WhatFirewallPortsToOpen

From MLDonkey
Jump to: navigation, search

Contents

Joining P2P networks with MLDonkey through a firewall

Generally speaking, participation in a P2P network requires that your host is reachable on one or more TCP or UDP ports by other peers. If your host is directly connected to the Internet (it has a public IP address), you must check that no firewalls are blocking incoming traffic. The firewall can be on the router connecting to the Internet or can be on the host itself. The latter is the case of a Linux box running MLdonkey and with netfilter (iptables) enabled.

If your host is behind a router doing NAT (the host has a private IP address), you must ensure that traffic arriving to the incoming ports of the router will be forwarded to the host running the P2P program. This is where the IPTABLES script further down the page comes into action.

MLDonkey can participate in several P2P networks, each of them have some requirements about ports that should be opened or forwarded. Several ports are well-known but can be changed by the user. Here I try to summarize the ports used by the various networks, their historical default values, the default values proposed by MLDonkey and the configuration file where you can change them.

If you want MLDonkey to participate only to some P2P networks, you can open only the relevant ports. I focus the discussion about incoming traffic, where firewalls generally block packets. I assume that there are no restrictions on outgoing connections and that the firewall eventually performs connection tracking, allowing incoming traffic related to outgoing connections.

Incoming connections

Network Type Historical default MLdonkey default Configuration file
eDonkey2000 TCP 4662 port = random (before 2.8.0: 4662) donkey.ini
eDonkey2000 UDP 4672 (eMule) TCP port + 4 (before 2.8.0: 4666) donkey.ini
Kad TCP 6419 (eMule) Kademlia.port = random donkey.ini, Kademlia section
Kad1 UDP 6429 (eMule) Same as TCP donkey.ini, Kademlia section
Overnet TCP 4662 Overnet.port = random donkey.ini, Overnet section
Overnet UDP No default Same as TCP donkey.ini, Overnet section
Gnutella TCP 6346 client_port = 6346 gnutella.ini
Gnutella UDP (??) Same as TCP client_port = 6346 gnutella.ini
Gnutella2 TCP No default client_port = 6347 gnutella2.ini
Gnutella2 UDP Same as TCP client_port = 6347 gnutella2.ini
BitTorrent TCP 6881 client_port = 6882 bittorrent.ini
FastTrack TCP 1214 client_port = 1214 fasttrack.ini
OpenNapster TCP 6699 client_port = 9999 opennap.ini
DirectConnect TCP 1412 client_port = 4444 directconnect.ini
Direct Connect UDP Same as TCP client_port = 4444 directconnect.ini
Soulseek TCP 2234 client_port = 2234 soulseek.ini

Note: Maybe you could try to run this bash script to check what are the ports bound by MLDonkey. It will help you to find out what ports are opened (especially for Overnet which bind a random TCP/UDP port). As of latest 2.8.1 cvs the command portinfo can be used from within mldonkey.

Some infos about TOS

In MLDonkey 2.5.30.17 TOS support has been re-added, more information about it here: https://savannah.nongnu.org/patch/?func=detailitem&item_id=4127

Sample IPTABLES script

#!/bin/bash
##
# Shell script to insert iptables rules opening the required ports for MLDonkey.
# Currently supported networks are Edonkey2000, Overnet, BitTorrent and OpenNap.

# Please modify the following configuration settings according to your own
# setup.

IF=ppp0
IPTABLES=/sbin/iptables
MLDONKEY_HOST=192.168.1.2
EDONKEY_PORT=4662
KAD_PORT=8443
OVERNET_PORT=5865
BITTORRENT_PORT=6882
OPENNAP_PORT=9999

## MLDonkey acting as Edonkey2000 client
$IPTABLES -I FORWARD -p tcp --dport $EDONKEY_PORT -j ACCEPT
$IPTABLES -I FORWARD -p udp --dport $(($EDONKEY_PORT + 4)) -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i $IF -p tcp --dport $EDONKEY_PORT -j DNAT --to-destination $MLDONKEY_HOST
$IPTABLES -t nat -I PREROUTING -i $IF -p udp --dport $(($EDONKEY_PORT + 4)) -j DNAT --to-destination $MLDONKEY_HOST

## MLDonkey acting as Kad client
$IPTABLES -I FORWARD -p tcp --dport $KAD_PORT -j ACCEPT
$IPTABLES -I FORWARD -p udp --dport $KAD_PORT -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i $IF -p tcp --dport $KAD_PORT -j DNAT --to-destination $MLDONKEY_HOST
$IPTABLES -t nat -I PREROUTING -i $IF -p udp --dport $KAD_PORT -j DNAT --to-destination $MLDONKEY_HOST

## MLDonkey acting as Overnet client
$IPTABLES -I FORWARD -p tcp --dport $OVERNET_PORT -j ACCEPT
$IPTABLES -I FORWARD -p udp --dport $OVERNET_PORT -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i $IF -p tcp --dport $OVERNET_PORT -j DNAT --to-destination $MLDONKEY_HOST
$IPTABLES -t nat -I PREROUTING -i $IF -p udp --dport $OVERNET_PORT -j DNAT --to-destination $MLDONKEY_HOST

## MLDonkey acting as Edonkey2000 server
# $IPTABLES -I FORWARD -p tcp --dport $(($EDONKEY_PORT - 1)) -j ACCEPT
# $IPTABLES -t nat -I PREROUTING -i $IF -p tcp --dport $(($EDONKEY_PORT - 1)) -j DNAT --to-destination $MLDONKEY_HOST

## MLDonkey acting as BitTorrent client
$IPTABLES -I FORWARD -p tcp --dport $BITTORRENT_PORT -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i $IF -p tcp --dport $BITTORRENT_PORT -j DNAT --to-destination $MLDONKEY_HOST

## MLDonkey acting as OpenNap client
$IPTABLES -I FORWARD -p tcp --dport $OPENNAP_PORT -j ACCEPT
$IPTABLES -t nat -I PREROUTING -i $IF -p tcp --dport $OPENNAP_PORT -j DNAT --to-destination $MLDONKEY_HOST

Another iptables script. This one is for a Gentoo system and depends on lsof

#!/sbin/runscript

depend() {
    need mldonkey
}

start() {
    UDP_PORTS=$(lsof -i -n | grep mlnet | grep -v -- '-' | grep UDP | cut -d ':' -f 2)
    lsof -i -n | grep mlnet | grep -v -- '-' | grep TCP | cut -d ':' -f 2 | cut -d ' ' -f 1 | sort > /tmp/ml_tcp_ports
    egrep \"^\ '''.'''_port\ *=\ '''[[ egrep -o \"[0-9|0-9]]'''$\" /home/p2p/.mldonkey/downloads.ini |]+\" | sort > /tmp/ml_ui_ports
    TCP_PORTS=$(comm -2 -3 /tmp/ml_tcp_ports /tmp/ml_ui_ports)
    rm /tmp/ml_tcp_ports
    rm /tmp/ml_ui_ports

    ebegin \"Preparing mldonkey chain\"
    iptables -F mldonkey > /dev/null 2>&1 || iptables -N mldonkey > /dev/null 2>&1
    eend $?

    for port in $UDP_PORTS; do
        ebegin \"Adding UDP:$port to ACCEPT list\"
        iptables -A mldonkey -p udp --dport $port -j ACCEPT
        eend $?
    done

    for port in $TCP_PORTS; do
        ebegin \"Adding TCP:$port to ACCEPT list\"
        iptables -A mldonkey -p tcp --dport $port -j ACCEPT
        eend $?
    done
}

stop () {
    ebegin \"Flushing mldonkey chain\"
    iptables -F mldonkey
    eend $?
}

Windows Internet Connection Sharing (ICS)

Script for MLDonkey on a Thomson/Alcatel SpeedTouch Pro (or Home→Pro) ADSL modem/router

You can telnet to your modem/router then type in the following: 

:nat create protocol<code>tcp inside_addr</code><put_your_local_server_ip_here>:4662 outside_addr=0.0.0.0:4662
:nat create protocol<code>udp inside_addr</code><put_your_local_server_ip_here>:4666 outside_addr=0.0.0.0:4666
:config save

Repeat the same procedure for any other port mentioned hereunder for any other P2P network. The :config save command make the changes permanent and they will survive a power down. The problem with this is your local server IP address may change if you use DHCP. You can look for the .PDF CLI reference guide at Thomson/Alcatel's support page.

The script from ipcheck.py can forward ports, doing the telnet for you. Its works under GNU/Linux and Windows. The ports are forwarded until the router is powered down. This example doesn't use ipcheck.py to register your dynamic IP address. 

"C:\Program Files\Python232\python" ipcheck.py -T routerpassword --forward=4662/tcp,4666/udp -v xxx xxx xxx.dyndns.org

The Alcatel SpeedTouch Pro router has only 255 Network Address Translation table entries and it overflows with default settings. This is the only setting that seems to help. 

set max_connections_per_second 1

Notes about P2P networks

eDonkey2000

The eDonkey network is a network specialized in sharing really big files (between 30MB to 1.4 GB).

Ports can be configured freely, those are the defaults:

Note that opening these ports not only resolves LowID issues for eMule but also eliminates the "firewalled" message from Kad too when all other publicised ports have been opened.

Overnet

Overnet is a network using the same download protocol as edonkey, but a different search/localisation protocol, that doesn't need servers. It needs a (recent) list of Overnet peers that you can connect to. For that, you can use the servers.ini file from the most recent distribution of MLDonkey. It contains a long list of Overnet peers. It can run over any port. The defaults it uses are:

MLDonkey of course uses the ones set in donkey.ini (see table above)

Kad

Kad is a network started by the eMule project. It is similar to Overnet (both are based on the Kademlia algorithms, so don't require servers,...), but protocols are incompatibles.

Gnutella

A peers on a Gnutella network is referred to as a servent - it is both client and server to the network, allowing the user to both serve files to other Gnutella network members and to receive files from those members. Gnutella peers generally can run over any port, the default is

Gnutella2

Gnutella2 was created by [Shareaza] to solve legacy Gnutella's problems, replacing the aging and underperforming "G1" with a fresh and innovative platform designed to grow. Gnutella2 is an architecture designed from the ground up to be extensible, and includes a range of new technologies to lift performance beyond traditional expectations of a distributed system. Gnutella2 is a fresh start.

Many problems have been identified with the legacy Gnutella network. For example there is ample research indicating that it cannot scale or that it uses too much overhead. But perhaps more importantly it lacks a clear set of network standards, which has led to a network of unequal clients and abusive behaviour, to the point that one client can consume 80% of the resources on the entire network!

BitTorrent

BitTorrent doesn't look like other P2P networks: it uses peer-to-peer file sharing mechanisms to help release huge files without the hassle and price of setting up big links, big servers, and mirrors (or in addition to that expensive approach).

It divides shared data (a single file or a directory) into pieces, typically of 256 KiB. A SHA-1 checksum is computed for each piece, and used to check the piece has been correctly downloaded. The checksums are stored in a .torrent file, along with filenames. The .torrent file also nominates a tracker, a Web resource that introduces peers to each other. Peers contact each other, learn what pieces they have available, request the rarest (least commonly seen) pieces first, and send requested pieces.

Design and protocol are described on the main site.

Fasttrack

FastTrack is a protocol similar to the eDonkey2000 protocol, but it cannot download from users who do not have the complete file. The protocol was used by KaZaa and Morpheus, later the Sharman Networks bought rights and monopolised FastTrack protocol.

FastTrack users with the fastest Internet connections and the most powerful computers are automatically designated as Supernodes. A Supernode contains a list of some of the files made available by other users and where they are located. When you perform a search, your computer first searches the nearest Supernode to you, and then sends you immediate results. This first Supernode then refers your search to other Supernodes and so on.

OpenNap

OpenNap [1] is an open souce implementaion of the Napster client/server protocol. The sharing is based on a central server that provides the ability to search for particular files and initiate a direct transfer between the clients. In addition, chat forums similar to IRC are available. There are a few OpenNap networks which are interconnected to allow searching and downloading files from within each OpenNap network without connecting to all of its servers. The problem is that each network is not connected, thus requiering mulitple server connections for a larger file selection. Napster was originally ment for sharing MP3s only, but OpenNap is expanded to allow any file to be shared.

Only an open TCP port is required on the client, servers listen on several ports.

Direct Connect

Direct Connect is a file sharing protocol based on servers (called hubs) run by volunteers. Thus you only share your files with the people connected to the same hubs as you are. The people running hubs usually set up lots of rules about who can connect to their hub, for example a minimum amount of shared files, open slots for connections, ban some material (eg. child pornography) etc. This is good because is gets rid of a lot of leechers. (people who just download, don't share).

Near zero documentation on the home page, just some advertise: Direct Connect offers a community-oriented, open, user-controlled network. Direct Connect's network architecture is built on a peer-to-peer foundation; users run, control, and maintain the network. Users are able to share any type of file. These files are easily viewed through a familiar organized windows-explorer interface.

More info can be bought from programs compatible with the Direct Connect protocol, as DC++. It seems that a TCP and an UDP port are required, the defaults are:

Soulseek

The Soulseek Network is a network similar to Napster. You connect on a single server, and there, you can search for (mainly audio) files, you can join rooms to chat with other users, and you can browse other users files. There is only one server on Soulseek, and the one you have in soulseek.ini is probably not up-to-date.

Documentation about the protocol used by this P2P network is scarce. The FAQ only mentions two used ports, the French FAQ adds that they are TCP ports. I will not spend time looking at a so poorly documented thing.

/devein: uh oh! soulseek protocol documentation : [2]


See also

FireWall

LanguagesEnglish

Retrieved from "http://mldonkey.sourceforge.net/WhatFirewallPortsToOpen"
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox