Re: [Mldonkey-users] mldonkey and firewalls

[Goswin Brederlow]

Dirk Stoecker <address@hidden> writes:

> Hi,
> 
> I'm running a Linux box with iptables firewall installed on it and running
> the edonkey linux GUI as well as mldonkey. I opened the necessary ports
> for the protocols, but only these. For example 4661 for the servers, but
> nothing else.
> 
> An option to automatically remove servers which do not match port settings
> would be fine (e.g. as comma seperated list).
> 
> e.g. for edonkey
> allowed server-ports: 4661
> allowed client-ports: 4662,4664            (4664 is my mldonkey port :-)
> 
> This would reduce the useless entries in server lists and also the useless
> tries to connect on all the other ports.

1. You should reject packages instead of dropping them (if you do
so). That way the client direclty gets a connection refused.

2. Why would you block connects from the inside from your mldonkey to
some outside port? Its true that some Trojan Horse could open a connect
outgoing to let someone in, but do you start Trojan Horses?

I would allow all connects from high ports to the outside or run
mldonkey as its own user and allow all outgoing connects of that user.

> Also an overview about the protocols and all the default ports as well as
> the transfer formats would be very helpful.
> 
> e.g.
> (out --> outgoing destination port is xxx)
> (in  --> incomming destination port is xxx)
> 
> TCP 4661 out         donkey - default port for server connection
> TCP 4662 out/in      donkey - default port for client connection
> UDP 4665 out         ???
> (.. to be finished...)
> 
> usually local only:
> TCP 4000 in/out      telnet access mldonkey
> TCP 4001 in/out      GUI access mldonkey
> TCP 4080 in/out      WWW access mldonkey
> TCP 4663 in/out      edonkey client GUI
> 
> Such a list would reduce the need to experiment with the port settings a
> lot.

I would like that too.

MfG
        Goswin