Bernt Hansson wrote:
Fbsd1 said the following on 2008-11-28 07:24:
Bernt Hansson wrote:
Fbsd1 said the following on 2008-11-27 09:56:
What pf or ipf firewall keep-state rules needed to allow p2p
application such as limewire through? Using same firewall rules as
in handbook example.
Put this in your /etc/ipnat.rules
rdr rl0 0.0.0.0/0 port port# -> internal-ip port port# tcp
rdr rl0 0.0.0.0/0 port port# -> internal-ip port port# udp
How about explaining just why this is going to allow p2p limewire work?
Read the handbook on ipfilter.
http://coombs.anu.edu.au/~avalon/
I think you are missing the fact that limewire does not use dedicated
port numbers. Every session uses different port numbers and the remote
computers come in on different hight port numbers.
Change port# to port range, then. Or you can skip the firewall.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
I checked the ipfilter online handbook and can not find anything about
rules for igmp packets, p2p or limewire. I know what a rdr statement
does but can not see how it can be applied to a p2p application which
does NOT use dedicated port numbers. The only way i can run limewire is
to disable my firewall and that does not make me happy.
I think the conclusion is that all 3 of the freebsd firewalls are unable
to monitor packet exchange of p2p applications. These firewalls were
designed before p2p applications were developed and their (p2p) inherent
design is to defeat standard firewall designs.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"