Need help creating rules

Discussion in 'LnS English Forum' started by JVM, Feb 12, 2007.

Thread Status:
Not open for further replies.
  1. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I have a DSL modem/router and apparently need to create rules for UDP and All Other Packets IGMP. How do I, assuming I need to, create rules for these? The picture below shows my log:
     

    Attached Files:

  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi JVM :)

    The packets shows in the picture are:

    In UDP: SSDP service packets use by some application like Wengo (a VoIP program)

    In IGMP: Igmp packets for "IGMPv3 routers" (used by some application like Azureus and Vlc...)

    You may create rules to authorised these packets or, if there is no problem with your modem-router or appplications, simply ignore them...

    A rule for SSDP looks like this

    In UDP
    from @IP
    local ports 1025 to 5000
    remote port 1900
    Applications ... : Generic Host Process for Windows (svchost...)


    A rule for the Igmp packet looks like this:

    In IGMP
    Source : from @IP
    Destination: IP equal to 224.0.0.22
    Igmp type: all

    Hope this help.

    :)
     
  3. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Hi JVM,

    Your logs are looking exactely like my ones!

    1.) You will need one rule allowing UDP traffic through port 1900 (like the one "Climenole" describes in detail)
    2.) No rule is needed for the IGMP log entry. At least for me it works without a specific rule

    Thomas :)
     
  4. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I had to set Source Ports for UDP to All because the range exceeds 5000 -- goes as high as 64396 . Is that a problem? Actually, my programs were working all right but I thought I should set a rule for it.
     
  5. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi JVM :)

    Higher than 5000 ?
    Strange but possible: there is some application using local port > 5000 in UDP

    For example:
    Skype: in UDP it use port 21047
    Gizmo Project; in UDP it use port 64064

    In W xp the default port range is > 1023 to 5000
    and it's in this parameter:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    MaxUserPort
    default value 5000

    (This can be changed to an higher number...)

    I guess this parameter is for TCP ports only...

    So change the rule for the UDP ports range in use.
    There's no choice I guess.

    :)
     
  6. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    Looks like allowing that UDP created a monster :mad:

    Now I am getting lots of ICMP:
     

    Attached Files:

  7. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi JVM :)

    :D LOL

    These ICMP type 3 code 3 = port unreacheable ...

    Make a copy of your rule set, rename it by adding .TXT at the end and upload it here ...


    :)
     
  8. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I have the Enhanced Rule set with the only change being that UDP rule I set.
     
  9. JVM

    JVM Registered Member

    Joined:
    Dec 24, 2005
    Posts:
    328
    I deleted the rule set for UDP and and now no more ICMP's, but now I'm back to all those UDP's o_O

    Since I don't have any problems, I'll leave it alone unless someone knows how to fix this issue.
     
Thread Status:
Not open for further replies.