HOW TO: eMule behind ISA server (Full Version)

All Forums >> [ISA Server 2000 Misc.] >> Gaming


dci962 -> HOW TO: eMule behind ISA server (9.Aug.2004 12:22:00 PM)

The simplest (most likely) and the surest way... at least for Windows-based clients.

It looks like even some of the experienced ones in this forum are confused a bit. You need to implement FIREWALL CLIENT. There are many other applications/games that work only under Firewall Client anyway.

"... Firewall Client: This client is the most capable of all, because it has the unique ability to decide on a "per-application" basis how it will act and what information the application has to operate with. Additionally, it is the only client that is able to use secondary protocols. It's the need for secondary protocols that make the FWC necessary for apps like Instant Messaging, streaming media, FTP, etc.... " - From Tutorials ISA Clients Part 3: The Firewall Client -

Under Client Configuration > Firewall Client, Properties > Application Settings

Application: emule (name of the actual executable file without ".exe")
Key: ServerBindTcpPorts -- Value: 4662,4711 (4711 is optional for Web Control Panel)
Key: NameResolutionForLocalHost -- Value: E

* Some people say it should be P, but P means the internal IP address of ISA server. (L = IP addr of client computer, E = external IP addr of ISA server) This is to TELL the P2P network the IP address of your eMule client inside the LAN, which should be your INTERNET IP address.

Key: KillOldSession -- Value: 1 (optional)
Key: LocalBindUdpPorts -- DOES NOT WORK! So, don't bother. Instead...

Under Protocol Definitions, create a new definition

Name: eMule (UDP) <-- up to you
Port #: 4672
Protocol Type: UDP
Direction: Send
Secondary connections: 4672, UDP, Receive Send

You don't need to configure [you can't anyway] the Server Publishing Rules since the outbound connection will open the incoming connection. This is similar to Port Triggering of commercial routers like Linksys. Just let the client use the new protocol definition under Protocol Rules. [no need to add a new one if 'all IP traffic' is allowed]

Enable Kad network. The server status will now say 'Open' instead of 'Firewalled'. ['High ID' for eD2k]

- UPDATE Firewall Client on the local computer hosting eMule and RESTART the application once you make changes to Application Settings. Clicking 'Disconnect' and 'Connect' will NOT make it work!
- RESTART the Firewall service on ISA server, update Firewall Client, and restart the application once you make changes to others (protocol definitions, rules, etc.).

* You can apply this method to other P2P apps like Overnet, WinMX, etc. simply by substituting the port numbers.

PS: Since the above method does not specify any client IP address, you can "supposedly" run the same application on multiple computers in your LAN without changing the port numbers. I was not able to test it (I only have two computers at home), so let me know if anybody succeeds, please.

[ August 09, 2004, 04:04 PM: Message edited by: coldsweat ]

dci962 -> RE: HOW TO: eMule behind ISA server (11.Aug.2004 3:09:00 PM)

It turned out that Overnet does NOT initiate the outbound UDP connection thru the port specified in the app. Since you can't use the above 'port triggering' method for the UDP connection, you need to create a Server Publishing Rule.

Protocol Definition
Name: Overnet (UDP)
Port #: 4665 (or whatever assigned in the app)
Protocol type: UDP
Direction: Receive Send

Create a Server Publishing Rule with the above protocol definition and point it to the client computer.

* WinMX works fine with the method described in the original post.

* KaZaA Lite does not use an executable file, so you need to create Server Publishing Rules for both TCP (inbound) and UDP (receive send) connections. [One for each. The TCP-primary-UDP-secondary definition does not work for some reason. The port-triggering method doesn't, either.]

It is strongly recommended to use Firewall Client whenever possible because it will let the winsock apps create random outbound connections that can't be configured by users, and because it does not open the ports unless the apps are actually running. The Server Publishing becomes quite vulnerable especially when you know what ports to look. Use it as the last resort.

When in doubt, with other P2P apps as well, use NETSTAT in the command prompt on the ISA server.

C:\>netstat -anp tcp
C:\>netstat -anp udp

You will be able to see something like,

TCP Listening
UDP *:*

when you run the apps. If the ports are open thru the Server Publishing Rules, you'll see the external IP address instead of

[ August 12, 2004, 02:50 AM: Message edited by: coldsweat ]

Guest -> RE: HOW TO: eMule behind ISA server (12.Sep.2004 2:21:00 AM)

dude you suck i did the above and it didnt work

PedroFerreira -> RE: HOW TO: eMule behind ISA server (13.Sep.2004 3:45:00 PM)

Why are you so rude? People are trying to help and is that only you can say? [Confused]

Lmaslany -> RE: HOW TO: eMule behind ISA server (4.Oct.2004 1:20:00 AM)

Just wanted to say thanks - it took me a while to find the post but my copy of Overnet seems happy enough now!

dragoonvictor -> RE: HOW TO: eMule behind ISA server (13.Mar.2005 5:25:00 AM)

Hi,I'vd tried with your way ,but it doesn't ,is there any debug procedure working?

Guest -> RE: HOW TO: eMule behind ISA server (7.Apr.2005 10:55:00 AM)

I tried all methods described in the original message, but without success.
I've WXP w/sp2 and eMule, but at the TCP port testing, the emule site says "Test Failed"...

Any suggestions?

Thanks, Dduck

Osni -> RE: HOW TO: eMule behind ISA server (11.Apr.2005 7:54:00 PM)

Dont work for me. I am behind a ISA server firewall.
I tried everything, but, no success.
any idea ?


cola4ever -> RE: HOW TO: eMule behind ISA server (18.Apr.2005 12:07:00 PM)

How should the router be configured, meaning; to what IP should the ports be forwarded on the router and how about gateway settings, is it wise to use the isa server address instead of the router address?

[ April 18, 2005, 12:52 PM: Message edited by: cola4ever ]

Rickymag -> RE: HOW TO: eMule behind ISA server (21.Apr.2005 9:44:00 PM)

Please note we do not encourage file sharing on this forum and this post is only for educational purposes.

File sharing is a risk and by having it enabled on a network can potentially lead to loss of data as viruses and other Trojans may creep in, Fortunately for the people on this forum ISA is being used so the likely hood of the Trojan being effective is slight however! you punch hole through your ISA for file sharing and if there is a cleaver hacker cracker out there that wants to exploit this behavior there may be trouble...

Just though I would share this with you.


jucabe -> RE: HOW TO: eMule behind ISA server (30.May2005 10:43:00 AM)

Hi Imm interested in emule behind isa server but just for my computer. How can a I make a special rule for my computer? or enable these rule just for my computer....

Sorry for my english... im from Panam Country (central America)

Rickymag -> RE: HOW TO: eMule behind ISA server (16.Jun.2005 4:48:00 PM)

You can use a rule that specifies your computers IP through for the port and application you would like to let through.


Guest -> RE: HOW TO: eMule behind ISA server (29.Jun.2005 5:14:00 AM)

How do I enable emule on the ISA server (under W2K)? I could get it to work on a laptop connected to the network (thanks to this forum!), but now I want to install emule on the ISA server itself so i can download during the weekend and after business hours?

Page: [1]