Newbie question about rules

Discussion in 'LnS English Forum' started by sukarof, Aug 29, 2004.

Thread Status:
Not open for further replies.
  1. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    I have an Athlon 64 system. I´ve used Outpost 2.1 (314) until now.
    As some of you may know SP2+Outpost and A64 doesn´t work that well together (BSOD with OP´s filtnt.sys)
    I was about to buy Outpost, but since it been weeks now and they have not done anything about the problem (except telling us to make an exception rule for outpost in DEP, wich btw doesn´t solve the problem)
    I looked for another FW and stumbled on LooknStop. LnS seems to get good credit (and it works with A64+SP2) :)

    To the question, after this rather unnessesary explanation :) :
    When I use "The all seeing eye" or ASE for short, I have to go to the LnS log and give permission for ASE to connect to any server on the ASE list.
    Now, there is thousands of game servers in the list, so it´s tough job doing that everytime I want to play Call of Duty or Battlefield vietnam.
    Is there a way to let ASE have unlimited access so I don´t have to make a rule for every server on the ASE server list?

    *edit* I guess there is no answer for it.
    I also notice that enabling "watch thread injection" causes BSOD when launching programs.

    Athlon 64
    Gigabyte GA-KVT800
    Windows XP Pro SP2
    1024 Kingston 400Mhz RAM
     
    Last edited: Aug 30, 2004
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hi,

    just allow remote TCP/UDP ports between 27000 and 28000 as shown on the screenshot, it should work :)

    regards,

    gkweb.
     

    Attached Files:

    • ase.JPG
      ase.JPG
      File size:
      51.4 KB
      Views:
      847
  3. General Noel

    General Noel Registered Member

    Joined:
    May 3, 2005
    Posts:
    68

    I have exactly the same issue. What is all about opening port between 27000 and 28000 o_O https://www.wilderssecurity.com/newreply.php?do=newreply&p=246731#
    Huh?

    Is it related to the Data Execution Prevention (DEP) and the "watch thread injection" feature ?
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    No there is no link between the 27000-28000 port range and the fact some advanced options (like Watch Thread injection and the other ones in the beta driver) are no longer working with DEP & Nx bit.

    Frederic
     
  5. marceli7

    marceli7 Registered Member

    Joined:
    May 6, 2005
    Posts:
    33
    No, Sir... It will not work. Battlefield’s servers have random ports and ASE should scan them all. So a rule for ASE scanning BF severs should be (roughly) like this:

    IP address: any
    Allow outbound UDP from local ports 1025-5000 to remote ports 1025-65535 (theoretical range of course)
    Allow inbound UDP to local ports 1025-5000 from remote ports 1025-65535 (theoretical range of course)

    This is only for scanning BF servers! ASE and BF have it’s own communication to cover with rules.

    For ASE U have to open port 27244 in/out. Of course it is possible to compose strict rules for this ASE port but it depends on which scanner/pinger server ASE uses.

    For Battlefield U have to add TCP outbound to address 207.38.8.14 port 28910. This is for in-game servers scanner (AFAIK it is GameSpy).
     
  6. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum
    Let's say I create such a rule as "Allow outbound UDP from local ports 1025-5000 to remote ports 1025-65535" and I list the BF2.exe (battlefield 2) as the application that is allowed to trigger this rule. Onec the rule is active is the BF2.exe the only program that is allowed to access these ports while triggered or can any program listed in the application filtering tab use these ports as well?
     
Thread Status:
Not open for further replies.