Jetico and Emule

Hi joao_proscrito,HI Stem

when i use eMule and Jetico v1 eMule Application Table,I found some eMule packets couldn't passing the default TCP inspection rule,so these packet would be blocked by "Block All not Processed IP Packets" 。so it make u Lowid.

Here are some log:

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/emule01.jpg

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/emule01.jpg

so you need add other System IP rule below the default TCP inspector rule to allow these packets with special TCP Flag to passing.

default TCP inspection rule:

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt04.jpg

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt08.jpg

BitComet SYN+ACK Out rule(59153 is BitComet lisenting port u can change it to emul TCP 4662 , RST flags):

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt06.jpg

add System P2P Table :

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/bt05.jpg

My eMule Application Table:

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/eMule.jpg

My System P2P Table :

http://i81.photobucket.com/albums/j205/ubuntu6/Jetico/SystemP2P.jpg

JPF BETA v2 TCP SPI working well with eMule，don't need System P2P Table，so u can install JPF v2 directly！

 

The logs you have shown would not cause a low ID in emule, these are outbound RST (reset connection) packets which would be dropped if the connection is already terminated. It is only if inbound SYN (connection) packets are blocked on the TCP port for emule would low ID happen.

You should not be allowing out of sequence TCP packets into your PC, as your IP rules are doing by allowing inbound TCP packets dropped by the SPI, which can leave you open to TCP exploits.

 

Hi Stem
I met many people have this lowid problem, even eMule in application Trusted Zone.
I understand and agree with your Perspective,so i suggest to use JPF v2!
i dont suggest people to try my ruleset, this just a temp solution or poor solution.
so someone use this p2p table, when use eMule u can check the System P2P Table, if you dont use eMule u can uncheck it.

i just reinstall jpf v1 in a new XP system,only use eMule Application Table,I got HighID,so there should be some conflict jpf v1 with other soft or network enviroment problem cause this lowid problem. but if people dont want reinstall OS, reinstall other soft,they can use my ruleset with some TCP exploits to have HighID, they can choose it or not.

 

Hi ubuntu,

Next time you see this problem, please load a new "optimal protection", copy over the basic emule rules, apply the policy, run emule using just the ruleset (after setting correct ports in the rules) to see if still problems.
I am still not sure if these problems are due to a software conflict \ rules conflict or a corrupted policy. (I have never been able to reproduce the emule low ID problem with Jetico)

 

I used the same rules under Jetico v1 and blocking outbound RST packets, never had a LowId.
The only issue i had (still have in v2), were the less results when searching Global servers for a file, as when i allow all traffic.