pf or ipf rules to allow p2p Limewire through

eculp at casasponti.net eculp at casasponti.net
Fri Nov 28 03:14:18 PST 2008


Michael Powell <nightrecon at verizon.net> escribió:

> Fbsd1 wrote:
> [snip]
>> The only way i can run limewire is
>> to disable my firewall and that does not make me happy.
>
> This is simply not true. I have at one time or another run Limewire on
> each of the three different firewalls. Currently for a little over
> one year now it has been pf. The difference is just syntax.

Why don't you send the rules or as you say "difference in syntax" that  
are blocking limewire and p2p to the list for two reasons:
   1. to quickly find how it is being blocked and remedy your problem.
   2. Help an idiot like me block p2p.

good luck,

ed

>
>> I think the conclusion is that all 3 of the freebsd firewalls are unable
>> to monitor packet exchange of p2p applications. These firewalls were
>> designed before p2p applications were developed and their (p2p) inherent
>> design is to defeat standard firewall designs.
>
> I really do not understand most of the above paragraph, it makes little
> sense to me. Non sequitur.
>
> The OSI reference stack has 7 layers. These firewalls are simple packet
> filtering firewalls and only reach Layer 4. The Application layer is
> Layer 7, and these firewalls do not perform the deep packet inspection
> or decoding required to filter at Layer 7.
>
> As far as reading the docs is concerned it should become apparent that
> there are 3 modalities for configuring Limewire. In my situation I have
> a FreeBSD server acting as a gateway with pf and DNS running. The UPnP
> option is for a typical Windows user who may have a router device that
> will assist a UPnP service to autoconfigure the Windows box. Proceed to
> examining the second option, Manual Port Forward. I'll ignore the third
> as it is "Do Nothing", which is useless.
>
> So on the Limewire "Advanced -> Firewall" config page enter a port
> number, such as 6346 in both the "Listen on Port" and the "Manual Port
> Forward" boxes.
>
> Then after your NAT rule in pf.conf enter something like the following:
>
> rdr on $ExtIF proto tcp from any to any port 6346 -> 192.168.10.2 port 6346
>
> and a corresponding filter pass rule:
>
> pass in quick on $ExtIF inet proto tcp from any to 192.168.10.2 port  
> 6346 keep state
>
> 192.168.10.2 is my desktop machine where I use Limewire. It works just fine.
>
>
> -Mike
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>



More information about the freebsd-questions mailing list