On Mon, 10 Jan 2005 21:08:15 +0100, mika <mikata at gmail dot com> wrote:
> Hi guys, i am just frustrated right now. I got the default LAN -> any
> rule allow on LAN Interface. I Set up Port 3724, 6112 and range 6881 -
> 6999 to my PC for using Blizzard Downloader (WoW Beta). Thats all! I
> use T-Online PPPoE DSL internet access.
> But there are strange Log Entries:
> 21:03:53.197841 LAN 192.168.0.20, port 4578 217.95.232.X, port 6881
> 21:03:21.848277 LAN 192.168.0.20, port 3244 217.234.175.X, port 6881
I was able to replicate this, and afterwards found something in the
list archives from Manuel.
That partially explains it, it's missing the state table. Mine was
hitting the same rule mentioned in that post.
Why is it missing the state table, and why so frequently? A previous
post of mine explains why it's missing it, and it's so frequent
(relative to other traffic) because of the large number of TCP
connections that BitTorrent will use.
Specifically, this part of my post:
My guess is it's retransmitted and/or last packets not
hitting the state of the connection in process, as described in the
"Due to the often laggy nature of the Internet, sometimes packets will
be regenerated. Sometimes, you'll get two copies of the same packet,
and your state rule which keeps track of sequence numbers will have
already seen this packet, so it will assume that the packet is part of
a different connection. Eventually this packet will run into a real
rule and have to be dealt with. You'll often see the last packet of a
session being closed get logged because the keep state code has
already torn down the connection before the last packet has had a
chance to make it to your firewall. This is normal, do not be
If you've enabled traffic shaping, it will intentionally slow down BT
traffic. Otherwise the only explanation for the slow down is too many
downloaders and not enough uploaders on WoW.
As for the port 3724 -> 2406, I couldn't replicate that, but I'm sure
it's the same.