Date: Fri, 28 Nov 2008 05:14:10 -0600 From: eculp@casasponti.net To: freebsd-questions@freebsd.org Subject: Re: pf or ipf rules to allow p2p Limewire through Message-ID: <20081128051410.17qwm4xctjy8w4sck@intranet.casasponti.net> In-Reply-To: <ggo9th$f0j$1@ger.gmane.org> References: <492E60A8.6080105@a1poweruser.com> <492F82D1.4020000@bah.homeip.net> <492F8E9B.5040805@a1poweruser.com> <492F95EB.8080308@bah.homeip.net> <492F9B68.8080407@a1poweruser.com> <ggo9th$f0j$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael Powell <nightrecon@verizon.net> escribi=F3: > Fbsd1 wrote: > [snip] >> The only way i can run limewire is >> to disable my firewall and that does not make me happy. > > This is simply not true. I have at one time or another run Limewire on > each of the three different firewalls. Currently for a little over > one year now it has been pf. The difference is just syntax. Why don't you send the rules or as you say "difference in syntax" that =20 are blocking limewire and p2p to the list for two reasons: 1. to quickly find how it is being blocked and remedy your problem. 2. Help an idiot like me block p2p. good luck, ed > >> I think the conclusion is that all 3 of the freebsd firewalls are unable >> to monitor packet exchange of p2p applications. These firewalls were >> designed before p2p applications were developed and their (p2p) inherent >> design is to defeat standard firewall designs. > > I really do not understand most of the above paragraph, it makes little > sense to me. Non sequitur. > > The OSI reference stack has 7 layers. These firewalls are simple packet > filtering firewalls and only reach Layer 4. The Application layer is > Layer 7, and these firewalls do not perform the deep packet inspection > or decoding required to filter at Layer 7. > > As far as reading the docs is concerned it should become apparent that > there are 3 modalities for configuring Limewire. In my situation I have > a FreeBSD server acting as a gateway with pf and DNS running. The UPnP > option is for a typical Windows user who may have a router device that > will assist a UPnP service to autoconfigure the Windows box. Proceed to > examining the second option, Manual Port Forward. I'll ignore the third > as it is "Do Nothing", which is useless. > > So on the Limewire "Advanced -> Firewall" config page enter a port > number, such as 6346 in both the "Listen on Port" and the "Manual Port > Forward" boxes. > > Then after your NAT rule in pf.conf enter something like the following: > > rdr on $ExtIF proto tcp from any to any port 6346 -> 192.168.10.2 port 634= 6 > > and a corresponding filter pass rule: > > pass in quick on $ExtIF inet proto tcp from any to 192.168.10.2 port =20 > 6346 keep state > > 192.168.10.2 is my desktop machine where I use Limewire. It works just fin= e. > > > -Mike > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.or= g" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081128051410.17qwm4xctjy8w4sck>