CHX: "out of connection"???

Discussion in 'other firewalls' started by poppers, Jul 6, 2006.

Thread Status:
Not open for further replies.
  1. poppers

    poppers Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    6
    I'm new to CHX-I firewall. I"m generally happy with it. However, I'm trying to upload a torrent file, but I'm unable to connect to the tracker. The Bittorrent log says:

    16:15:43: Warning: [4.20.2] [NatTraversal] Discovery timed out
    16:15:43: Warning: [4.20.2] [NatTraversal] NAT Traversal warning (XP: Unable to detect any UPnP services).
    .........

    Correspondingly, the CHX-I log has many entries saying that packets with a source port of 1901 and a destination port of 1900 AND packets with a source port of 67 and destination port of 68 are being denied because "Out of connection."

    I have no idea what is going on here. Any thoughts?

    Pops
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    What version of CHX?
    What Rules and Network Adapter configurations you have?

    It seems that your are behind a router, and to use the UPnP, you should allow the packets with the remote port 1900 from your router
    http://www.grc.com/port_1900.htm
     
  3. poppers

    poppers Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    6
    Hi, Actually, I'm not behind a router or other firewall. Technically, ZoneAlarm is running, but the fw is set to low (off); i'm just running it for behavior anomoly detection.

    What does "out of connection" mean?

    Anyway, I have no problem with emule, limewire, soulseek, ssh, or my proxy server. Why would I be having problems now?

    I am using CHX-I 2.8.2 with NAT 1.2.1, with the default rules for each.

    Pops
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    poppers,
    You would appear to be using a "torrent client" that is uPnP enabled (which "torrent client" are you using?), the "torrent client" is attempting to check for, and connect to a router. It will do this to open (set port forward) inbound ports. Check the settings within the "Torrent client" and disable the uPnP.
    The log showing ports 67/68 would indicate DHCP.

    You say you are trying to "upload a torrent file", How is this attempt being made? (ftp?)
     
  5. poppers

    poppers Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    6
    I am using BitTorrent 4.20.2. As for uploading the torrent file, I am just following their "BitTorrent Publisher" wizard to publish the torrent via tracker "http://my.tracker:6969/announce." That is what I meant by "upload." I also tried another tracker, http://tracker.prq.to/announce. I also tried http://inferno.demonoid.com:3389/announce. None worked.

    Now, I disabled UPnP like you said. Now I am getting different error messages, like "unregistered torrent" or "read the faq" etc. So it looks like you all helped solve my problem, although I still can't use bt. Oh well, I was just trying to spread goodness. Guess I'll stick with Usenet and Emule. Bt is too difficult for me.

    Thanks again for your help.

    Pops
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I downloaded and installed BitTorrent 4.20.2, as I was going to run the program to see what connection attempts (protocols) would be made for the uploading. But BitTorrent will not run due to my blocking its attempted connections to "Translations.bittorrent.com"
    (I run BitTorrent, but when it cannot connect to "Translations.bittorrent.com", it terminates)
     
  7. poppers

    poppers Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    6
    Did we ever figure out what "out of connection" means?

    Pops
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I haven`t seen this in CHX-I log, (I dont use chx-i very much... what was the full line in the log?)
     
  9. poppers

    poppers Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    6
    I'm not sure how this will show up in the Wilder's display, but here is an export of some activity.

    ****************************************************

    Time Direction Interface Protocol Flags Source IP Source Port Dest. IP Dest. Port Reason
    2006/07/07 00h:08min:20sec Incoming 0 2 b3 a9 d6 f7 UDP 210.64.196.204 7745 xx.xx.xx.xx 1026 Out of connection
    2006/07/07 00h:06min:17sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection
    2006/07/07 00h:06min:15sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection
    2006/07/07 00h:04min:58sec Incoming 0 2 b3 a9 d6 f7 TCP ACK SYN 82.99.243.194 4662 xx.xx.xx.xx 3039 Invalid Flags
    2006/07/07 00h:04min:40sec Incoming 0 2 b3 a9 d6 f7 TCP SYN 80.190.240.125 51197 xx.xx.xx.xx 4662 Does not match allow policy
    2006/07/07 00h:04min:39sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection
    2006/07/07 00h:04min:37sec Incoming 0 2 b3 a9 d6 f7 UDP 10.197.32.1 67 255.255.255.255 68 Out of connection
    2006/07/07 00h:04min:34sec Incoming 0 2 b3 a9 d6 f7 TCP SYN 80.190.240.125 51197 xx.xx.xx.xx 4662 Does not match allow policy
    2006/07/07 00h:04min:31sec Incoming 0 2 b3 a9 d6 f7 TCP SYN 80.190.240.125 51197 xx.xx.xx.xx 4662 Does not match allow policy
    2006/07/07 00h:04min:10sec Incoming 0 2 b3 a9 d6 f7 TCP ACK SYN 63.235.16.141 4662 xx.xx.xx.xx 3018 Invalid Flags
    2006/07/07 00h:04min:06sec Incoming 0 2 b3 a9 d6 f7 TCP ACK SYN 212.200.205.126 4662 xx.xx.xx.xx 3009 Invalid Flags
    2006/07/07 00h:04min:04sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no.
    2006/07/07 00h:03min:41sec Incoming 0 2 b3 a9 d6 f7 UDP 220.184.232.201 13896 xx.xx.xx.xx 32459 Out of connection
    2006/07/07 00h:03min:35sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no.
    2006/07/07 00h:03min:21sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no.
    2006/07/07 00h:03min:14sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no.
    2006/07/07 00h:03min:10sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no.
    2006/07/07 00h:03min:09sec Incoming 0 2 b3 a9 d6 f7 TCP ACK FIN 212.143.166.79 4662 xx.xx.xx.xx 2928 Invalid Sequence no.
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    These are due to the UDP SPI,.. a time limit is set on the returned UDP packet, if not received within the time period=> Out of connection.
    EDIT
     
    Last edited: Jul 7, 2006
  11. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    poppers,

    You should install the new version of CHX Packet Filter, available here: http://www.idrci.net/fver/index.html

    Import this main sample (from the author of CHX): wan_start.zip

    After import the sample, change the "***Deny Ingress filters" rule to this, to avoid problems on local networks...:
    http://img71.imageshack.us/img71/9531/chxdenyingressrule7or.png

    Define this properties for your Network Adapters (if they are proper for your needs...):
    http://img100.imageshack.us/img100/1854/chxconfig6sf.png

    Make a new rule to allow incoming traffic for the BitTorrent port that you defined on the program, something like this:
    http://img223.imageshack.us/img223/2826/chxbittorrentrule4ct.png

    Finally, try a scan on Shields UP! to see if you have your system stealth, and see if you still have problems...
     
  12. poppers

    poppers Registered Member

    Joined:
    Jul 6, 2006
    Posts:
    6
    I tried to find what you just found using google. NO luck. Now I see that what you found COULD be found using yahoo. I guess I should try more than one engine before posting. It's been informative in any event. Thanks, pops.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I didnt google,.. I realised what the "out of connection" was when you posted the full log,... but then went to CHX-I website and re-checked against the online manual http://www.idrci.net/fver/html/index.html There is also a manual available to download.
     
Loading...
Thread Status:
Not open for further replies.