[ previous ] [ next ] [ threads ]
 
 From:  mika <mikata at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Error: Outbound Blocking
 Date:  Tue, 11 Jan 2005 14:01:48 +0100 
> > Hi guys, i am just frustrated right now. I got the default LAN -> any
> > rule allow on LAN Interface. I Set up Port 3724, 6112 and range 6881 -
> > 6999 to my PC for using Blizzard Downloader (WoW Beta). Thats all! I
> > use T-Online PPPoE DSL internet access.
> >
> > But there are strange Log Entries:
> > 21:03:53.197841         LAN     192.168.0.20, port 4578         217.95.232.X, port 6881        
TCP
> > 21:03:21.848277         LAN     192.168.0.20, port 3244         217.234.175.X, port 6881       
TCP
> >
> 
> I was able to replicate this, and afterwards found something in the
> list archives from Manuel.
> http://m0n0.ch/wall/list/?action=show_msg&actionargs%5B%5D=77&actionargs%5B%5D=54
> 
> That partially explains it, it's missing the state table.  Mine was
> hitting the same rule mentioned in that post.
> 
> Why is it missing the state table, and why so frequently?  A previous
> post of mine explains why it's missing it, and it's so frequent
> (relative to other traffic) because of the large number of TCP
> connections that BitTorrent will use.
> http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=121&actionargs[]=25
> 
> Specifically, this part of my post:
> --
> My guess is it's retransmitted and/or last packets not
> hitting the state of the connection in process, as described in the
> ipfilter howto:
> "Due to the often laggy nature of the Internet, sometimes packets will
> be regenerated. Sometimes, you'll get two copies of the same packet,
> and your state rule which keeps track of sequence numbers will have
> already seen this packet, so it will assume that the packet is part of
> a different connection. Eventually this packet will run into a real
> rule and have to be dealt with. You'll often see the last packet of a
> session being closed get logged because the keep state code has
> already torn down the connection before the last packet has had a
> chance to make it to your firewall. This is normal, do not be
> alarmed."
> If you've enabled traffic shaping, it will intentionally slow down BT
> traffic.  Otherwise the only explanation for the slow down is too many
> downloaders and not enough uploaders on WoW.
> 
> As for the port 3724 -> 2406, I couldn't replicate that, but I'm sure
> it's the same.

Ah, yes I think I got it. Thank you very much for your effort!