ipfw+torrent
Hi, before I begin write my problem, sorry for my english(if anyone speak russian it would be good). So, here is I want to install on my gw/router FreeBSD 8.1 release in the next week. And in my home net I have torrent clients, how can I do speed limiting for only torrent connections. I'll use ipfw firewall and nat. Best reagrds, Abzal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
IPFW torrent
Hello, I can't seem to get my torrent client working, when ipfw is up. This rules i use in my script for the torrent client (ktorrent) # Sta ktorrent toe naar buiten. $cmd 00283 allow tcp from any to any 50427 out via $pif setup keep-state $cmd 00284 allow udp from any to any 50427 out via $pif keep-state $cmd 00285 allow udp from any to any 50428 out via $pif keep-state $cmd 00286 allow udp from any to any 50429 out via $pif keep-state In my router these ports are open too. I googled about this issue and found this rule .. but It doesn't look safe to me? Looks like everything is open? 520 allow tcp from any to any out keep-state Regards, Roy. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW torrent
In the last episode (Mar 10), Roy Stuivenberg said: I can't seem to get my torrent client working, when ipfw is up. This rules i use in my script for the torrent client (ktorrent) # Sta ktorrent toe naar buiten. $cmd 00283 allow tcp from any to any 50427 out via $pif setup keep-state $cmd 00284 allow udp from any to any 50427 out via $pif keep-state $cmd 00285 allow udp from any to any 50428 out via $pif keep-state $cmd 00286 allow udp from any to any 50429 out via $pif keep-state These rules apply to outgoing traffic to TCP/50427 and UDP/50427-50429 . Unless you can guarantee that all your peers are listening on those ports, those rules aren't going to do much good. ... Unless you're applying these rules on an intermediate router box, and $pif is your trusted network interface, in which case the rules look okay. A good way to troubleshoot firewall problems is to set the sysctl net.inet.ip.fw.verbose=1, add reset log ip from any to any rule to the bottom of your list, and run tail -f /var/log/security to watch for blocked packets. In my router these ports are open too. I googled about this issue and found this rule .. but It doesn't look safe to me? Looks like everything is open? 520 allow tcp from any to any out keep-state A rule like this is usually applied to the actual machine running ktorrent, so any outgoing traffic (and any replies to that traffic) is allowed. Alternatively, a rule like this could be applied to an intermediate router: allow ip from any to any in via $trusted_interface out via $external_interface keep-state -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: IPFW torrent
On Tue, 10 Mar 2009 20:40:11 +0100 Roy Stuivenberg roys1...@gmail.com wrote: Hello, I can't seem to get my torrent client working, when ipfw is up. This rules i use in my script for the torrent client (ktorrent) Typically you need separate rules for incoming and outgoing connections, something like this add 1000 check-state add 1010 deny tcp from any to any in established # bittorrent tcp on 14353 add 10801 allow tcp from any to me 14353 keep-state # allow outgoing tcp add 5 allow tcp from any to any out keep-state BTW if you use p2p a lot then eventually you'll probably want to do upload prioritisation, and that's a lot easier with pf+altq. I switched from ipfw to pf a long time ago, and I wouldn't want to go back. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
