[ Back | warped.org ]

Mini FAQ: Making uploading access possible with Gnutella with an IP MASQ firewall in Linux

[ Back to Index ]


One of the biggest problems facing file sharing communities like Gnutella and Napster these days is Leeches. Yes, the days old problem from the days of DOS BBSing, where one needs to upload (give) in order to download (get) files. Well as it is now, more people are taking than giving, and it's dragging the network, and the spirit of the network to its virtual knees. Please read This Article at Xerox Parc for an in depth break down.

So I for the life of me couldn't find an easy document on how to get my uploading working in Linux when my machine was being IP MASQ'd with IPChains.


  1. Dedicate a non-priority port on the firewall for each machine that wants to be connected, i.e. port 9800-9850
    1. First off IP Masquerading has to be working. See the HOWTO. (below)
    2. Download and install the ipmasqadm utility for IP Masquerading. This may be included in your Linux distrubution already. Look in /sbin and /usr/sbin. Othewise follow the link below and get it.
    3. Find the firewall file that starts the IP Masquerading and firewalling. If you run ADSL and the Roaring Penguin PPPoE Driver look in /etc/ppp/firewall-masq. If you run Mandrake or RedHat's default firewalling/MASQ setup look in /etc/rc.d/init.d/firewall. Otherwise the standard place is /etc/rc.d/rc.firewall.
    4. Add one line at the end of the file, per machine masqueraded on the internal network that wants an upload port. I have a dynamic IP, so my rc.firewall sets $extip earlier to the address i'm assigned.
      /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 9804 -R 9804
      /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip 9805 -R 9805

      $extip is the IP address of your gateway for the internet.

      • For Dynamic IP's try this:
        extip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
      • For Fixed IP's change the ppp0 to eth0.
    5. Re-run the firewall script . rc.firewall (note the first '.')
  2. Configure the clients to use these ports, and the External IP of the Firewall.
    1. LimeWire:
      Options -> Listening Port -> 9804
      Options -> Advanced -> Force IP
      Options -> Advanced -> Force to Address ->
      (your $extip)
      Options -> Advanced -> Force to Port -> 9804
      Turn on all the anti-FreeLoading features you can!
    2. Mail Me with more client setups
  3. Start Sharing!


Networking in Linux
  1. IP Masquerading HOWTO - See 6.8 - Port Forwading Tools
  2. Port Forwarding with Linux
  3. IPMasqAdm utility Home Page
  4. IP Masq Application Help Page - Napster
Gnutella Links
  1. LimeWire - My favorite Gnutella client. Support for MASQ, FreeLoad prevention, bandwith thresholds. Available on Solaris, Unix, Linux, Java, Mac, Mac X, Windows...
  2. Gnutelliums - A good site to get clients for all OS's (mac, pc, linux, etc), and a good background on what is Gnutella.

Thanks To

All the people who wrote all that software. ;-)
Please E-Mail Me with anything else you'ld like to find in this FAQ.

If this information helped you, consider exiting through your right. ©2000-2013 Max Baker
Sun Apr 27 22:32:32 2008 PST