I'm new to CHX-I firewall. I"m generally happy with it. However, I'm trying to upload a torrent file, but I'm unable to connect to the tracker. The Bittorrent log says: 16:15:43: Warning: [4.20.2] [NatTraversal] Discovery timed out 16:15:43: Warning: [4.20.2] [NatTraversal] NAT Traversal warning (XP: Unable to detect any UPnP services). ......... Correspondingly, the CHX-I log has many entries saying that packets with a source port of 1901 and a destination port of 1900 AND packets with a source port of 67 and destination port of 68 are being denied because "Out of connection." I have no idea what is going on here. Any thoughts? Pops
What version of CHX? What Rules and Network Adapter configurations you have? It seems that your are behind a router, and to use the UPnP, you should allow the packets with the remote port 1900 from your router http://www.grc.com/port_1900.htm
Hi, Actually, I'm not behind a router or other firewall. Technically, ZoneAlarm is running, but the fw is set to low (off); i'm just running it for behavior anomoly detection. What does "out of connection" mean? Anyway, I have no problem with emule, limewire, soulseek, ssh, or my proxy server. Why would I be having problems now? I am using CHX-I 2.8.2 with NAT 1.2.1, with the default rules for each. Pops
poppers, You would appear to be using a "torrent client" that is uPnP enabled (which "torrent client" are you using?), the "torrent client" is attempting to check for, and connect to a router. It will do this to open (set port forward) inbound ports. Check the settings within the "Torrent client" and disable the uPnP. The log showing ports 67/68 would indicate DHCP. You say you are trying to "upload a torrent file", How is this attempt being made? (ftp?)
I am using BitTorrent 4.20.2. As for uploading the torrent file, I am just following their "BitTorrent Publisher" wizard to publish the torrent via tracker "http://my.tracker:6969/announce." That is what I meant by "upload." I also tried another tracker, http://tracker.prq.to/announce. I also tried http://inferno.demonoid.com:3389/announce. None worked. Now, I disabled UPnP like you said. Now I am getting different error messages, like "unregistered torrent" or "read the faq" etc. So it looks like you all helped solve my problem, although I still can't use bt. Oh well, I was just trying to spread goodness. Guess I'll stick with Usenet and Emule. Bt is too difficult for me. Thanks again for your help. Pops
I downloaded and installed BitTorrent 4.20.2, as I was going to run the program to see what connection attempts (protocols) would be made for the uploading. But BitTorrent will not run due to my blocking its attempted connections to "Translations.bittorrent.com" (I run BitTorrent, but when it cannot connect to "Translations.bittorrent.com", it terminates)
I'm not sure how this will show up in the Wilder's display, but here is an export of some activity. **************************************************** Time Direction Interface Protocol Flags Source IP Source Port Dest. IP Dest. Port Reason 2006/07/07 00h:08min:20sec Incoming 0 2 b3 a9 d6 f7 UDP 210.64.196.204 7745 xx.xx.xx.xx 1026 Out of connection 2006/07/07 00h:06min:17sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection 2006/07/07 00h:06min:15sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection 2006/07/07 00h:04min:58sec Incoming 0 2 b3 a9 d6 f7 TCP ACK SYN 82.99.243.194 4662 xx.xx.xx.xx 3039 Invalid Flags 2006/07/07 00h:04min:40sec Incoming 0 2 b3 a9 d6 f7 TCP SYN 80.190.240.125 51197 xx.xx.xx.xx 4662 Does not match allow policy 2006/07/07 00h:04min:39sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection 2006/07/07 00h:04min:37sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection 2006/07/07 00h:04min:34sec Incoming 0 2 b3 a9 d6 f7 TCP SYN 80.190.240.125 51197 xx.xx.xx.xx 4662 Does not match allow policy 2006/07/07 00h:04min:31sec Incoming 0 2 b3 a9 d6 f7 TCP SYN 80.190.240.125 51197 xx.xx.xx.xx 4662 Does not match allow policy 2006/07/07 00h:04min:10sec Incoming 0 2 b3 a9 d6 f7 TCP ACK SYN 63.235.16.141 4662 xx.xx.xx.xx 3018 Invalid Flags 2006/07/07 00h:04min:06sec Incoming 0 2 b3 a9 d6 f7 TCP ACK SYN 212.200.205.126 4662 xx.xx.xx.xx 3009 Invalid Flags 2006/07/07 00h:04min:04sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no. 2006/07/07 00h:03min:41sec Incoming 0 2 b3 a9 d6 f7 UDP 220.184.232.201 13896 xx.xx.xx.xx 32459 Out of connection 2006/07/07 00h:03min:35sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no. 2006/07/07 00h:03min:21sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no. 2006/07/07 00h:03min:14sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no. 2006/07/07 00h:03min:10sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no. 2006/07/07 00h:03min:09sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no.
These are due to the UDP SPI,.. a time limit is set on the returned UDP packet, if not received within the time period=> Out of connection. EDIT
poppers, You should install the new version of CHX Packet Filter, available here: http://www.idrci.net/fver/index.html Import this main sample (from the author of CHX): wan_start.zip After import the sample, change the "***Deny Ingress filters" rule to this, to avoid problems on local networks...: http://img71.imageshack.us/img71/9531/chxdenyingressrule7or.png Define this properties for your Network Adapters (if they are proper for your needs...): http://img100.imageshack.us/img100/1854/chxconfig6sf.png Make a new rule to allow incoming traffic for the BitTorrent port that you defined on the program, something like this: http://img223.imageshack.us/img223/2826/chxbittorrentrule4ct.png Finally, try a scan on Shields UP! to see if you have your system stealth, and see if you still have problems...
I tried to find what you just found using google. NO luck. Now I see that what you found COULD be found using yahoo. I guess I should try more than one engine before posting. It's been informative in any event. Thanks, pops.
I didnt google,.. I realised what the "out of connection" was when you posted the full log,... but then went to CHX-I website and re-checked against the online manual http://www.idrci.net/fver/html/index.html There is also a manual available to download.