eMule firewall config - iptables forward rules

To publicize tcp://10.8.0.2:24662 and udp://10.8.0.2:24672 from your OpenVPN client running eMule, you can use port forwarding through iptables to map those ports on the VPS’s WAN interface (enp1s0) to the OpenVPN client’s IP (10.8.0.2). Here’s how to set it up:

1. Forward TCP Port 24662:

   Run this command to forward TCP traffic on enp1s0 (VPS WAN interface) at port 24662 to the OpenVPN client (10.8.0.2):

   sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 24662 -j DNAT --to-destination 10.8.0.2:24662
   

2. Forward UDP Port 24672:

   Run this command to forward UDP traffic on enp1s0 at port 24672 to the OpenVPN client (10.8.0.2):

   sudo iptables -t nat -A PREROUTING -i enp1s0 -p udp --dport 24672 -j DNAT --to-destination 10.8.0.2:24672
   

3. Enable IP Forwarding:

   Ensure that IP forwarding is enabled on your VPS by checking the /proc/sys/net/ipv4/ip_forward value:

   sudo sysctl -w net.ipv4.ip_forward=1
   

   To make this permanent, add or update the following line in /etc/sysctl.conf:

   net.ipv4.ip_forward = 1
   

4. Configure MASQUERADE for Outbound Traffic:

   Add a MASQUERADE rule to handle the outbound traffic from the OpenVPN network:

   sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp1s0 -j MASQUERADE
   

These steps will forward external requests on ports 24662 (TCP) and 24672 (UDP) to your OpenVPN client (10.8.0.2), making the eMule service accessible publicly via x.x.x.x:24662 (TCP) and x.x.x.x:24672 (UDP).

To verify, you can check the iptables rules:

sudo iptables -t nat -L -v -n

sudo ufw allow 24662/tcp
sudo ufw allow 24672/udp

You can remove uncessary iptables rules: Remove a rule from iptables

Test connection

Allow TCP/UDP inbound/outbound traffic:

sudo ufw allow 10647/tcp
sudo ufw allow 10523/udp

sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 34662 -j DNAT --to-destination 10.8.0.6:34662
sudo iptables -t nat -A PREROUTING -i enp1s0 -p udp --dport 34672 -j DNAT --to-destination 10.8.0.6:34672

Remove redundant iptables rules:

sudo iptables -t nat -L PREROUTING --line-numbers -v -n
sudo iptables -t nat -D PREROUTING 4

sudo iptables -t nat -L POSTROUTING --line-numbers -v -n
sudo iptables -t nat -D POSTROUTING 2

$ sudo iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
79 4390 DNAT tcp – enp1s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:24662 to:10.8.0.2:24662
6986 538K DNAT udp – enp1s0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:24672 to:10.8.0.2:24672
10 568 DNAT tcp – enp1s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10647 to:10.8.0.4:10647
339 26148 DNAT udp – enp1s0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:10523 to:10.8.0.4:10523

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
26591 3302K MASQUERADE all – * enp1s0 10.8.0.0/24 0.0.0.0/0

sudo iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 2121 -j DNAT --to-destination 10.8.0.4:21

sudo ufw allow 2121/tcp

sudo ufw allow 51820/udp # wireguard

Uninstall WireGuard

sudo ip link set wg0 down
sudo ip link delete wg0

https://www.abuseipdb.com/check/222.142.102.36

sudo ufw deny from 222.142.102.36
sudo ufw deny from 125.43.76.252

sudo iptables -A INPUT -s 125.43.76.252 -j DROP

sudo iptables -L ufw-user-input --line-numbers

sudo iptables -D ufw-user-input 10

sudo iptables -I ufw-user-input 1 -s 222.142.102.36/32 -j DROP
sudo iptables -I ufw-user-input 2 -s 125.43.76.252/32 -j DROP

Make rules permanent

sudo apt-get install iptables-persistent
sudo netfilter-persistent save