From owner-freebsd-questions@FreeBSD.ORG Fri Nov 28 06:55:43 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B972B1065679 for ; Fri, 28 Nov 2008 06:55:43 +0000 (UTC) (envelope-from bernt@bah.homeip.net) Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se [82.182.32.53]) by mx1.freebsd.org (Postfix) with ESMTP id 3C6188FC20 for ; Fri, 28 Nov 2008 06:55:42 +0000 (UTC) (envelope-from bernt@bah.homeip.net) Received: from [80.217.86.51] (c80-217-86-51.bredband.comhem.se [80.217.86.51]) by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id mAS6tcbH055225; Fri, 28 Nov 2008 07:55:39 +0100 (CET) (envelope-from bernt@bah.homeip.net) Message-ID: <492F95EB.8080308@bah.homeip.net> Date: Fri, 28 Nov 2008 07:55:39 +0100 From: Bernt Hansson User-Agent: slrn/1.0.5 (FreeBSD) MIME-Version: 1.0 To: Fbsd1 References: <492E60A8.6080105@a1poweruser.com> <492F82D1.4020000@bah.homeip.net> <492F8E9B.5040805@a1poweruser.com> In-Reply-To: <492F8E9B.5040805@a1poweruser.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: pf or ipf rules to allow p2p Limewire through X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Nov 2008 06:55:43 -0000 Fbsd1 said the following on 2008-11-28 07:24: > Bernt Hansson wrote: >> Fbsd1 said the following on 2008-11-27 09:56: >>> What pf or ipf firewall keep-state rules needed to allow p2p >>> application such as limewire through? Using same firewall rules as in >>> handbook example. >> >> Put this in your /etc/ipnat.rules >> >> rdr rl0 0.0.0.0/0 port port# -> internal-ip port port# tcp >> rdr rl0 0.0.0.0/0 port port# -> internal-ip port port# udp >> >> >> >> > > > How about explaining just why this is going to allow p2p limewire work? Read the handbook on ipfilter. http://coombs.anu.edu.au/~avalon/ > I think you are missing the fact that limewire does not use dedicated > port numbers. Every session uses different port numbers and the remote > computers come in on different hight port numbers. Change port# to port range, then. Or you can skip the firewall.