HOWTO: set up a (Ubuntu)Linux-router for amule

t.rei · 11:12 AM

This is supposed to help people who are running an ubuntu router and want to run an amule client behind it.

Note:
The system this was done on was a woody debian router with ancient software (it still ran ipchains). I simply upgraded to warty by editing the /etc/apt/sources.list and installing ubuntu-base and upgrading everything else. clean reboot, and started configuring. (Read the next post for some really helpfull information!)

Step1:
getting started
Install ubuntu on the router. (ubuntu base is sufficient, ubuntu desktop just contains a whole bunch of gui packets)

If you have ipmasq on your Router - Uninstall it!

Code:

/etc/init.d/ipmasq stop
/etc/init.d/ipmasq-kmod stop
apt-get remove ipmasq

Step2:
Setting up iptables for ip-masquerading and for amule port-forwarding (and ssh access from outside)

(optional) enabling autosave of iptables:

Code:

sudo gedit /etc/default/iptables

scroll down to the bottom of the file and you will find a line "enable_autosave=false". Replace that with "enable_autosave=true".
Save and exit.
note: This could be bad. If you screw something up and reboot your computer. Your mistakes will still be autosaved!

Get a root shell:

Code:

sudo bash

Now to get iptables to load on bootup:

Code:

ln -s /etc/init.d/iptables /etc/rcS.d/S41iptables

Now to activate ip_forwarding:
Add this line to: /etc/init.d/iptables

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

look at the last section of this file where it says:

Code:

case "$1" in
  start|restart|reload|force-reload)
	initd_load active
	if test ${enable_autosave-false} = true; then
	  touch $autosave

and change it to look like this:

Code:

case "$1" in
  start|restart|reload|force-reload)
	initd_load active
	echo 1 > /proc/sys/net/ipv4/ip_forward
	if test ${enable_autosave-false} = true; then
	  touch $autosave

And finally configuring the firewall:

Code:

iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT

And forwarding the ports for amule:
(assuming the computer running amule has the ip "192.168.0.7")

Code:

iptables -t nat -A PREROUTING -i ppp0 -p tcp --destination-port 4662 -j DNAT --to-destination 192.168.0.7:4662
iptables -t nat -A PREROUTING -i ppp0 -p udp --destination-port 4672 -j DNAT --to-destination 192.168.0.7:4672
iptables -t nat -A PREROUTING -i ppp0 -p udp --destination-port 4665 -j DNAT --to-destination 192.168.0.7:4665

4662, 4665 and 4672 are the default ports set in amule. Its best you leave it that way.

Step3:
Since you might want to still be able to login to your router via ssh from the outside, you will need to open the ssh port (22)

Code:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Step4:
Testing and saving everything:
* Run amule and check if the "you have a low id" message is absent in the connected to server message. If it is: congratulations. If not - doh!
* Try to login from somewhere outside your LAN via ssh(If you can) - That should work as well.
* Run nmap from outside your lan on your router. It should not show any open ports (not even ssh).
* If you are happy with it save your iptables:

Code:

/etc/init.d/iptables save active

* And you probably should create a backup of your rules by:

Code:

iptables-save -c > ~/iptables_backup

You can restore them (if you should have messed up something) by:

Code:

cat ~/iptables_backup | iptables-restore

Step5:
Reboot the router! (do not hit the reset button - reboot cleanly!)

p!=f

Quote:

Originally Posted by t.rei

If you have ipmasq on your Router - Uninstall it!

Code:

/etc/init.d/ipmasq stop
/etc/init.d/ipmasq-kmod stop
apt-get remove ipmasq

Code:

apt-get --purge remove ipmasq

is stronger because it also removes configuration files (backup if needed) which could be potentionally used to reveal your router setup.

Quote:

Originally Posted by t.rei

Step2:
Setting up iptables for ip-masquerading and for amule port-forwarding (and ssh access from outside)

(optional) enabling autosave of iptables:

Code:

sudo gedit /etc/default/iptables

scroll down to the bottom of the file and you will find a line "enable_autosave=false". Replace that with "enable_autosave=true".
Save and exit.
note: This could be bad. If you screw something up and reboot your computer. Your mistakes will still be autosaved!

I don't have /etc/default/iptables (Ubuntu Hoary) but I can remeber it was present on my previous Debian Sid installation.

Code:

[~] > dpkg -l iptables
ii  iptables                      1.2.11-10                     Linux kernel 2.4+ iptables administration tools

Quote:

Originally Posted by t.rei

Now to get iptables to load on bootup:

Code:

ln -s /etc/init.d/iptables /etc/rcS.d/S41iptables

There's no /etc/init.d/iptables script on Ubuntu Hoary. Looks like you're running mixed environment.

Quote:

Originally Posted by t.rei

Now to activate ip_forwarding:
Add this line to: /etc/init.d/iptables

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

look at the last section of this file where it says:

Code:

case "$1" in
  start|restart|reload|force-reload)
	initd_load active
	if test ${enable_autosave-false} = true; then
	  touch $autosave

and change it to look like this:

Code:

case "$1" in
  start|restart|reload|force-reload)
	initd_load active
	echo 1 > /proc/sys/net/ipv4/ip_forward
	if test ${enable_autosave-false} = true; then
	  touch $autosave

No need for this...

Code:

[~] > cat /etc/network/options
ip_forward=yes
spoofprotect=yes
syncookies=yes

t.rei

ah ok - thx for all those hints.
yes - I do have a little bit of a mixed system. I will check back with all your hints and fix the howto. thx for the detailed feedback.

t.rei

ok - i can confirm all of your statements. I will leave things as they are but paste lines mentioning the woody->warty upgrade @ first lines.

Rick Z

Hi I am a newbie in ubuntu/linux. I am trying to setup my ubuntu 7.4 as router, but I am not sure where to start. I prefer not use any GUI. Therefore, I install webmin, but I seem lost in places how to enable the second NIC as DHCP to allow other pc (LAN) to connect. Please help.

March 1st, 2005	#1
t.rei Gee! These Aren't Roasted! Join Date: Dec 2004 Beans: 187 Ubuntu 9.10 Karmic Koala	HOWTO: set up a (Ubuntu)Linux-router for amule This is supposed to help people who are running an ubuntu router and want to run an amule client behind it. Note: The system this was done on was a woody debian router with ancient software (it still ran ipchains). I simply upgraded to warty by editing the /etc/apt/sources.list and installing ubuntu-base and upgrading everything else. clean reboot, and started configuring. (Read the next post for some really helpfull information!) Step1: getting started Install ubuntu on the router. (ubuntu base is sufficient, ubuntu desktop just contains a whole bunch of gui packets) If you have ipmasq on your Router - Uninstall it! Code: /etc/init.d/ipmasq stop /etc/init.d/ipmasq-kmod stop apt-get remove ipmasq Step2: Setting up iptables for ip-masquerading and for amule port-forwarding (and ssh access from outside) (optional) enabling autosave of iptables: Code: sudo gedit /etc/default/iptables scroll down to the bottom of the file and you will find a line "enable_autosave=false". Replace that with "enable_autosave=true". Save and exit. note: This could be bad. If you screw something up and reboot your computer. Your mistakes will still be autosaved! Get a root shell: Code: sudo bash Now to get iptables to load on bootup: Code: ln -s /etc/init.d/iptables /etc/rcS.d/S41iptables Now to activate ip_forwarding: Add this line to: /etc/init.d/iptables Code: echo 1 > /proc/sys/net/ipv4/ip_forward look at the last section of this file where it says: Code: case "$1" in start\|restart\|reload\|force-reload) initd_load active if test ${enable_autosave-false} = true; then touch $autosave and change it to look like this: Code: case "$1" in start\|restart\|reload\|force-reload) initd_load active echo 1 > /proc/sys/net/ipv4/ip_forward if test ${enable_autosave-false} = true; then touch $autosave And finally configuring the firewall: Code: iptables -F; iptables -t nat -F; iptables -t mangle -F iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT And forwarding the ports for amule: (assuming the computer running amule has the ip "192.168.0.7") Code: iptables -t nat -A PREROUTING -i ppp0 -p tcp --destination-port 4662 -j DNAT --to-destination 192.168.0.7:4662 iptables -t nat -A PREROUTING -i ppp0 -p udp --destination-port 4672 -j DNAT --to-destination 192.168.0.7:4672 iptables -t nat -A PREROUTING -i ppp0 -p udp --destination-port 4665 -j DNAT --to-destination 192.168.0.7:4665 4662, 4665 and 4672 are the default ports set in amule. Its best you leave it that way. Step3: Since you might want to still be able to login to your router via ssh from the outside, you will need to open the ssh port (22) Code: iptables -A INPUT -p tcp --dport 22 -j ACCEPT Step4: Testing and saving everything: * Run amule and check if the "you have a low id" message is absent in the connected to server message. If it is: congratulations. If not - doh! * Try to login from somewhere outside your LAN via ssh(If you can) - That should work as well. * Run nmap from outside your lan on your router. It should not show any open ports (not even ssh). * If you are happy with it save your iptables: Code: /etc/init.d/iptables save active * And you probably should create a backup of your rules by: Code: iptables-save -c > ~/iptables_backup You can restore them (if you should have messed up something) by: Code: cat ~/iptables_backup \| iptables-restore Step5: Reboot the router! (do not hit the reset button - reboot cleanly!) Last edited by t.rei; March 2nd, 2005 at 11:12 AM..

March 2nd, 2005	#3
t.rei Gee! These Aren't Roasted! Join Date: Dec 2004 Beans: 187 Ubuntu 9.10 Karmic Koala	Re: HOWTO: set up a (Ubuntu)Linux-router for amule ah ok - thx for all those hints. yes - I do have a little bit of a mixed system. I will check back with all your hints and fix the howto. thx for the detailed feedback.

March 2nd, 2005	#4
t.rei Gee! These Aren't Roasted! Join Date: Dec 2004 Beans: 187 Ubuntu 9.10 Karmic Koala	Re: HOWTO: set up a (Ubuntu)Linux-router for amule ok - i can confirm all of your statements. I will leave things as they are but paste lines mentioning the woody->warty upgrade @ first lines.

October 18th, 2007	#5
Rick Z Just Give Me the Beans! Join Date: Jul 2007 Beans: 65	Re: HOWTO: set up a (Ubuntu)Linux-router for amule Hi I am a newbie in ubuntu/linux. I am trying to setup my ubuntu 7.4 as router, but I am not sure where to start. I prefer not use any GUI. Therefore, I install webmin, but I seem lost in places how to enable the second NIC as DHCP to allow other pc (LAN) to connect. Please help. __________________ Embrace Linux!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode