User file sharing firewall issue.

[Gothic-Angel]

I'v been using my box as the hub lately for my eggies which isn't a problem its pretty stable. However I have the hub bot set to use port 4655, I'v opened 4655 up via my firewall rules.
system is
Linux sasuke 2.6.3-15mdk #1 Fri Jul 2 22:09:29 MDT 2004 i686 unknown unknown GNU/Linux

These are my rules for shorewall

ACCEPT net fw udp 53,8436,4655,33381 -
ACCEPT net fw tcp 80,443,53,22,20,21,8436,6436:6446,113,35164,8188,8189,4655,33381 -
REJECT fw net tcp 6666,6667,6668,6669,7001 -

I do have an ipv6 tunnel setup and these rules are specifically for ipv4, but it shouldn't matter because the connections to the hub are ipv4. In fact I don't even have my ipv6 side enabled right now.

The problem is the bots still will not send userfile's they timeout when they try to transfer them, but I disable the firewall and it works. Am I missing something in the conf I set all connections to 4655, Iv spied on the ports and I see my box using 4655 to try to send the files. I dunno whats up!

[demond]

you need to set reserved-portrange in bot's config and open that port(s) through the firewall

otherwise your hub bot is trying to use random ports for userfile transfer offer, and your firewall doesn't know about that

[Gothic-Angel]

so I just need to add a line reserved-portrange "port,port,port or port:range" ? or do I have to set it somewhere else?

[demond]

from eggdrop.conf example:

Code: Select all

# If you want all dcc file transfers to use a particular portrange either
# because you're behind a firewall, or for other security reasons, set it
# here.
#set reserved-portrange 2010:2020

you don't understand this?

[|_aban]

This may solve my problem as well.
You may read the topic "Linking problem between eggdrop 1.6.17 and eggdrop 1.6.15" to see what I mean. My egg 1.6.17 is behind a firewall configured exactly the same way. I just didn't know that the bots were sharing userfiles via ports different from the telnet communication ports. Now I know. Thank you, both of you!

[SIYB]

have the same prob, but i did set up the ports in the configfile an forwarded them with my router

[demond]

have the same prob, but i did set up the ports in the configfile an forwarded them with my router

and you did test connecting from Internet on those ports on your internal machine as well?

[SIYB]

strange thing is that the servers the bots are running on are on my lan. so first i thugh i would't have to configure ports for sharing on my router.

well anyway, i did forward the ports now and got a different prob:



the bots create files: .share.Xler.1104765502.users

but they keep on telling me that the connection was lost transferring userfiles :/. (although files exceed 0kb) so they must be connected at some point, right?

SIYB

[demond]

if connecting/sharing between bots on your internal LAN, no firewall setting is necessary, your router has nothing to do with TCP connections inside your LAN

[SIYB]

hmm so i was right first (no change of nat settings for lan required)? hmm .. any idea where this problem my result from? i am gonna try using the server's dyndns hostname and keep the ports forwarded, perhaps that works :/...


oh yea thx for your quick help :>

SIYB

[demond]

dyndns and port forwarding are irrelevant, that stuff is related to Internet, and your bot link/share is not

simply use your internal IPs when setting up bot records for link/share (and make sure of course that your internal machines don't have firewalls, or configure their firewalls appropriately)

[SIYB]

if i would use dyndns for address it would make my link/share internet related, wouldn't it? and so port forwarding would work for the ports opened by the router.

the thing is that this:

simply use your internal IPs when setting up bot records for link/share (and make sure of course that your internal machines don't have firewalls, or configure their firewalls appropriately)

does not work, i am using these settings atm.

SIYB

[demond]

dude, why don't you simply describe your configuration and we'll take it from there