This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

User file sharing firewall issue.

Old posts that have not been replied to for several years.
Locked
G
Gothic-Angel
Op
Posts: 109
Joined: Mon Sep 23, 2002 9:46 pm

User file sharing firewall issue.

Post by Gothic-Angel »

I'v been using my box as the hub lately for my eggies which isn't a problem its pretty stable. However I have the hub bot set to use port 4655, I'v opened 4655 up via my firewall rules.
system is
Linux sasuke 2.6.3-15mdk #1 Fri Jul 2 22:09:29 MDT 2004 i686 unknown unknown GNU/Linux

These are my rules for shorewall

ACCEPT net fw udp 53,8436,4655,33381 -
ACCEPT net fw tcp 80,443,53,22,20,21,8436,6436:6446,113,35164,8188,8189,4655,33381 -
REJECT fw net tcp 6666,6667,6668,6669,7001 -

I do have an ipv6 tunnel setup and these rules are specifically for ipv4, but it shouldn't matter because the connections to the hub are ipv4. In fact I don't even have my ipv6 side enabled right now.

The problem is the bots still will not send userfile's they timeout when they try to transfer them, but I disable the firewall and it works. Am I missing something in the conf I set all connections to 4655, Iv spied on the ports and I see my box using 4655 to try to send the files. I dunno whats up!
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

you need to set reserved-portrange in bot's config and open that port(s) through the firewall

otherwise your hub bot is trying to use random ports for userfile transfer offer, and your firewall doesn't know about that
G
Gothic-Angel
Op
Posts: 109
Joined: Mon Sep 23, 2002 9:46 pm

Post by Gothic-Angel »

so I just need to add a line reserved-portrange "port,port,port or port:range" ? or do I have to set it somewhere else?
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

from eggdrop.conf example:

Code: Select all

# If you want all dcc file transfers to use a particular portrange either
# because you're behind a firewall, or for other security reasons, set it
# here.
#set reserved-portrange 2010:2020
you don't understand this?
|
|_aban

Post by |_aban »

This may solve my problem as well.
You may read the topic "Linking problem between eggdrop 1.6.17 and eggdrop 1.6.15" to see what I mean. My egg 1.6.17 is behind a firewall configured exactly the same way. I just didn't know that the bots were sharing userfiles via ports different from the telnet communication ports. Now I know. :) Thank you, both of you!
S
SIYB
Voice
Posts: 13
Joined: Sun Dec 19, 2004 5:45 pm

Post by SIYB »

have the same prob, but i did set up the ports in the configfile an forwarded them with my router
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

SIYB wrote:have the same prob, but i did set up the ports in the configfile an forwarded them with my router
and you did test connecting from Internet on those ports on your internal machine as well?
S
SIYB
Voice
Posts: 13
Joined: Sun Dec 19, 2004 5:45 pm

Post by SIYB »

strange thing is that the servers the bots are running on are on my lan. so first i thugh i would't have to configure ports for sharing on my router.

well anyway, i did forward the ports now and got a different prob:



the bots create files: .share.Xler.1104765502.users

but they keep on telling me that the connection was lost transferring userfiles :/. (although files exceed 0kb) so they must be connected at some point, right?

SIYB
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

if connecting/sharing between bots on your internal LAN, no firewall setting is necessary, your router has nothing to do with TCP connections inside your LAN
S
SIYB
Voice
Posts: 13
Joined: Sun Dec 19, 2004 5:45 pm

Post by SIYB »

hmm so i was right first (no change of nat settings for lan required)? hmm .. any idea where this problem my result from? i am gonna try using the server's dyndns hostname and keep the ports forwarded, perhaps that works :/...


oh yea thx for your quick help :>

SIYB
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

dyndns and port forwarding are irrelevant, that stuff is related to Internet, and your bot link/share is not

simply use your internal IPs when setting up bot records for link/share (and make sure of course that your internal machines don't have firewalls, or configure their firewalls appropriately)
S
SIYB
Voice
Posts: 13
Joined: Sun Dec 19, 2004 5:45 pm

Post by SIYB »

if i would use dyndns for address it would make my link/share internet related, wouldn't it? and so port forwarding would work for the ports opened by the router.

the thing is that this:
simply use your internal IPs when setting up bot records for link/share (and make sure of course that your internal machines don't have firewalls, or configure their firewalls appropriately)


does not work, i am using these settings atm.

SIYB
User avatar
demond
Revered One
Posts: 3073
Joined: Sat Jun 12, 2004 9:58 am
Location: San Francisco, CA
Contact:

Post by demond »

dude, why don't you simply describe your configuration and we'll take it from there
Locked