> > # netstat -an|grep 4662 > > should tell you if your box is listening at all on port 4662. > > > > If you run eDonkey server on the firewall box, open port in > the INPUT > > chain. > > If your eDonkey server is *behind* the firewall, open the > port in the > > FORWARD chain, and add a DNAT rule in the nat table -> > PREROUTING chain. > > the edonkey server is behind the firewall > > 210.54.175.12--->eth0 (Router) 10.0.0.6(eth1)--->10.0.0.x > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 210.54.175.12 > --dport 4662 -j DNAT --to 10.0.0.6:4662 > iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.6 --dport 4662 -j ACCEPT > > like that? If default policy for FORWARD is ACCEPT then it should work without the FORWARD, else you need it. For me such a setup works. If you do a netstat -an on the eDonkey box (you don't need netcat to do that) and it doesn't report 4662 then eDonkey is not running/listening and you can never connect. About opening ports for eDonkey, from the eDonkey website : (http://www.edonkey2000.com/documentation/index.html) ==== 2. Software Firewall If you are running software like Norton Personal Firewall, Tiny Firewall, Zone Alarm, BlackIce or <...snip...> Alternatively, with some more advanced firewalls, or firewall settings you will need to open ports 4661 and 4662 TCP for both incoming and out going connections, as well as port 4665 UDP for both incoming and outgoing connections. 3. Hardware firewall Setting up your hardware firewall is a tad more difficult, but if you have one chances are you know what your doing. You will need to set it to allow both incoming and outgoing connections on 4661 & 4662 TCP and port 4665 UDP. ==== So you need to open more ports than just 4662/tcp I think. And IMHO you want a statefull packetfilter, if you haven't made it already statefull. (iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT) Rob
