Look'n'Stop UDP Packets Log issue

Discussion in 'LnS English Forum' started by TBR, Dec 8, 2005.

Thread Status:
Not open for further replies.
  1. TBR

    TBR Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    59
    Hi All,
    I am behind a Linksys router with LnS registered version running the enhanced rule set as described in the Setup and Settings for Look ‘n’ Stop thread.

    I have also looked at the Configuring Look'n'Stop with Routers thread and am running into some issues which im having difficulty resolving securely.

    Every 2 1/2 mins in the log i get the following

    Rule : UDP: Any other packet
    Type : UDP
    Address : 192.168.1.1 (My Router)
    Additonal : Ports Dest:1900 Src:27xx where xx increments by 3 or 4 ports every time

    http://img329.imageshack.us/my.php?image=log3yp.png

    Now this sounds like the IGMP rule described in the Configuring Look'n'Stop with Routers thread, however that is IGMP and not UDP so is this something different?

    http://img329.imageshack.us/my.php?image=contents9kq.png

    Also what should i do to allow this (if i should?), i have created the following rule - but it has not stopped the packet being blocked.

    http://img329.imageshack.us/my.php?image=rule0fo.png

    Any ideas?
     
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi TBR.
    I don't know much about IGMP (Internet Group Management),but i block it inbound with no probs.
    As for Port 1900 - SSDP (Simple Service Discovery Protocol) i block inbound.
     
  3. TBR

    TBR Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    59
    Hi,
    Thanks for responding, i dont have an issue with blocking it - rather i have an issue unblocking it securely as these are generated by my router by the looks of it. Assuming that is - that i should unblock it - which is one of the questions i should have asked.

    How would i configure Look'n'stop to do this?
     
  4. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Sorry,i mis-read your post!!
    IGMP is a protocol,in the IP PROTOCOL drop down tab for setting TCP,UDP etc it will say IGMP (amongst others). Your rule is correct,but edit the 'rule name' to say UDP instead of IGMP.

    Make sure you put that rule 'above' the rule blocking inbound UDP to port 1900.
     
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you have UPnP enabled on the router?

    Regards,

    CrazyM
     
  6. TBR

    TBR Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    59
    Thanks Tony - I will try that.

    Yes i do.
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Do you use UPnP? If not, it can be disabled on the router (and your systems) and you should no longer see those log entries.

    Regards,

    CrazyM
     
  8. TBR

    TBR Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    59
    I think i do :D

    I use MSN Messenger quite a bit and dosent uPnP help with NAT traversal via the router (file sharing etc?)

    I could be waaaay off here though - im skirting my knowledge of these things.
     
  9. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Yes it can help with some applications/routers. If you are unsure if it is required you could try disabling it on the router and see if it impacts anything. Has anything you have been doing required any special rules in LnS so far to work properly?

    Regards,

    CrazyM
     
  10. TBR

    TBR Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    59
    No, nothing special - its mostly just trying to understand what the packets above did and whether i had set up the rule correctly.

    One thing i should ask at this point however is that with that Rule set it now appears to allow the traffic that was previously blocked (even after i had defined the rule), however the only thing i changed was the Rule name which seems to be an unlikely reason for it just to start working.

    The only other thing i can think of is that i restarted my machine - so does LnS require a restart before new filters are acted upon?

    Sorry for all the questions - hope its not too much bother.
     
  11. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    You sometimes have to click the 'apply' button,(bottom right of the window),and did you click 'save' or 'save as'
     
  12. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    My question would be if everything was working when these packets were being dropped, why would you create a rule to permit them? This is why I suggested disabling UPnP on the router to see if everything still functioned as expected as it may be a service running on the router (and your systems) that is not required.

    Some software firewalls may require a restart for rules to take affect. I am not sure if this is the case with LnS.

    No bother, we are all here to learn :)

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.