Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 41 replies
  • Subscribers 3 subscribers
  • Views 29797 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bit Torrent sync / firewall rules

crash893
okay im at my witts end here I thought i understood how the firewall works but i guess im not getting something


example from the log

01:58:12 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:12 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:19 Default DROP UDP 10.10.10.116 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=0:25:90:3c:2b:25 dstmac=0:1a:8c:12:86:a0
01:58:22 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:22 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0
01:58:29 Default DROP UDP 10.10.10.116 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=0:25:90:3c:2b:25 dstmac=0:1a:8c:12:86:a0
01:58:32 Default DROP UDP 10.10.10.194 : 42816 → 54.225.100.8 : 3000 len=125 ttl=127 tos=0x00 srcmac=2c:41:38:11:87:c3 dstmac=0:1a:8c:12:86:a0


the rule i setup was

Internal (network)→ BT Sync* → any

*BT Sync  UDP 1:65535 → 42816

Its dropping all the packets 

any pointers?


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to bimmerdriver
    Hi I installed BitTorrent Sync on my Ubuntu Linux Server.
    I am Using Sophos UTM 9 behind NAT with one dynamic IP.

    I can reach in the internal Network the BitTorrent Sync Website under the port 8888.

    Unter Linux I can see the used Ports:

    # sudo netstat -tulpn
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

    tcp        0      0 0.0.0.0:8888            0.0.0.0:*               LISTEN      1164/btsync-daemon
    udp        0      0 0.0.0.0:1900            0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 0.0.0.0:8888            0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 127.0.0.1:37608         0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 0.0.0.0:3838            0.0.0.0:*                           1164/btsync-daemon
    udp        0      0 192.168.1.35:56626      0.0.0.0:*                           1164/btsync-daemon



    I configured also a DNAT rule:
    see the Screenshots 
    Type: TCP/UDP
    Destination port: 8888
    Source port: 1:65535

    Type: TCP/UDP
    Destination port: 3000
    Source port: 1:65535


    TCPDUMP:
    planet-express:/home/login # tcpdump -i eth1 port 8888
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
    12:29:16.217532 IP 192.94.226.250.35774 > planet-express.ddi-tcp-1: S 3666057968:3666057968(0) win 8192 
    12:29:16.467731 IP 192.94.226.250.7054 > planet-express.ddi-tcp-1: S 2621955075:2621955075(0) win 8192 
    12:29:19.216744 IP 192.94.226.250.35774 > planet-express.ddi-tcp-1: S 3666057968:3666057968(0) win 8192 
    12:29:19.466240 IP 192.94.226.250.7054 > planet-express.ddi-tcp-1: S 2621955075:2621955075(0) win 8192 
    12:29:23.464632 IP 192.94.226.250.54425 > planet-express.ddi-tcp-1: S 2373450932:2373450932(0) win 8192 
    12:29:23.715739 IP 192.94.226.250.25706 > planet-express.ddi-tcp-1: S 3276150760:3276150760(0) win 8192 
    12:29:25.224937 IP 192.94.226.250.35774 > planet-express.ddi-tcp-1: S 3666057968:3666057968(0) win 8192 
    12:29:25.474791 IP 192.94.226.250.7054 > planet-express.ddi-tcp-1: S 2621955075:2621955075(0) win 8192 
    12:29:26.465150 IP 192.94.226.250.54425 > planet-express.ddi-tcp-1: S 2373450932:2373450932(0) win 8192 
    12:29:26.714844 IP 192.94.226.250.25706 > planet-express.ddi-tcp-1: S 3276150760:3276150760(0) win 8192 
    12:29:32.465582 IP 192.94.226.250.54425 > planet-express.ddi-tcp-1: S 2373450932:2373450932(0) win 8192 
    12:29:32.715190 IP 192.94.226.250.25706 > planet-express.ddi-tcp-1: S 3276150760:3276150760(0) win 8192 
    12:29:37.219835 IP 192.94.226.250.55538 > planet-express.ddi-tcp-1: S 517692139:517692139(0) win 8192 
    12:29:37.469944 IP 192.94.226.250.33390 > planet-express.ddi-tcp-1: S 390504261:390504261(0) win 8192 
    12:29:40.218694 IP 192.94.226.250.55538 > planet-express.ddi-tcp-1: S 517692139:517692139(0) win 8192 
    12:29:40.470110 IP 192.94.226.250.33390 > planet-express.ddi-tcp-1: S 390504261:390504261(0) win 8192 
    12:29:44.711644 IP 192.94.226.250.5208 > planet-express.ddi-tcp-1: S 3229589382:3229589382(0) win 8192 
    12:29:46.220108 IP 192.94.226.250.55538 > planet-express.ddi-tcp-1: S 517692139:517692139(0) win 8192 
    12:29:46.470115 IP 192.94.226.250.33390 > planet-express.ddi-tcp-1: S 390504261:390504261(0) win 8192 
    12:29:47.710096 IP 192.94.226.250.5208 > planet-express.ddi-tcp-1: S 3229589382:3229589382(0) win 8192 
    ^C
    20 packets captured
    20 packets received by filter
    0 packets dropped by kernel



    Live Firewall LOG:
    12:32:01  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:01  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:01  Default DROP  TCP 
    192.94.226.250  :  55897
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:01  Default DROP  TCP 
    192.94.226.250  :  33750
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:05  Packet filter rule #9  UDP 
    192.168.1.56  :  43611
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:1f[:D]0:55:1a:67  dstmac=0:c:29:6a:cd:aa
    12:32:07  Default DROP  TCP 
    192.94.226.250  :  55897
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:07  Default DROP  TCP 
    192.94.226.250  :  33750
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:07  Packet filter rule #9  UDP 
    192.168.1.56  :  43611
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:1f[:D]0:55:1a:67  dstmac=0:c:29:6a:cd:aa
    12:32:11  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:11  Packet filter rule #9  UDP 
    192.168.1.35  :  8888
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:c:29:f8[:D]1:93  dstmac=0:c:29:6a:cd:aa
    12:32:15  Packet filter rule #9  UDP 
    192.168.1.56  :  43611
    → 
    54.225.100.8  :  3000

    len=121  ttl=63  tos=0x00  srcmac=0:1f[:D]0:55:1a:67  dstmac=0:c:29:6a:cd:aa
    12:32:16  Default DROP  TCP 
    192.94.226.250  :  19591
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:16  Default DROP  TCP 
    192.94.226.250  :  55383
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  43506
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  19591
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  21357
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  56901
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:19  Default DROP  TCP 
    192.94.226.250  :  55383
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:22  Default DROP  TCP 
    192.94.226.250  :  43506
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:22  Default DROP  TCP 
    192.94.226.250  :  21357
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:22  Default DROP  TCP 
    192.94.226.250  :  56901
    → 
    192.168.0.200  :  8888

    [SYN]  len=52  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:25  Default DROP  TCP 
    192.94.226.250  :  19591
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b4
    12:32:25  Default DROP  TCP 
    192.94.226.250  :  55383
    → 
    192.168.0.200  :  8888

    [SYN]  len=48  ttl=118  tos=0x00  srcmac=8c:4:ff:aa:29:ad  dstmac=0:c:29:6a:cd:b


    and here is the Firewall LOG:
    2013:09:03-12:35:20 planet-express ulogd[4636]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="60006" initf="tun0" srcip="10.242.2.6" dstip="192.168.1.254" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="26059" dstport="4444" tcpflags="SYN" 
    2013:09:03-12:35:21 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:21 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:24 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="38577" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:24 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="9857" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:24 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:1f[:D]0:55:1a:67" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.56" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="43611" dstport="3000" 
    2013:09:03-12:35:27 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="38577" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:27 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="52" tos="0x00" prec="0x00" ttl="118" srcport="9857" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:27 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:1f[:D]0:55:1a:67" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.56" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="43611" dstport="3000" 
    2013:09:03-12:35:31 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:31 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:c:29:f8[:D]1:93" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.35" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="8888" dstport="3000" 
    2013:09:03-12:35:33 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="48" tos="0x00" prec="0x00" ttl="118" srcport="38577" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:33 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="8c:4:ff:aa:29:ad" dstmac="0:c:29:6a:cd:b4" srcip="192.94.226.250" dstip="192.168.0.200" proto="6" length="48" tos="0x00" prec="0x00" ttl="118" srcport="9857" dstport="8888" tcpflags="SYN" 
    2013:09:03-12:35:33 planet-express ulogd[4636]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="60006" initf="tun0" srcip="10.242.2.6" dstip="192.168.1.254" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="26063" dstport="4444" tcpflags="SYN" 
    2013:09:03-12:35:35 planet-express ulogd[4636]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="9" initf="eth0" outitf="eth1" srcmac="0:1f[:D]0:55:1a:67" dstmac="0:c:29:6a:cd:aa" srcip="192.168.1.56" dstip="54.225.100.8" proto="17" length="121" tos="0x00" prec="0x00" ttl="63" srcport="43611" dstport="3000"