Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 41 replies
  • Subscribers 3 subscribers
  • Views 29787 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bit Torrent sync / firewall rules

crash893
okay im at my witts end here I thought i understood how the firewall works but i guess im not getting something


example from the log

01:58:12 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:12 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:19 Default DROP UDP 10.10.10.116 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=0:25:90:3c:2b:25 dstmac=0:1a:8c:12:86:a0
01:58:22 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:22 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:29 Default DROP UDP 10.10.10.116 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=0:25:90:3c:2b:25 dstmac=0:1a:8c:12:86:a0
01:58:32 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0


the rule i setup was

Internal (network)→ BT Sync* → any

*BT Sync  UDP 1:65535 → 42816

Its dropping all the packets 

any pointers?


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to dilandau
    Just noticed that the pic of your bittorrent(radeon) service shows port 6682 and all your logs show drops on port 6882.
    Hmm... That might have something to do with it not working. Doh! [:$]

    Thank you very much for your astute observation.
  • 0 in reply to bimmerdriver
    Hmm... That might have something to do with it not working. Doh! [:$]

    Thank you very much for your astute observation.
    Just following up that I can see the dnat rule is definitely working now. Thanks again.
  • 0 in reply to bimmerdriver
    Hi I installed BitTorrent Sync on my Ubuntu Linux Server.
    I am Using Sophos UTM 9 behind NAT with one dynamic IP.

    I can reach in the internal Network the BitTorrent Sync Website under the port 8888.

    Unter Linux I can see the used Ports:

    # sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

    tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      1164/btsync-daemon
    udp        0      0 0.0.0.0:1900            0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 0.0.0.0:8888            0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 127.0.0.1:37608         0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 0.0.0.0:3838            0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 192.168.1.35:56626      0.0.0.0:*                           1164/btsync-daemon



    I configured also a DNAT rule:
    see the Screenshots 
    Type: TCP/UDP
    Destination port: 8888
    Source port: 1:65535

    Type: TCP/UDP
    Destination port: 3000
    Source port: 1:65535


    TCPDUMP:
    planet-express:/home/login # tcpdump -i eth1 port 8888
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
    12:29:16.217532 IP 192.94.226.250.35774 > planet-express.ddi-tcp-1: S 3666057968:3666057968(0) win 8192 
    12:29:16.467731 IP 192.94.226.250.7054 > planet-express.ddi-tcp-1: S 2621955075:2621955075(0) win 8192 
    12:29:19.216744 IP 192.94.226.250.35774 > planet-express.ddi-tcp-1: S 3666057968:3666057968(0) win 8192 
    12:29:19.466240 IP 192.94.226.250.7054 > planet-express.ddi-tcp-1: S 2621955075:2621955075(0) win 8192 
    12:29:23.464632 IP 192.94.226.250.54425 > planet-express.ddi-tcp-1: S 2373450932:2373450932(0) win 8192 
    12:29:23.715739 IP 192.94.226.250.25706 > planet-express.ddi-tcp-1: S 3276150760:3276150760(0) win 8192 
    12:29:25.224937 IP 192.94.226.250.35774 > planet-express.ddi-tcp-1: S 3666057968:3666057968(0) win 8192 
    12:29:25.474791 IP 192.94.226.250.7054 > planet-express.ddi-tcp-1: S 2621955075:2621955075(0) win 8192 
    12:29:26.465150 IP 192.94.226.250.54425 > planet-express.ddi-tcp-1: S 2373450932:2373450932(0) win 8192 
    12:29:26.714844 IP 192.94.226.250.25706 > planet-express.ddi-tcp-1: S 3276150760:3276150760(0) win 8192 
    12:29:32.465582 IP 192.94.226.250.54425 > planet-express.ddi-tcp-1: S 2373450932:2373450932(0) win 8192 
    12:29:32.715190 IP 192.94.226.250.25706 > planet-express.ddi-tcp-1: S 3276150760:3276150760(0) win 8192 
    12:29:37.219835 IP 192.94.226.250.55538 > planet-express.ddi-tcp-1: S 517692139:517692139(0) win 8192 
    12:29:37.469944 IP 192.94.226.250.33390 > planet-express.ddi-tcp-1: S 390504261:390504261(0) win 8192 
    12:29:40.218694 IP 192.94.226.250.55538 > planet-express.ddi-tcp-1: S 517692139:517692139(0) win 8192 
    12:29:40.470110 IP 192.94.226.250.33390 > planet-express.ddi-tcp-1: S 390504261:390504261(0) win 8192 
    12:29:44.711644 IP 192.94.226.250.5208 > planet-express.ddi-tcp-1: S 3229589382:3229589382(0) win 8192 
    12:29:46.220108 IP 192.94.226.250.55538 > planet-express.ddi-tcp-1: S 517692139:517692139(0) win 8192 
    12:29:46.470115 IP 192.94.226.250.33390 > planet-express.ddi-tcp-1: S 390504261:390504261(0) win 8192 
    12:29:47.710096 IP 192.94.226.250.5208 > planet-express.ddi-tcp-1: S 3229589382:3229589382(0) win 8192 
    ^C
    20 packets captured
    20 packets received by filter
    0 packets dropped by kernel



    Live Firewall LOG:
    12:32:01  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:01  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:01  Default DROP  TCP 
    192.94.226.250  :  55897
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:01  Default DROP  TCP 
    192.94.226.250  :  33750
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:05  Packet filter rule #9  UDP 
    192.168.1.56  :  43611
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:1f[:D]0:55:1a:67  dstmac=0:c:29:6a:cd:aa
    12:32:07  Default DROP  TCP 
    192.94.226.250  :  55897
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:07  Default DROP  TCP 
    192.94.226.250  :  33750
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:07  Packet filter rule #9  UDP 
    192.168.1.56  :  43611
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:1f[:D]0:55:1a:67  dstmac=0:c:29:6a:cd:aa
    12:32:11  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:11  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:15  Packet filter rule #9  UDP 
    192.168.1.56  :  43611
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:1f[:D]0:55:1a:67  dstmac=0:c:29:6a:cd:aa
    12:32:16  Default DROP  TCP 
    192.94.226.250  :  19591
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:16  Default DROP  TCP 
    192.94.226.250  :  55383
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  43506
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  19591
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  21357
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  56901
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  55383
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:22  Default DROP  TCP 
    192.94.226.250  :  43506
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:22  Default DROP  TCP 
    192.94.226.250  :  21357
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:22  Default DROP  TCP 
    192.94.226.250  :  56901
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:25  Default DROP  TCP 
    192.94.226.250  :  19591
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:25  Default DROP  TCP 
    192.94.226.250  :  55383
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b


    and here is the Firewall LOG:
    2013:09:03-12:35:20 planet-express ulogd[4636]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="60006" initf="tun0" srcip="10.242.2.6" dstip="192.168.1.254" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="26059" dstport="4444" tcpflags="SYN" 
    2013:09:03-12:35:21 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:21 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:24 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="38577" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:24 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="9857" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:24 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:1f[:D]0:55:1a:67" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.56" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="43611" dstport="3000" 
    2013:09:03-12:35:27 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="38577" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:27 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="9857" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:27 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:1f[:D]0:55:1a:67" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.56" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="43611" dstport="3000" 
    2013:09:03-12:35:31 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:31 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:33 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="48" tos="0x00" prec="0x00" ttl="118" srcport="38577" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:33 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="48" tos="0x00" prec="0x00" ttl="118" srcport="9857" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:33 planet-express ulogd[4636]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="60006" initf="tun0" srcip="10.242.2.6" dstip="192.168.1.254" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="26063" dstport="4444" tcpflags="SYN" 
    2013:09:03-12:35:35 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:1f[:D]0:55:1a:67" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.56" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="43611" dstport="3000"