Yeah, all of the 50505 traffic from my internal ip is shown as blocked. I looked at my rules, and I don't see where they are being blocked. There is no specific block for that port. Here are my rules:
################################################################# # No restrictions on Inside Lan Interface for private network # Not needed unless you have Lan ################################################################# pass out quick on rl0 all pass in quick on rl0 all ################################################################# # No restrictions on Loopback Interface ################################################################# pass in quick on lo0 all pass out quick on lo0 all # Allow out access to my ISP's Domain name server. # xxx must be the IP address of your ISP's DNS. # Dup these lines if your ISP has more than one DNS server # Get the IP addresses from /etc/resolv.conf file pass out quick on vr0 proto tcp from any to 64.59.184.13 port = 53 flags S keep state pass out quick on vr0 proto udp from any to 64.59.184.13 port = 53 keep state pass out quick on vr0 proto tcp from any to 64.59.184.15 port = 53 flags S keep state pass out quick on vr0 proto udp from any to 64.59.184.15 port = 53 keep state # Allow out non-secure standard www function pass out quick on vr0 proto tcp from any to any port = 80 flags S keep state # Allow out secure www function https over TLS SSL pass out quick on vr0 proto tcp from any to any port = 443 flags S keep state # Allow out send & get email function pass out quick on vr0 proto tcp from any to any port = 110 flags S keep state pass out quick on vr0 proto tcp from any to any port = 25 flags S keep state # Allow out Time pass out quick on vr0 proto tcp from any to any port = 37 flags S keep state # Allow out nntp news pass out quick on vr0 proto tcp from any to any port = 119 flags S keep state # Allow out gateway & LAN users non-secure FTP pass out quick on vr0 proto tcp from any to any port = 21 flags S keep state # Allow out secure FTP, Telnet, and SCP # This function is using SSH (secure shell) pass out quick on vr0 proto tcp from any to any port = 22 flags S keep state # Allow out non-secure Telnet pass out quick on vr0 proto tcp from any to any port = 23 flags S keep state # Allow out FBSD CVSUP function pass out quick on vr0 proto tcp from any to any port = 5999 flags S keep state # Allow out ping to public Internet pass out quick on vr0 proto icmp from any to any icmp-type 8 keep state # Allow out whois for LAN PC to public Internet pass out quick on vr0 proto tcp from any to any port = 43 flags S keep state # For PPTP #pass in quick on vr0 proto tcp from any to any port = 1723 keep state pass in quick on vr0 proto 47 all pass out quick on vr0 proto tcp from any to any port = 1723 keep state pass out quick on vr0 proto 47 all # For Ares pass out quick on vr0 proto tcp from any to any port = 41939 keep state pass in quick on vr0 proto tcp from any to any port = 41939 keep state pass out quick on vr0 proto udp from any to any port = 41939 keep state pass in quick on vr0 proto udp from any to any port = 41939 keep state # For Azureus pass out quick on vr0 proto tcp from any to any port = 50505 Flags S keep state pass in quick on vr0 proto tcp from any to 192.168.0.254 port = 50505 flags S keep state pass out quick on vr0 proto udp from any to any port = 50505 keep state pass in quick on vr0 proto udp from any to 192.168.0.254 port = 50505 keep state #VPN Network pass out quick on tun0 all pass in quick on tun0 all # Block and log only the first occurrence of everything # else that's trying to get out. # This rule enforces the block all by default logic. block out log first quick on vr0 all # Block all inbound traffic from non-routable or reserved address spaces block in quick on vr0 from 192.168.0.0/16 to any #RFC 1918 private IP block in quick on vr0 from 172.16.0.0/12 to any #RFC 1918 private IP block in quick on vr0 from 10.0.0.0/8 to any #RFC 1918 private IP block in quick on vr0 from 127.0.0.0/8 to any #loopback block in quick on vr0 from 0.0.0.0/8 to any #loopback block in quick on vr0 from 169.254.0.0/16 to any #DHCP auto-config block in quick on vr0 from 192.0.2.0/24 to any #reserved for doc's block in quick on vr0 from 204.152.64.0/23 to any #Sun cluster interconnect block in quick on vr0 from 224.0.0.0/3 to any #Class D & E multicast # Block frags block in quick on vr0 all with frags # Block short tcp packets block in quick on vr0 proto tcp all with short # block source routed packets block in quick on vr0 all with opt lsrr block in quick on vr0 all with opt ssrr # Block nmap OS fingerprint attempts # Log first occurrence of these so I can get their IP address block in log first quick on vr0 proto tcp from any to any flags FUP # Block anything with special options block in quick on vr0 all with ipopts # Block public pings block in quick on vr0 proto icmp all icmp-type 8 # Block ident block return-rst in quick on vr0 proto tcp from any to any port = 113 # Block all Netbios service. 137=name, 138=datagram, 139=session # Netbios is MS/Windows sharing services. # Block MS/Windows hosts2 name server requests 81 block in log first quick on vr0 proto tcp/udp from any to any port = 137 block in log first quick on vr0 proto tcp/udp from any to any port = 138 block in log first quick on vr0 proto tcp/udp from any to any port = 139 block in log first quick on vr0 proto tcp/udp from any to any port = 81 # Allow traffic in from ISP's DHCP server. This rule must contain # the IP address of your ISP's DHCP server as it's the only # authorized source to send this packet type. Only necessary for # cable or DSL configurations. This rule is not needed for # 'user ppp' type connection to the public internet. # This is the same IP address you captured and # used in the outbound section. pass in quick on vr0 proto udp from 64.59.184.13 to any port = 68 keep state pass in quick on vr0 proto udp from 64.59.184.15 to any port = 68 keep state # Allow in standard www function because I have apache server pass in quick on vr0 proto tcp from any to any port = 80 flags S keep state # Allow VPN connection on UPD port 1194 pass in quick on vr0 proto udp from any to any port = 1194 keep state # Allow in non-secure Telnet session from public Internet # labeled non-secure because ID/PW passed over public internet as clear text. # Delete this sample group if you do not have telnet server enabled. #pass in quick on vr0 proto tcp from any to any port = 23 flags S keep state # Allow in secure FTP, Telnet, and SCP from public Internet # This function is using SSH (secure shell) pass in quick on vr0 proto tcp from any to any port = 22 flags S keep state # Block and log only first occurrence of all remaining traffic # coming into the firewall. The logging of only the first # occurrence stops an 'denial of service' attack targeted # at filling up your log file space. # This rule enforces the block all by default logic. block in log first quick on vr0 all On 6/9/06, Michael Grant <[EMAIL PROTECTED]> wrote:
if you look at the output of ipmon, do you see anything getting blocked? On 6/9/06, Trevor Osatchuk <[EMAIL PROTECTED]> wrote: > I have been trying to get Azures to work from behind my firewall. My details: > FreeBSD 6.1-RELEASE > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > options=8<VLAN_MTU> > inet6 fe80::250:baff:fe5c:c7b4%rl0 prefixlen 64 scopeid 0x1 > inet internalIP netmask 0xffffff00 broadcast 192.168.0.255 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > inet6 fe80::280:c8ff:fed3:3456%vr0 prefixlen 64 scopeid 0x2 > inet externalIP netmask 0xfffffc00 broadcast 255.255.255.255 > media: Ethernet autoselect (100baseTX <full-duplex>) > status: active > ipf: IP Filter: v4.1.8 (416) > Kernel: IP Filter: v4.1.8 > Running: yes > Log Flags: 0 = none set > Default: block all, Logging: available > Active list: 0 > Feature mask: 0x10a > ipnat -slv > mapped in 4753 out 3911 > added 270 expired 0 > no memory 0 bad nat 0 > inuse 6 > rules 8 > wilds 0 > table 0xbfbfec6c list 0xc1b09200 > List of active MAP/Redirect filters: > rdr vr0 0.0.0.0/0 port 50505 -> 192.168.0.254 port 50505 tcp > rdr vr0 0.0.0.0/0 port 50505 -> 192.168.0.254 port 50505 udp > rdr vr0 0.0.0.0/0 port 6667 -> 127.0.0.1 port 6999 tcp > map vr0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp > map vr0 0.0.0.0/0 -> 0.0.0.0/32 proxy port ftp ftp/tcp > map vr0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 40000:65000 > map vr0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 20000:30000 > map vr0 192.168.0.0/16 -> 0.0.0.0/32 > > Ok, I have Azureus using 50505 and I added these rules for ipf: > pass out quick on vr0 proto tcp from any to any port = 50505 Flags S keep state > pass in quick on vr0 proto tcp from any to any port = 50505 keep state > pass out quick on vr0 proto udp from any to any port = 50505 keep state > pass in quick on vr0 proto udp from any to any port = 50505 keep state > And these rules to ipnat: > rdr vr0 0.0.0.0/0 port 50505 -> 192.168.0.254 port 50505 tcp > rdr vr0 0.0.0.0/0 port 50505 -> 192.168.0.254 port 50505 udp > > Now the nat test works but I don't get any downloads and I don't see > how many seeds and/or peers there are. So, for a lark I added: > pass out quick on vr0 from 192.158.0.254 to any > pass in quick on vr0 from any to 192.158.0.254 > > Now, I expected to start getting transfers but no joy. I see how many > seeds and peers there are, but no transfer. I get the error: > Connection Error (NoRouteToHostException:No route to host) > I know, that is an Azureus error, why am I asking for help here? > Well, if I bypass the firewall, put my Azureus using box directly on > my internet connection, it works just fine. What do I need to try > next? > > Thanks, > > fybar > >
