IPFW

saeedpersa

Member


Messages: 21

Dear Friends
I installed ShadowSocks VPN with Port: 59080 and Configured IPFW and ByPass this port
Here is my IPFW Configure:

Code:
IPF="ipfw -q add"
ipfw -q -f flush
TRUST="x.109.x.143"

#loopback
$IPF 10 allow all from any to any via lo0
$IPF 20 deny all from any to 127.0.0.0/8
$IPF 30 deny all from 127.0.0.0/8 to any
$IPF 40 deny tcp from any to any frag

# statefull
$IPF 50 check-state
$IPF 60 allow tcp from any to any established
$IPF 70 allow all from any to any out keep-state
$IPF 80 allow icmp from $TRUST to any


$IPF 130 allow tcp from any to any 59080 in
$IPF 140 allow tcp from any to any 59080 out

$IPF 141 allow udp from any to any 59080 in
$IPF 142 allow udp from any to any 59080 out


#WEB Access
$IPF 200 allow tcp from any to any 80 in
$IPF 201 allow tcp from any to any 80 out

$IPF 202 allow tcp from any to any 443 in
$IPF 203 allow tcp from any to any 443 out

# deny and log everything
$IPF 500 deny log all from any to any
I use it With Shadowsocks version 4.2.1 for my Telegram
When I Start my IPFW My Telegram would not upload anything just send texts
When I Stop IPFW it uploads will be done

And here is my Log:
ERROR: remote_send_send: Broken pipe
ERROR: getpeername: Socket is not connected
 

VladiBG

Aspiring Daemon

Reaction score: 222
Messages: 575

Try without firewall first to check if the problem is in your firewall rules.

ipfw firewall disable

what is the output of
ipfw list

When you open the incoming port 59080 the outgoing may be on random upper port that's why you need to use the dynamic states with setup keep-state for tcp and keep-state for udp.

for example
allow tcp from me to any setup keep-state
allow udp from me to any keep-state
 
OP
OP
saeedpersa

saeedpersa

Member


Messages: 21

Try without firewall first to check if the problem is in your firewall rules.

ipfw firewall disable

what is the output of
ipfw list

When you open the incoming port 59080 the outgoing may be on random upper port that's why you need to use the dynamic states with setup keep-state for tcp and keep-state for udp.

for example
allow tcp from me to any setup keep-state
allow udp from me to any keep-state
thanks @VladiBG But I have still this problem
 
Top