Author Topic: [Solved] What ports should I open on my firewall?  (Read 4775 times)

0 Members and 1 Guest are viewing this topic.

Offline TyC-Pros

  • Newbie
  • *
  • Posts: 13
    • View Profile
[Solved] What ports should I open on my firewall?
« on: March 21, 2007, 07:17:52 pm »
I'm currently blocking all outgoing ports except those I explicitely open on my Linux box. Now, when my firewall is on, I get this:

Code: [Select]
Tysan: [23:08:04.463] NOTICE: Bot 'Tysan' has been started.
Tysan: [23:08:04.464] DEBUG: Entering disconnect()
Tysan: [23:08:04.464] DEBUG: Entering connect()
Tysan: [23:08:04.504] INFO: Trying BNLS server: bnls.valhallalegends.com
Tysan: [23:08:04.526] INFO: Resolving ip for server: useast.battle.net
Tysan: [23:08:04.553] INFO: Resolves to 12 different addresses
Tysan: [23:08:04.554] INFO: Choosing address 6 [useast.battle.net/63.240.202.138]
Tysan: [23:08:04.554] INFO: Attempting to connect
Tysan: [23:08:04.777] INFO: Connected to /63.240.202.138:6112
Tysan: [23:08:04.780] INFO: Trying BNLS server: bnls.valhallalegends.com
Tysan: [23:08:04.789] INFO: Connected to useast.battle.net:6112
Tysan: [23:08:04.789] INFO: Sending protocol byte (0x01).
Tysan: [23:08:04.790] INFO: Switching to Binary protocol.
Tysan: [23:08:04.791] INFO: Sending authorization.
Tysan: [23:08:05.151] ERROR: Connect failed: java.net.SocketException: Connection reset

Though I can connect just fine when I tell the firewall to clear (ie allow everything). I'm using Shoreline Firewall, and I have opened ports 6112 and 6113 (tcp and udp) for Battle.net, as well as port 9367 (tcp) for BNLS. Is there anything else I should open to correctly sign in?
« Last Edit: March 22, 2007, 12:24:38 pm by TyC-Pros »

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: What ports should I open on my firewall?
« Reply #1 on: March 21, 2007, 08:47:49 pm »
Why, may I ask, are you blocking outgoing ports?  Are you afraid one of your programs is going to attack someone else? :P

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: What ports should I open on my firewall?
« Reply #2 on: March 21, 2007, 09:59:26 pm »
And what about if they are sending your information out? You know, phoning home...
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Joe

  • B&
  • Moderator
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: What ports should I open on my firewall?
« Reply #3 on: March 21, 2007, 10:28:56 pm »
Why, may I ask, are you blocking outgoing ports?  Are you afraid one of your programs is going to attack someone else? :P

Backdoors.

EDIT -
JavaOp doesn't do anything with UDP so those can all stay closed, and as far as I know, nothing uses :6113 either.
« Last Edit: March 21, 2007, 10:30:39 pm by Joe[x86] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: What ports should I open on my firewall?
« Reply #4 on: March 22, 2007, 10:09:01 am »
I don't know of any software firewall that doesn't prompt you when a local application tries to access the internet so neither of those reasons hold any merit.

Offline TyC-Pros

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: What ports should I open on my firewall?
« Reply #5 on: March 22, 2007, 12:24:22 pm »
It seems the solution to my problem was the order in which I configured my /etc/shorewall/rules file. For some reason it ignores ACCEPT rules after I start giving DNAT rules (if that means anything to anyone).

Quote
Why, may I ask, are you blocking outgoing ports?  Are you afraid one of your programs is going to attack someone else?

The same reason I block incoming ports: I don't want anything on that box to do anything related to the internet unless I say so. The box is connected to the internet 24/7 - it never hurts to be paranoid about security.

Quote
I don't know of any software firewall that doesn't prompt you when a local application tries to access the internet so neither of those reasons hold any merit.

Let me guess, you are a Windows user?

I use Shoreline firewall, which is a front-end to IPTables, and runs "in the background" with a text file containing rules. When something related to the internet happens, it checks those rules what to do, and if there are no rules for this situation, it does it's default behavior: it drops the connection (you could set it to accept, but that'd defeat the purpose of the firewall).

This might be difficult to grasp, but the box I'm running my bot on doesn't have a screen, nor anything remotely resembling a graphical interface (unless you count my 1337 shell colors), so "prompting the user" is without meaning on my machine, since there's only a user logged in about 0.5% of each day.

Offline Chavo

  • x86
  • Hero Member
  • *****
  • Posts: 2219
  • no u
    • View Profile
    • Chavoland
Re: [Solved] What ports should I open on my firewall?
« Reply #6 on: March 22, 2007, 09:05:31 pm »
I knew I recognized that name, thats a perfectly good reason to block outgoing ports ;)

Quote
This might be difficult to grasp, but the box I'm running my bot on doesn't have a screen, nor anything remotely resembling a graphical interface (unless you count my 1337 shell colors), so "prompting the user" is without meaning on my machine, since there's only a user logged in about 0.5% of each day.
No need to get defensive, I was responding to the other clowns that had silly reasons to be blocking outgoing ports on a non-gateway machine.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: [Solved] What ports should I open on my firewall?
« Reply #7 on: March 23, 2007, 01:18:13 am »
What ever makes you feel better :/. I was just giving an example.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology