Freemi UPNP

Discussion in 'LnS French Forum' started by Marshall39, Sep 24, 2011.

Thread Status:
Not open for further replies.
  1. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Bonjour,

    J'ai installé ce fabuleux pare feu sur mon pc conjointement avec nod32 AV , et mon souci est que je n'arrive plus a accéder a mes films stockés sur mon disque dur de PC depuis ma freebox servero_O
    Ya t'il une regle particuliere a créer?
    Pour info , j'utilise le jeu de règle de Phantom (dernière version)

    D'avance merci
     
  2. kiko78

    kiko78 Registered Member

    Joined:
    Aug 1, 2008
    Posts:
    106
    bonjour
    je suis comme toi sur windows seven 64 avec look and stop couplé a vipré antivirus et je possede une freebox v6, donc pour pouvoir acceder au disque dur de la freebox serveur il faut déja autoriser "explorer.exe" a acceder a internet et puis dans l'onglet "filtrage internet" in faut creer une nouvelle regle, moi j'ai fait comme ca :
    type ethernet : tous (sans doute que l'on peu affiner)
    protocole : tcp
    (en bas a gauche) IP adresse : Egale a mon @
    (en bas a droite) IP adresse : egale a 212.27.38.253

    tout le reste sur "tous" et tout en bas a droite tu cliques sur application et tu autorises seulement "explorer.exe"

    voila bonne journée
     
  3. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Salut et merci pour ta réponse!

    Par contre je ne sais pas si je me suis bien expliqué , ce que je veux faire , c'est accéder depuis ma freebox player au disque dur de mon ordinateur , chose rendu possible par le super programme Freemi.
    Avec mon ancien firewall outpost ça ne posait pas de souci , mais avec LnS pas moyen o_O
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    la règle "-Multicast Filters" blocs découverte UPnP, désactiver cette règle et l'import / créer des règles UPnP dans leurs emplacements respectifs.

    Si vous parlez un peu anglais, je pourrais être capable de vous aider avec des informations supplémentaires ou si quelqu'un peut traduire pour nous.
     
  5. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Thanks PhantOm for your reply.We can do it in English.
    I've deactivated the Multicast Filters rules , but I'm not sure wich rules I have to make about that UPNP.
    I know on my local network , the device "Freebox player" has the IP 192.168.1.15 , and my computer 192.168.1.8 if that can help :p
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Thank goodness! ;p

    With that rule disabled or blocking with logging, I will need to see your logs showing the blockings for Freebox player communications.
     
  7. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Last edited: Sep 25, 2011
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Create a rule with all the specified criterias shown in the attached image, we might need to tweak this rule later on.
     

    Attached Files:

  9. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Thanks , I've done what you said but I can't see the computer in the freebox player.Each time I push the button to see the UPNP devices , I see those two lines I showed you earlier in the logs.



    Also , on the Freemi website , I've found this "En cas de problème, vérifiez la configuration de votre pare-feu : n'oubliez pas d'autoriser le programme via le pare-feu Windows, ou d'ouvrir le port 1900 en UDP et le port TCP indiqué dans la configuration de FreeMi"

    You seem to speak french well , but if you want I can translate it for you :)
     

    Attached Files:

  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Those new packet loggings, they sharing the same packet contents?

    When you created the UDP rule, did you remove the block attribute plus also enable the logging attribute on Internet Filtering Tab / screen.

    Also do you have 'Log file' feature enabled on Look 'n' Stop - 'Options' Tab / screen?


     
  11. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Another question; the rule '-Ingress_Filters_PNet' is blocking, what owns that IP address being shown?
     
  12. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Yes they sharing the same content something like this

    0000:C9 73 59 81 8C 05 04 00 ÉsYŒ...
    0008:5A B6 C4 6A 1A 14 EB EF Z¶Äjëï
    0010:90 7A 02 00 7C A2 F0 03 z..|¢ð.
    0018:2C 11 4D E8 EE 7E 41 5D ,Mèî~A]
    0020:C0 A8 01 FE 06 00 00 00 À¨.þ....

    I did remove the block attribute , and enabled the logging attribute for the rule.

    I've just enabled the log file as requested.

    "Another question; the rule '-Ingress_Filters_PNet' is blocking, what owns that IP address being shown?"

    This IP adress is for my network hard drive , wich is linked to my freebox .
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Is the newly created authorizing rule we made working or I should say triggering? Can I also have the Look 'n' Stop - Log file showing the packet blockings to freebox.
     
  14. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    It does not seem to be working unfortunately.
    I this this file that you need?
     

    Attached Files:

  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Verify the IP protocol is set to UDP, and remove 'Equal my @' IP Address criteria, is the rule left at the very top of the ruleset, or was it repositioned?
     
  16. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    The protocol was on TCP , so I've set it to UDP.
    I've done what you said about the IP adress criteria , also the rule is still on the top but no luck...
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Any reason why you aren't using Stateful Packet filtering feature in Advanced options?


    btw; try the below rule.
     

    Attached Files:

  18. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Hi sorry for the late answer , but sunday night is poker night with a couple of collegues :p
    I don't know why the Stateful Packet filtering wasn't enabled , so I did it.
    I've tried your new rule , but still not working.The only way to browse the file on my PC from the freebox player is to disable internet filtering.

    Also I've tried something a bit weird , I've loaded the LnS standart rules , it doesn't work.Then I've disabled the rule "Block UPNP/1900" and it works.
    The problem is when I do that on your set of rules no way.There must be something else for sure.
    Sorry to be a pain in the *** for you with that maybe I should only disable Internet filtering when I want to watch a film , since I'm behind a routeur it won't be realy a problem I guess
     
    Last edited: Sep 26, 2011
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    That is only one rule, when dealing with UPnP, there may be couple more needed. Also the rule I gave you needs to be viewed and then enabled manually after importing. Then the question is, does this UPnP rule trigger? And if so what else is being logged now that we need to authorize.


    Don’t worry about me, I have a very high-level tolerance, ... so the ball is back in your court. ;)
     
  20. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Hi

    Here is a new log if you wanna take a look :)
    I've tried to make one or two new rules from what I 've seen in the logs , but none ot them worked (although it seems to make something happen).
     

    Attached Files:

  21. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    OK so this time I think I got it mate.
    I've just noticed , as stupid as it can seem , that in the small application wich make the server for the freebox player , it is possible to choose wich TCP port I want to use.0=dynamic and that was this 0 the problem I think , cause each time it was a different port , means a different rule to create.

    So I have just chosen TCP=1024.
    Then I've tried to connect the freebox player with the pc , wich of course didn't work.
    So I've created this rule , wich works now , and hopefully doesn't compromise the security of my computer

    Thanks for the time you spent on this PhantOm :)
     

    Attached Files:

  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Good news! Now you need to relocate these new rules to their respective positions in the ruleset. :p
     
  23. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    PhantOm , just one last thing.
    I've done a GRC test to check this open port problem , and it shows that the port 1024 is open now.
    What can I do to open it only between my PC and my freebox?

    Thanks again
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hi,

    I would either use LAN subnet masking or specific LAN IP address, supply on the right side
     
  25. Marshall39

    Marshall39 Registered Member

    Joined:
    Aug 12, 2008
    Posts:
    29
    Thanks I've done that and it works.

    Thank you for all your help!
     
Thread Status:
Not open for further replies.