aMule Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

We're back! (IN POG FORM)

Author Topic: firewall goes beserk on outbound events  (Read 6273 times)

The Wizzard

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 6
firewall goes beserk on outbound events
« on: May 19, 2006, 08:17:54 PM »

hi everyone,

i have a question about amule & firewalls.

i have firestarter running with ports 4662 and 4672 open in both directions (i am also filtering outbound traffic). amule runs perfectly.
however, when amule is running, i receive multiple warnings because of outbound events on other ports. it is not a real problem, because amule is running fine. i just wonder what is going on.

is there anyone who can explain this to me?
Logged

wuischke

  • Developer
  • Hero Member
  • *****
  • Karma: 183
  • Offline Offline
  • Posts: 4292
Re: firewall goes beserk on outbound events
« Reply #1 on: May 19, 2006, 08:36:23 PM »

You should open the Port 4665UDP as well. (More Info)
Logged

The Wizzard

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 6
Re: firewall goes beserk on outbound events
« Reply #2 on: May 19, 2006, 09:49:09 PM »

thanks for the explaination.
if i'm not mistaken, amule starts scanning other ports when it finds 4665 closed?

mmm, i opened 4665 also, but the issue remains. any clues?
Logged

wuischke

  • Developer
  • Hero Member
  • *****
  • Karma: 183
  • Offline Offline
  • Posts: 4292
Re: firewall goes beserk on outbound events
« Reply #3 on: May 19, 2006, 09:52:06 PM »

aMule is not supposed to use other ports than 4662, 4665 and 4672 and it does not need others (maybe Port 80 for the download of the versioncheckfile, the serverlist, the ipfilter and the nodes.dat).
Which ports is aMule scanning according to your tools?
Logged

The Wizzard

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 6
Re: firewall goes beserk on outbound events
« Reply #4 on: May 19, 2006, 09:57:27 PM »

about every port exept 4665.
although, if 4665 is blocked further down the line it won't show in the events list of the firewall, because it is allowed.

below is a small part of the list.



Time:May 19 21:52:56 Direction: Outbound In: Out:eth0 Port:55009 Source:192.168.1.100 Destination:84.102.115.110 Length:63 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:52:57 Direction: Outbound In: Out:eth0 Port:8951 Source:192.168.1.100 Destination:64.34.166.155 Length:46 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:53:07 Direction: Outbound In: Out:eth0 Port:4649 Source:192.168.1.100 Destination:83.49.160.199 Length:63 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:53:09 Direction: Outbound In: Out:eth0 Port:63575 Source:192.168.1.100 Destination:81.72.109.98 Length:63 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:53:18 Direction: Outbound In: Out:eth0 Port:12224 Source:192.168.1.100 Destination:82.241.53.27 Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 19 21:53:18 Direction: Outbound In: Out:eth0 Port:6672 Source:192.168.1.100 Destination:82.242.63.8 Length:55 TOS:0x00 Protocol:UDP Service:Vision_server
Time:May 19 21:53:21 Direction: Outbound In: Out:eth0 Port:12224 Source:192.168.1.100 Destination:82.241.53.27 Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 19 21:53:43 Direction: Outbound In: Out:eth0 Port:32813 Source:192.168.1.100 Destination:87.122.238.39 Length:63 TOS:0x00 Protocol:UDP Service:Sun-RPC portmap
Time:May 19 21:53:47 Direction: Outbound In: Out:eth0 Port:10014 Source:192.168.1.100 Destination:87.6.43.131 Length:55 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:53:49 Direction: Outbound In: Out:eth0 Port:4663 Source:192.168.1.100 Destination:83.22.129.44 Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 19 21:54:05 Direction: Outbound In: Out:eth0 Port:64549 Source:192.168.1.100 Destination:88.152.95.133 Length:63 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:54:11 Direction: Outbound In: Out:eth0 Port:30900 Source:192.168.1.100 Destination:84.221.107.57 Length:63 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:54:14 Direction: Outbound In: Out:eth0 Port:1028 Source:192.168.1.100 Destination:59.82.36.66 Length:55 TOS:0x00 Protocol:UDP Service:Unknown
Time:May 19 21:54:15 Direction: Inbound In:eth0 Out: Port:6881 Source:24.35.91.161 Destination:192.168.1.100 Length:90 TOS:0x00 Protocol:UDP Service:BitTorrent
Time:May 19 21:54:17 Direction: Outbound In: Out:eth0 Port:4772 Source:192.168.1.100 Destination:142.46.136.163 Length:63 TOS:0x00 Protocol:UDP Service:Unknown
Logged

lfroen

  • Guest
Re: firewall goes beserk on outbound events
« Reply #5 on: May 19, 2006, 10:19:48 PM »

Outbound - means amule connecting to someone outside. This is what it supposed to do (it's file-sharing program, remember) ?
Logged

The Wizzard

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 6
Re: firewall goes beserk on outbound events
« Reply #6 on: May 19, 2006, 10:46:33 PM »

@ifroen:
yes amule is about sharing and is doing so on port 4662. no problem with that.
however, amule is supposed to use certain ports (see above) to connect, so users can open these ports.
when i disable my firewall, amule opens other ports (at the moment 5998, 6346, 4332) and NOT 4665. this is strange behaviour in my opinion. and makes firewall configuration impossible.


@wuischke:
port 80 is also open (among some other ports for standard services)
Logged

wuischke

  • Developer
  • Hero Member
  • *****
  • Karma: 183
  • Offline Offline
  • Posts: 4292
Re: firewall goes beserk on outbound events
« Reply #7 on: May 19, 2006, 10:50:04 PM »

What is the port referring to anyway? Does this refer to your local port or to the port of the pc your connecting to?
I can assure you, that aMule only needs these 3 ports to work (I have NAT and there's no access at all using other ports)
Logged

The Wizzard

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 6
Re: firewall goes beserk on outbound events
« Reply #8 on: May 19, 2006, 10:56:10 PM »

local port
amule works fine with the ports 4662, 4665 and 4672 open. however, it keeps trying other ports. i wonder why.
Logged

vdb

  • Full Member
  • ***
  • Karma: 1
  • Offline Offline
  • Posts: 215
Re: firewall goes beserk on outbound events
« Reply #9 on: May 21, 2006, 03:01:21 PM »

You are thinking about this the wrong way: Your outbound traffic will occur on any port the requesting client has set. Only your inbound traffic is set on the ports you specify in the preference settings.

Example: I have my aMule on inbound port 4774. This is the port your client must open to connect to mine. If I had set my aMule to port 35691 then you will open an outbound port 35961, etc.

Ergo: Outbound you should not restrict in the firewall, or at least you should not be worried about the log entries. Or you can relate the outbound traffic to an incoming connection, that way it won't show up on the logs as errors.
Logged
A waste is a terrible thing to mind.

The Wizzard

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 6
Re: firewall goes beserk on outbound events
« Reply #10 on: May 21, 2006, 05:04:49 PM »

@vdb
thanks for your explaination.
if i understand it well, with my firewall configuration i am limited to sharing files with amule users using the same port # for their inbound traffic. mmm, maybe i should try to be less paranoid and make my firewall-rules less restrictive.

cheers
Logged

vdb

  • Full Member
  • ***
  • Karma: 1
  • Offline Offline
  • Posts: 215
Re: firewall goes beserk on outbound events
« Reply #11 on: May 22, 2006, 11:18:52 PM »

That should not be a problem: You are not a company with lots of users trying to send something outbound, are you? If it's just you behind that firewall essentially you can open all ports outbound, since you are in control of what applications actually use that outbound line.

The inbound ports are what makes you vulnerable, and those are thoroughly closed. (of course, virusses that you attracted by practising unsafe internet aside...)
Logged
A waste is a terrible thing to mind.