
resulting with "iptables -L" basically saying to me that nothing was blocked at this level. I also tried to get RID of this iptables thing. All of this to no avail. I'm running MLD as root... It does not seem to help.
I'm open to every suggestion. I'd like a good run-down about opening and closing ports on linux, just about that.
The worst may well be the fact that I'm actually managing to *DLoad* stuff ! It drives me crazy : I *want* those files badly, but cannot give anything back ! Please help me to comply with the basic rules of the EDK network, and if any info is needed, please ask.
Oh, and not least, this app rules. The interface is wonderful, very consistent, the only bug is the user here bravo et merci ! 

-phil





#!/bin/bash

#script de firewall simple generico con iptables
#drop by default on ppp0
#accept by default on ethernet and forward
#version 1.1.0-beta-adsl(with ping)

#Variables -----------------------------------------------

#path
    CMDIR=/usr/local/sbin

#Interfaces
    int_ppp="ppp+" #interfaces de entrada
    int_eth="eth+" #interfaces de LAN

#puertos (agregar los puertos necesarios para que la coneccion funcione ok)
    
    #puertos para recibir aceptados
    gen_receive="47558:65300"

    #Puertos por ppp/pppoe generales aceptados INPUT Internet -> localhost 
    ppp_tcp_ok="21,80,1720,4960,4071,4444,9999,6346,2234,4662,6667,6882" 
#ftp,smtp,http,h323,h323,h323,DC,napster,gnutella,SoulSeek,Mldonkey,IRC,Bittorrent
    ppp_udp_ok="4665,4666,27015,27960"  #Mldonkey_UDP,Mldonkey_UDP, CSTRIKE, 
Quake3

    #Puertos por ppp/pppoe generales prohibidos FORWARD Internet -> LAN
    fppp_tcpr_ok="100,137,138,139,21,22,25,5800,5900,6000"      #Rango de 
puertos TCP
    fppp_udpr_ok="100,137,138,139,21,22,25,5800,5900,6000"      #Rango de 
puertos UDP

    #Puertos prohibidos de maquinas ETHERNET LAN -> localhost
    leth_tcpr_ok="23,37,111,113,515,631,901,3306,6000,10000"          #Rango de 
puertos TCP
    leth_udpr_ok="23,37,111,113,515,631,901,3306,6000,10000"          #Rango de 
puertos UDP

#redes
    net_int="192.168.0.0/16" #todas las maquinas de 192.168.X.X
    
#Fin de las Variables ------------------------------------

#Cargar los modules

modprobe ip_tables              #ip_tables firewall
modprobe iptable_filter         #iptable packet filtering
modprobe ip_conntrack_ftp
modprobe iptable_nat            #ip_tables NAT (para masquerading)
modprobe ip_nat_irc
modprobe ip_conntrack_irc ports=6667,6668,6669,7000,7010        #irc DCC files

# establece una tabla definida por el usuario

# Forwarding ...

$CMDIR/iptables -N erlog
$CMDIR/iptables -F erlog
$CMDIR/iptables -A erlog -m limit -j LOG --log-prefix "Bad packet from FIX: "
$CMDIR/iptables -A erlog -j DROP

# Ethernet LAN
$CMDIR/iptables -N ethernet
$CMDIR/iptables -F ethernet
$CMDIR/iptables -A ethernet -m state --state ESTABLISHED,RELATED -j ACCEPT
$CMDIR/iptables -A ethernet -m state --state NEW -i ! $int_eth -j ACCEPT
$CMDIR/iptables -A ethernet -i $int_eth -p icmp -j ACCEPT
$CMDIR/iptables -A ethernet -i $int_eth -m multiport -p tcp --destination-port  
$leth_tcpr_ok -j erlog
$CMDIR/iptables -A ethernet -i $int_eth -m multiport -p udp --destination-port  
$leth_udpr_ok -j erlog
$CMDIR/iptables -A ethernet -i eth2 -p tcp --dest 192.168.0.7/24 -j erlog
$CMDIR/iptables -A ethernet -i eth2 -p tcp --dest 192.168.1.1    -j erlog
$CMDIR/iptables -A ethernet -i eth0 -p tcp --dest 192.168.2.1/24 -j erlog
$CMDIR/iptables -A ethernet -j ACCEPT
#End LAN

#Internet pppX
$CMDIR/iptables -N internetblock
$CMDIR/iptables -F internetblock
$CMDIR/iptables -A internetblock -m state --state ESTABLISHED,RELATED -j ACCEPT
$CMDIR/iptables -A internetblock -m state --state NEW -i ! $int_ppp -j ethernet
$CMDIR/iptables -A internetblock -i $int_ppp -p icmp -j ACCEPT
$CMDIR/iptables -A internetblock -i $int_ppp -m multiport -p tcp 
--destination-port $ppp_tcp_ok -j ACCEPT
$CMDIR/iptables -A internetblock -i $int_ppp -m multiport -p udp 
--destination-port $ppp_udp_ok -j ACCEPT
$CMDIR/iptables -A internetblock -i $int_ppp -p tcp --destination-port 
$gen_receive -j ACCEPT
$CMDIR/iptables -A internetblock -i $int_ppp -p udp --destination-port 
$gen_receive -j ACCEPT
$CMDIR/iptables -A internetblock -i $int_ppp -m limit -j LOG --log-prefix "Bad 
packet from PPPX: "
$CMDIR/iptables -A internetblock -j DROP
#End Internet pppX

#Internet Forwarding
$CMDIR/iptables -N forwardblock
$CMDIR/iptables -F forwardblock
$CMDIR/iptables -A forwardblock -m state --state ESTABLISHED,RELATED -j ACCEPT
$CMDIR/iptables -A forwardblock -m state --state NEW -i ! $int_ppp -j ethernet
$CMDIR/iptables -A forwardblock -i $int_ppp -m multiport -p tcp 
--destination-port $fppp_tcpr_ok -j erlog
$CMDIR/iptables -A forwardblock -i $int_ppp -m multiport -p udp 
--destination-port $fppp_udpr_ok -j erlog
$CMDIR/iptables -A forwardblock -j ACCEPT
#End Forwarding

# Manipuleo de las tablas principales
$CMDIR/iptables -F INPUT                        
$CMDIR/iptables -A INPUT -j internetblock       
$CMDIR/iptables -F FORWARD
# MSS Clamping para ADSL (pptp-pppoe,etc)
$CMDIR/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu
#VOIP (MSS NAT)
$CMDIR/iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 
700
# <--
$CMDIR/iptables -A FORWARD -j forwardblock

# Priorizar trafico
$CMDIR/iptables -F OUTPUT
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport telnet -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport ftp -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport ftp-data -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport https -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport domain -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport pop3 -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport 5190 -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport 1863 -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport 7070 -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp --dport 8080 -j TOS --set-tos 
Minimize-Delay
$CMDIR/iptables -A OUTPUT -t mangle -p tcp -j TOS --set-tos Maximize-Throughput
$CMDIR/iptables -A OUTPUT -t mangle -p udp -j TOS --set-tos Minimize-Delay
$CMDIR/iptables -A OUTPUT -j ACCEPT

# Configura NAT
$CMDIR/iptables -t nat -F
$CMDIR/iptables -t nat -A POSTROUTING -o $int_ppp -j MASQUERADE

# Habilita el IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward


#!/bin/bash

CMDIR=/usr/local/sbin

$CMDIR/iptables -F ethernet
$CMDIR/iptables -F internetblock
$CMDIR/iptables -F forwardblock
$CMDIR/iptables -F INPUT
$CMDIR/iptables -F FORWARD
$CMDIR/iptables -F OUTPUT
$CMDIR/iptables -A INPUT -j ACCEPT
$CMDIR/iptables -A FORWARD -j ACCEPT
$CMDIR/iptables -A OUTPUT -j ACCEPT

echo "1" > /proc/sys/net/ipv4/ip_forward

#rmmod ip_conntrack_ftp

#rmmod ip_conntrack_irc #para le babosa en la commission
#rmmod iptable_nat      #ip_tables NAT (para masquerading)
#rmmod iptable_filter   #iptable packet filtering
#rmmod ip_tables                #ip_tables firewall




#!/bin/bash

# Script para control de tráfico CBQ versión 1.0.0 stable NAT+ADSL+CBQ
# Se prioriza el tráfico del server http,ftp,Domain y SMTP entre otros
# Basado en el script wshaper y el Linux Advanced Routing Howto
# 20/11/2002 Sebastián Wilwerth <address@hidden>
# Se necesita Ip2Route

# Directorio donde se encuentra el binario tc
CMDIR=/usr/local/bin

# Ancho de banda nominal, no ponga un valor inferior al real
N_UPLINK=128
#El tráfico de baja prioridad, va mas lento (valor en KBPS)
L_UPLINK=33

#############################################################

# Dispositivo de control
DEVICE=ppp0
# Mtu del dispositivo
DEV_MTU=1500

# Elimina las qdiscs existentes
$CMDIR/tc qdisc del dev $DEVICE root  2> /dev/null > /dev/null
$CMDIR/tc qdisc del dev $DEVICE ingress 2> /dev/null > /dev/null

#Tamaño del paquete medio
MD_SIZE=1000
MAXBURST=1024

echo "Uplink at        :${N_UPLINK}"
echo "Low uplink at    :${L_UPLINK}"

#Limita el canal de upload 
$CMDIR/tc qdisc add dev $DEVICE root handle 1: cbq rate 10mbit avpkt $MD_SIZE
$CMDIR/tc class add dev $DEVICE parent 1: classid 1:1 cbq rate ${N_UPLINK}kbit 
allot $DEV_MTU bounded isolated

#clase de alta prioridad
$CMDIR/tc class add dev $DEVICE parent 1:1 classid 1:10 cbq rate 
${N_UPLINK}kbit weight $[N_UPLINK/10]kbit avpkt $[MD_SIZE/3] allot $DEV_MTU 
borrow isolated

#clase de baja prioridad 
$CMDIR/tc class add dev $DEVICE parent 1:1 classid 1:20 cbq rate 
${L_UPLINK}kbit weight $[N_UPLINK/5]kbit avpkt $MD_SIZE bounded sharing

#Todas las clases ordenadas con SFQ
$CMDIR/tc qdisc add dev $DEVICE parent 1:10 handle 10: sfq perturb 5
$CMDIR/tc qdisc add dev $DEVICE parent 1:20 handle 20: sfq perturb 5
#***********
#* Filtros *
#***********

#TOS para delay bajo

$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
tos 0x10 0xff flowid 1:10

#ICMP
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 11 u32 match ip 
protocol 1 0xff flowid 1:10

#ACK Packets
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 12 u32 \
            match ip protocol 6 0xff \
            match u8 0x05 0x0f at 0 \
            match u16 0x0000 0xffc0 at 2 \
            match u8 0x10 0xff at 33 \
            flowid 1:1

#Priorizar tráfico a algunos puertos (puede causar abuso por parte de 
programas, proximamente esta parte queda deprecated)
#http
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 80 0xffff flowid 1:1
#https(http SSL)
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 443 0xffff flowid 1:10
#DNS
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 53 0xffff flowid 1:1
#ftp
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 21 0xffff flowid 1:1
#Pop3
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 110 0xffff flowid 1:1
#Smtp
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 25 0xffff flowid 1:10
#Icq
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 5190 0xffff flowid 1:10
#Msn
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 1863 0xffff flowid 1:10
#Samba
    $CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match 
ip dport 139 0xffff flowid 1:10

#Servicios Locales
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 80 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 21 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 6667 0xffff flowid 1:10
#Passive FTP (proximamente desaparece)
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65524 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65525 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65526 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65527 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65528 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65529 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65530 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65531 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65532 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65533 0xffff flowid 1:10
$CMDIR/tc filter add dev $DEVICE parent 1:0 protocol ip prio 10 u32 match ip 
sport 65534 0xffff flowid 1:10

#Resto de la basura (Uplinks no priorizados)
$CMDIR/tc filter add dev $DEVICE parent 1: protocol ip prio 20 u32 match ip dst 
0.0.0.0/0 flowid 1:20


#!/bin/bash


CMDIR=/usr/local/bin
DEVICE=ppp0

# Elimina las qdiscs existentes
$CMDIR/tc qdisc del dev $DEVICE root  > /dev/null > /dev/null
$CMDIR/tc qdisc del dev $DEVICE ingress > /dev/null > /dev/null
reply via email to
[Prev in Thread] Current Thread [Next in Thread]