From owner-freebsd-questions@FreeBSD.ORG Fri Nov 28 07:18:27 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEC33106564A for ; Fri, 28 Nov 2008 07:18:27 +0000 (UTC) (envelope-from fbsd1@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id D38A28FC08 for ; Fri, 28 Nov 2008 07:18:27 +0000 (UTC) (envelope-from fbsd1@a1poweruser.com) Received: from [10.0.10.6] ([202.69.174.141]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 27 Nov 2008 23:17:14 -0800 Message-ID: <492F9B68.8080407@a1poweruser.com> Date: Fri, 28 Nov 2008 15:19:04 +0800 From: Fbsd1 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Bernt Hansson References: <492E60A8.6080105@a1poweruser.com> <492F82D1.4020000@bah.homeip.net> <492F8E9B.5040805@a1poweruser.com> <492F95EB.8080308@bah.homeip.net> In-Reply-To: <492F95EB.8080308@bah.homeip.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 28 Nov 2008 07:17:15.0228 (UTC) FILETIME=[5705D9C0:01C95129] X-Sender: fbsd1@a1poweruser.com Cc: freebsd-questions@freebsd.org Subject: Re: pf or ipf rules to allow p2p Limewire through X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Nov 2008 07:18:28 -0000 Bernt Hansson wrote: > Fbsd1 said the following on 2008-11-28 07:24: >> Bernt Hansson wrote: >>> Fbsd1 said the following on 2008-11-27 09:56: >>>> What pf or ipf firewall keep-state rules needed to allow p2p >>>> application such as limewire through? Using same firewall rules as >>>> in handbook example. >>> >>> Put this in your /etc/ipnat.rules >>> >>> rdr rl0 0.0.0.0/0 port port# -> internal-ip port port# tcp >>> rdr rl0 0.0.0.0/0 port port# -> internal-ip port port# udp >>> >>> >>> >>> >> >> >> How about explaining just why this is going to allow p2p limewire work? > > Read the handbook on ipfilter. > http://coombs.anu.edu.au/~avalon/ > >> I think you are missing the fact that limewire does not use dedicated >> port numbers. Every session uses different port numbers and the remote >> computers come in on different hight port numbers. > > Change port# to port range, then. Or you can skip the firewall. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > I checked the ipfilter online handbook and can not find anything about rules for igmp packets, p2p or limewire. I know what a rdr statement does but can not see how it can be applied to a p2p application which does NOT use dedicated port numbers. The only way i can run limewire is to disable my firewall and that does not make me happy. I think the conclusion is that all 3 of the freebsd firewalls are unable to monitor packet exchange of p2p applications. These firewalls were designed before p2p applications were developed and their (p2p) inherent design is to defeat standard firewall designs.