?
Solved

Can not connect to Kazaa from Local (Win2K) PC via Linux Server

Posted on 2003-03-25
23
Medium Priority
?
5,362 Views
Last Modified: 2010-08-05
Hi EVERYBODY,

I have a problem about Kazaa Connection. I'm using RedHat 8.0 linux as a server and i also have local network and local ip address is on eth1. And eth1's ip address is 10.1.1.1 . And my public ip address is on eth0.

When i try to open Kazaa from my local network PC ( i.e: 10.1.1.5) , it writes "Connecting" but it does not connect.
On the other hand, when i try "telnet 10.1.1.1 1214" from local network PC (10.1.1.5) , i have seen the message "Connecting To 10.1.1.1...Could not open a connection to host on port 1214 : Connect failed"

I have also checked the file "/etc/squid/squid.conf" and i have inserted the Kazaa port number 1214 into the file. But nothing has changed.

I am not very experienced about Linux, so it is hard to fix it.

What can the problem be? Is there anyone who has seen this problem before or any helpful wants to give advice about this?

Thanks anyway.
0
Comment
Question by:DPary
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 10
23 Comments
 
LVL 3

Expert Comment

by:marcelofr
ID: 8202372
You need to setup NAT for kazaa... as root:

iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 1214 -j MASQUERADE

(all in one line). That is, packets going out via eth0 with protocol tcp and destination port 1214 get masqueraded to the dinamic ip you get from your internet provider.

There are two versions of firewall rules on kernels 2.4: iptables and ipchains (the latter is older). Maybe RH8 is using ipchains by default. If the above command gives you an error, this can be the culprit. In this case you have to execute as root:

service ipchains stop
service iptables start
chkconfig --del ipchains
chkconfig --level 2345 iptables on

To make a more general rule, you can omit "-p tcp --dport 1214" and you'll get whatever traffic destined for internet marsqueraded.

When you are happy with your config, you can make it permanent with: "service iptables save"

hope this helps

--
Marcelo
0
 

Author Comment

by:DPary
ID: 8203823
Dear Marcelo

First of all, thank you for your answer to my question.

I have setup NAT by the command line that you wrote;
iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 1214 -j MASQUERADE
And the command didn't give any error. But Kazaa still can not connect. It still writes "Connecting..."
I have tried several times by changing the Kazaa firewall settings, but did not successful.
Should i still try below commands;

service ipchains stop
service iptables start
chkconfig --del ipchains
chkconfig --level 2345 iptables on

Thank you for your help again.

0
 

Author Comment

by:DPary
ID: 8203837
Dear Marcelo

First of all, thank you for your answer to my question.

I have setup NAT by the command line that you wrote;
iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 1214 -j MASQUERADE
And the command didn't give any error. But Kazaa still can not connect. It still writes "Connecting..."
I have tried several times by changing the Kazaa firewall settings, but did not successful.
Should i still try below commands;

service ipchains stop
service iptables start
chkconfig --del ipchains
chkconfig --level 2345 iptables on

Thank you for your help again.
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 1

Expert Comment

by:vlat
ID: 8212522
Hello DParty. I'm not an RH8.0 expert (prefer Debian), but try to do
--
echo 1 > /proc/sys/net/ipv4/ip_forward
--
after you wrote the things what marcelofr said.
0
 

Author Comment

by:DPary
ID: 8216267
I have done what you said, but nothing happened. I still can not connect.
0
 
LVL 1

Expert Comment

by:vlat
ID: 8216715
ok, let's do it another way

-----
iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 1214
-j DNAT --to-destination local.ip.on.machine.with.kaaza:1214

echo 1 > /proc/sys/net/ipv4/ip_forward
----

-i ppp0 is only applicable if you're using ppp interface to connect to internet. In other case substitute it with interface you need.
0
 
LVL 1

Expert Comment

by:vlat
ID: 8216726
This little thing will drop all packets coming to your internet IP to you local machine with kaazaa.

But you're still need to send packets to kaaza servers, so
you still need
iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 1214 -j MASQUERADE.
0
 

Author Comment

by:DPary
ID: 8216837
Hi again, thank you very much for your effort.
I have two ethernet cards on Linux Server. One is for Public Connection to outside, it is on eth0. Other one is for local network, it is on eth1. My server's local ip address is like 10.1.1.1, and the computer which i want to connect to Kazaa is 10.1.1.11
I have written below lines but it is still the same.

iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 1214
-j DNAT --to 10.1.1.1:1214

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 1214 -j MASQUERADE

I have chance the queue, then wrote below lines, it is same again.
iptables -t nat -I POSTROUTING -o eth0 -p tcp --dport 1214 -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 1214
-j DNAT --to 10.1.1.1:1214

Am i doing something wrong?


0
 
LVL 1

Expert Comment

by:vlat
ID: 8216942
Let's do it most simple way than :)

iptables -F

iptables -t nat -F

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1214
-j DNAT --to-destination 10.1.1.1:1214

echo 1 > /proc/sys/net/ipv4/ip_forward

now it must work



0
 
LVL 1

Accepted Solution

by:
vlat earned 105 total points
ID: 8216947
Damn! Sorry, i mistyped a letter :)

iptables -F

iptables -t nat -F

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1214
-j DNAT --to-destination 10.1.1.11:1214

echo 1 > /proc/sys/net/ipv4/ip_forward

0
 

Author Comment

by:DPary
ID: 8217018
Dear VLAT,
Sorry for taking your time.
It didn't work again. i think there is another problem. i will be mad because of this problem...:)

Anyway i will give you some points because of your great effort and help.
0
 
LVL 1

Expert Comment

by:vlat
ID: 8217109
DParty thank you a lot.

I just downladed the Kaaza to examine it here, and it seems it can use low ports (80 for exmaple). Options->Firewall->Incoming ports->Use 80 for alternative for incoming connections. I can suggest to trying it.
0
 

Author Comment

by:DPary
ID: 8217282
my pleasure.
i have also downloaded the last version of Kazaa and install and try it again, but still same.
Actually your suggestion about incoming port can be true but my main problem is i can not connect to the server(10.1.1.1) from my PC(10.1.1.11) by telnet. So Kazaa can not connect. The problem is between my PC and server. Other services like http, ssh, smtp,pop3 are working normally but Kazaa do not work :(
Anyway, i have given you an headache again.
Thanks again for your comments.
0
 

Author Comment

by:DPary
ID: 8217316
actually when i write iptables -L then enter, i saw below lines

Chain INPUT (policy ACCEPT)
target     prot opt source             destination        

Chain FORWARD (policy ACCEPT)
target     prot opt source             destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source             destination

This is just an additional information.
Thanks
0
 
LVL 1

Expert Comment

by:vlat
ID: 8217416
You need to write iptables -t nat -L ,becose you added rules in NAT chain.

telnet 10.1.1.1 1214 won't work becose there's no service listening on 1214 port of your server. In other words that port is empty. Instead you should try to do telnet <some kaaza server>:1214 , this may work. You wrote about squid.
Squid is only caching proxy, and works only with HTTP and FTP protocols (okay, okay, there's some dirty hack that allows it to work with SMTP and POP), but nothing more. You tell him to grab some file from http://something.com/somethin, squid does it, and forwards downloaded stuff to you. iptables NAT does absolutely some thing, but for everything else. I have a crazy thought...Maybe you're using ONLY squid ? Please check  network settings of your windows machine, does Gateway field contains something? If no, please write 10.1.1.1 there and do the thing i said earlier (iptables).

0
 

Author Comment

by:DPary
ID: 8217559
I have written "iptables -t nat -L" and seen below lines;

Chain PREROUTING (policy ACCEPT)
target     prot opt source             destination        
DNAT       tcp  --  anywhere      anywhere                tcp dpt:1214 to:10.1.1.11:1214

Chain POSTROUTING (policy ACCEPT)
target     prot opt source             destination        
MASQUERADE  all  --  anywhere     anywhere          

Chain OUTPUT (policy ACCEPT)
target     prot opt source             destination

May be yes, i'm using only squid. but i don't know this. I have checked the gateway field, and seen that the field is empty in my windows machine. i have written 10.1.1.1 to there and do the same things for iptables. Guess what happened then?... :)

... Nooo, nothing has changed... :(
I'm getting mad and mad.
0
 
LVL 1

Expert Comment

by:vlat
ID: 8217628
Hmm...things are turning more interesting.
The problem is that what i said before working in 99% of all cases. Interesting....could you do
ifconfig
command on you RH box and post results here ?

0
 
LVL 1

Expert Comment

by:vlat
ID: 8217719
Hmm...things are turning more interesting.
The problem is that what i said before working in 99% of all cases. Interesting....could you do
ifconfig
command on you RH box and post results here ?

0
 

Author Comment

by:DPary
ID: 8217728
the lines after "ifconfig" command is below;

eth0      Link encap:Ethernet  HWaddr 00:01:02:AB:67:1B  
          inet addr:195.174.XX.XX Bcast:255.255.255.255  Mask:255.255.240.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21408366 errors:2 dropped:0 overruns:1 frame:2
          TX packets:1557691 errors:0 dropped:0 overruns:0 carrier:0
          collisions:11239 txqueuelen:100
          RX bytes:2049436049 (1954.4 Mb)  TX bytes:691318631 (659.2 Mb)
          Interrupt:11 Base address:0xe800

eth1      Link encap:Ethernet  HWaddr 00:04:AC:66:35:4A  
          inet addr:10.1.1.1  Bcast:10.1.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1616557 errors:0 dropped:0 overruns:15 frame:770
          TX packets:1393698 errors:0 dropped:0 overruns:46 carrier:0
          collisions:57269 txqueuelen:100
          RX bytes:388457835 (370.4 Mb)  TX bytes:1000830370 (954.4 Mb)
          Interrupt:5 Base address:0xa000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4380 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4380 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1259989 (1.2 Mb)  TX bytes:1259989 (1.2 Mb)


Sorry for putting "XX" into inet addr at eth0. This is not because of my low trust. because of my own principles.:)
0
 
LVL 1

Expert Comment

by:vlat
ID: 8217807
No problem for XX, in your case I should write XXX.XXX.XXX.XXX, becose big brother is watching us! :))

Everything seems ok, but doesn't working. Strange.

modprobe iptable_nat
iptables -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

Last chance :))

0
 
LVL 1

Expert Comment

by:vlat
ID: 8217817
Hmm...things are turning more interesting.
The problem is that what i said before working in 99% of all cases. Interesting....could you do
ifconfig
command on you RH box and post results here ?

0
 
LVL 1

Expert Comment

by:vlat
ID: 8217822
What happening with this forum ? It posted my comment three times here ! :))))

0
 

Author Comment

by:DPary
ID: 8218029
I have tried the last one you sent, still same...:(

The problem is generally as follows i think; the server can not transfer some requests (like telnet) from public network adapter(eth0) to local network adapter(eth1). So there is a problem on routing the request from one card to another.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Fine Tune your automatic Updates for Ubuntu / Debian
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question