Jump to content
Not connected, Your IP: 18.220.97.161
Sign in to follow this  
PeterPan

Firewall Confusion

Recommended Posts

Hi,

I am trying to write a firewall rule in Bitdefender 2012 for Windows 7 32-bit OS that will block uTorrent from sending packets not addressed to Air VPN servers and that will block uTorrent from receiving packets not addressed from Air VPN servers. At least this was what I thought I had to do to protect myself from Air VPN drop outs but after reading this from your forum:

"Therefore, in order to block a program to send out packets when you're not connected to Air, just block (for any program you wish) any outgoing packet NOT coming from range 10.4.0.0->10.9.255.255, from any port to any port."

I became a bit confused. I interpret from your forum that I need to write a firewall rule that blocks uTorrent from sending packets that do not come from an Air VPN server IP addresses, this seems wrong to me because should'nt all packets sent from uTorrent come from my real IP address not from an Air VPN server IP address even when Air VPN client is launched?

Please can you help me understand what firewall rule I need to write and any misunderstanding I have.

Thanks.

Share this post


Link to post

Hi,

I am trying to write a firewall rule in Bitdefender 2012 for Windows 7 32-bit OS that will block uTorrent from sending packets not addressed to Air VPN servers and that will block uTorrent from receiving packets not addressed from Air VPN servers. At least this was what I thought I had to do to protect myself from Air VPN drop outs but after reading this from your forum:

"Therefore, in order to block a program to send out packets when you're not connected to Air, just block (for any program you wish) any outgoing packet NOT coming from range 10.4.0.0->10.9.255.255, from any port to any port."

I became a bit confused. I interpret from your forum that I need to write a firewall rule that blocks uTorrent from sending packets that do not come from an Air VPN server IP addresses, this seems wrong to me because should'nt all packets sent from uTorrent come from my real IP address not from an Air VPN server IP address even when Air VPN client is launched?

Please can you help me understand what firewall rule I need to write and any misunderstanding I have.

Thanks.

Hello!

The rule is meant to block uTorrent outgoing packets NOT coming from your TUN/TAP interface, which is the network virtual card used by OpenVPN. This network card has an IP addres DHCP-assigned by our OpenVPN server you're connected to. It is your IP address in the private network. In case of disconnection from the VPN, uTorrent will bind again to your physical interface, but with this rule it will not leak any packet outside the tunnel, therefore not exposing your real IP address in any way. Your doubt is legitimate, but comes out from a misinterpretation of the rule.

See also:

https://airvpn.org/specs

Kind regards

Share this post


Link to post

Thank you for your help. Your firewall rule did not make sense to me before because I did not fully understand how VPN's work. After reading your last reply and doing some further research I now believe I fully understand how VPN's work but would appreciate it if you could confirm my new understanding is correct. Please excuse my lack of network terminology to describe my understanding.

When I launch Air VPN client it creates a virtual network card that sits between the real physical network card and uTorrent/firewall on my computer. The virtual network card has a VPN IP that is assigned by the Air VPN server I connect to. When uTorrent on my computer sends out packets, uTorrent cannot see my real physical network card all it can see is the virtual network card and therefore must use the VPN IP as the packets' source IP address. The firewall at this point also cannot see my real physical network card it can only see the virtual network card.

Now the virtual network card accepts uTorrent's outgoing packets, encrypts the packets including the VPN IP and encapsulates them in a new packet with my real physical network card's IP address and sends it to an Air VPN server. The Air VPN server decrypts the packet, reads the destination IP address and sends the packet to the destination replacing the packet's source IP address with Air VPN server's IP address so it can receive any packets from the destination. Packets sent in return from the destination undergo the reverse of the process described previously.

This is my understanding so far, is it correct? Is the process of replacing a packets source VPN IP with Air VPN server IP called NAT and does this process take place in a router? Are records of associations between real IP's and VPN IP's only stored on the Air VPN server and on no other device such as routers? What is the correct terminology for real IP, VPN IP and Air VPN server IP in it's previous context?

Thanks.

Share this post


Link to post

This is my understanding so far, is it correct? Is the process of replacing a packets source VPN IP with Air VPN server IP called NAT and does this process take place in a router? Are records of associations between real IP's and VPN IP's only stored on the Air VPN server and on no other device such as routers? What is the correct terminology for real IP, VPN IP and Air VPN server IP in it's previous context?

Thanks.

Hello!

Your understanding and terminology are just fine. The address translation happens inside the server, not on on any external router, and no logs are kept.

Kind regards

Share this post


Link to post

Hmmm,

thanks for your help but I'm guessing there must be some record during NAT otherwise the AirVPN server would not know where to send any returning packets from the destination. Perhaps are these records just a quick temporary record not a log maybe even just something that is not even written to hard drive just present in ram?

Share this post


Link to post

Hmmm,

thanks for your help but I'm guessing there must be some record during NAT otherwise the AirVPN server would not know where to send any returning packets from the destination. Perhaps are these records just a quick temporary record not a log maybe even just something that is not even written to hard drive just present in ram?

Hello!

While you are connected, the VPN server knows your real IP address (unless you connect over Air over TOR, in which case the VPN server knows the TOR exit-node IP address).

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...