AllowGnutellaTraffic
Note: You are viewing an old revision of this page. View the current version.
Most internet file sharing these days is done on the Gnutella network. For example, clients such as LimeWire, Morpheus, and Kazaa all operate on this network.
Gnutella is designed to work even if you are behind a firewall, by utilizing HTTP. However, for the best Gnutella performance, you should modify your firewall to allow traffic through on native GnutellaNet (port 6346) instead. This will significantly increase the number of results returned for your searches.
I was motivated to write this up because I run OpenBSD 2.8 on my firewall, and I didn't really find any info on the net about how to configure it to properly allow GnutellaNet traffic. Note that the general ideas here are applicable on any firewall/gateway setup. Also, newer versions of OpenBSD use a totally different firewall mechanism, so you will have to modify these rules.
First, edit your /etc/ipf.rules on your firewall and add the following:
pass in quick on xl0 proto tcp from any port = 6346 to any port > 1024
Then, edit /etc/ipnat.rules and add the following, _before any other directives__:
rdr xl0 0.0.0.0/0 port 6346 -> 192.168.2.32 port 6346 tcpudp
Note that you need to change the 192.168.2.32 address in the nat rule to the address of the system on your internal network that you want to run a gnutella client on.
Then, restart your firewall and nat:
# ipnat -f /etc/ipnat.rules # ipf -A -Fa -f /etc/ipf.rules -E
After that, you should find that your gnutella client will report that it is no longer firewalled.
By the way, I use gtk-gnutella and heartily recommend it on unix platforms. You have to have at least version .92 to get all the cool features like swarming and ultrapeer support, though.
--phil 4/19/03