Firewalls

[Beckerist]

I apologize to all who have emailed me, and I have not responded. I was on vacation until today, and when I got on this morning noticed I had over 300 emails. It may take a while... The general question people are asking me is about firewalls. A firewall is a system set up on your internet server, either the server of a Local Area Network or your Internet Service Provider. Firewalls are generally used to prevent individuals from accessing areas of the internet deemed potentially unsafe, along with allowing for a greater security Limewire, at least with my experiences is not capable entirely of running behind many firewalls. I have found in recent trials that Xolox is capable of running behind at least 2 different kinds of firewalls. That right now is my only suggestion to all people having trouble running Limewire. Try Xolox, if that doesn't work for you, I will be working on a solution and will post it asap. Thanks for your patience!
Xolox

[BoyNamedSue]

Beckerist,

Indeed, XoloX connects through proxies/firewalls that support Socks 4, Socks4A and Socks5.

www.XoloX.nl

well xolox is great for downloading, but with "tiny firewall" i can't seem to get uploads to work, and yeah I got lots of good files. I read the firewall FAQ shtml and am still gomeless, is "push" not supported?

Quote:

Originally posted by Unregistered
well xolox is great for downloading, but with "tiny firewall" i can't seem to get uploads to work, and yeah I got lots of good files. I read the firewall FAQ shtml and am still gomeless, is "push" not supported?

OK i got it working now. . . I don't know how, but it's working LOL
<img src="http://desktop.kazaa.com/kmd1/en/HlpImg/delete.gif">

[lurker701]

This is a bit of a pet peeve of mine, so please bear with me ... however, the *best* sollution to connecting through a firewall is **knowing how to use your firewall software** This, of course, assumes that you are the one in control of your firewall, but in the case of home systems, that is indeed usually the case.

First off, if you *don't* control your firewall, which means you're probably logging in from work, or from a university, try changing the port gnutella is using in your settings. If you're using a windoze non-server machine that has a real internet address (rather than 10.0.x.x or 192.168.x.x), try ports 80,21,22,23,,407, and 113 (in that order of priority). These ports are rarely blocked by this type of firewall, and are rarely used for any purpose on non-server machines.

Second, if you're running only a single machine with a firewall on it, just allow connections to the ports gnutella is listening on.

But, I'm still seeing a *lot* of 192.168.xxx.xxx addies out there. Now, in some cases, these may be office clusters, but my guess is that in most cases, these people are either behind a linux box gateway using ipmasquerading or using a hardware router. In this case, you need to do two things:

1) Change the real ip address of your machine in your gnutella settings. Most (if not all) servents allow you to specify your real ip address. If you're on a cable modem or a dsl line and are connected most of the time, chances are that your ip address doesn't change, or if you are using dchp to get an addy, it doesn't change very often. For instance, my @home addy hasn't changed in almost a year.

2) After doing this, you need to *forward* the ports gnutella listens on from your gateway (either your linux box or your hardware router) to the machine you're running gnutella on. In linux, you do this by using ipmasqadm, or if you're running a newer kernel, ipchains. SEE THE DOCUMENTATION FOR THIS SOFTWARE FOR DETAILS (specifically the HOW-TO documents at www.linux.org). If you're using a hardware router, see the documentation for your specific router for instructions on how to do this.

Q: WHY SHOULD I BOTHER TO DO THIS?
A: Because "push" only marginally improves the connectivity of the gnutella network. If the push route is lost before the file transfer begins, or if the transfer is interrupted after the push route is lost, then connectivity to your files is lost. Push routes can be lost very easily and very quickly. The best way to improve the connectivity of gnutella, or any p2p application, is to allow it to interact directly with the internet, with real ip addresses.

Q: THE HOW-TO FOR IPMASQADM AND/OR IPCHAINS IS TOO COMPLICATED.
A: I won't tell you that if you don't know how to run your operating system that you have no business running it. I, too, was once a Linux newbie. I will, however, say that if you don't want to *learn* how to use Linux, you have no business running it. Knowing a little Linux is kind of like knowing a little Karate -- It may impress your friends, but it's a very dangerous thing to only know half-assed.

Q: ISN'T IT DANGEROUS TO CREATE THIS HOLE IN MY FIREWALL?
A: No. It's perfectly safe. I haven't heard of one instance of a cracker being able to exploit gnutella to gain access to peoples' computers. And if you're not running gnutella 24/7, there's still no danger, as any packets sent will just be rejected.

well, i bet alot of ppl don't read anything and just fly into it. . . :-)
but i've been hit with things like:

Source Quench
Destination Unreachable
Time Exceeded

i've OK-ed them

but i denied
ping and Router Solicitation

thanks for putting up with a newbie.