RE: [m0n0wall] Problem with M0n0Wall and Hamachi

From:	"Andrew Batson" <abatson at twcny dot rr dot com>
To:	"'Christopher M. Iarocci'" <iarocci at eastendsc dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Problem with M0n0Wall and Hamachi
Date:	Sun, 18 Feb 2007 16:14:51 -0500
Hello Chris,

> -----Original Message-----
> From: Christopher M. Iarocci [mailto:iarocci at eastendsc dot com] 
> Sent: Sunday, February 18, 2007 3:48 PM
> To: Andrew Batson
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Problem with M0n0Wall and Hamachi
> 
> Andrew Batson wrote:
> > Hello,
> >
> > 	I am having a problem with MonoWall and Hamachi. When I 
> tried to 
> > host/join certain games, M0n0Wall blocks the attempt. I found the 
> > problem by setting M0n0Wall to display the firewall logs in 
> raw form. 
> > After reading on M0n0Wall web site, I found the following.
> >
> > 19.6.1. Reading raw IPFilter logs
> >
> > 	If all else fails and you need to determine exactly 
> which rule is 
> > dropping the traffic, go to status.php on your M0n0Wall to 
> the "last 
> > 50 filter log entries" section. Find the log line applying to the 
> > traffic in question, and make note of the rule number. The 
> rule number 
> > is denoted by an @ followed by a number, then a colon, then another 
> > number, for example @0:18. The 0 indicates the first group, 
> and the 18 
> > indicates rule number 18 in group 0.
> >
> > 	Then go up to the output of "ipfstat -nio" and find the rule in 
> > question. Anything without a group number at the end of the rule is 
> > the 0 group. @1:1 would indicate the first rule with "group 100" at 
> > the end of the rule. @2:1 would be the first rule with 
> "group 200" at 
> > the end of the rule, and so on. Finding the exact rule, since some 
> > rules are added by the back end of M0n0Wall and not visible on the 
> > rules page, may make troubleshooting easier.
> >
> >
> >
> > 	When I look at the raw fire wall logs, I see the 
> following every time 
> > I tried to host a game (lan via Hamachi) of Age of Empires III (it 
> > appears that Hamachi is blocking a broadcast that Age of 
> Empires needs 
> > to allow you to host/join games). Please note that the 
> > xxx.yyyy.zzzz.aaaa is the IP address of the Hamachi client 
> and I can 
> > play other games just fine via Hamachi, just certain ones 
> are failing 
> > - all the same way, the block broadcast.
> >
> > 		15:09:46.977823 3x em0 @0:12 b 
> xxx.yyyy.zzzz.aaaa,1409 ->
> > 255.255.255.255,2299 PR udp len 20 49 IN
> >
> > 	When I do a status.php request and goto the "ipfstat 
> -nio" section, I 
> > see the following:
> >
> > 		"@12 block in log quick on em0 from 
> !192.168.0.0/24 to any"
> >
> >
> > 	Question, how do I edit a rule I cannot see or find any 
> where in the 
> > web GUI of M0n0Wall. I would like to be able to host/join 
> games with 
> > my friends via Hamachi but right now it appears that there 
> are certain 
> > rule that are hard coded into M0n0Wall that I cannot edit/change?
> >
> >
> > Thanks for your help,
> > Andrew
> >   
> Put an allow rule in your rule set to allow the traffic.  The 
> default rules are processed after all of your rules.


	I tired this but M0n0Wall is still blocking the traffic. Any ideas
why? Note, I create the rule on the LAN interface but from the above, it
appears to that broadcast is inbound to the LAN interface. 

	Oh, here is the firewall rule I created as display by the "ipfstat
-nio" (note the xxx.yyy.zzz.aaa is the IP address of Hamachi client):

		@2 pass in log first quick proto udp from xxx.yyy.zzz.aaa/32
to 255.255.255.255/32 port = 2229 keep state group 100



Thanks for your help,
Andrew