Arceon 1 Posted ... Hi, Yesterday I found out ufw wouldn't stay active after a reboot because of the Eddie Network Lock. When the VPN isn't active, that's all right, for then I don't want incoming or outgoing traffic, anyway. However, how do I block incoming traffic when the VPN is active? I couldn't find an option for that in Eddie. I did remember having to use port forwarding for P2P programs. Does that have to do with this? Thank you Quote Share this post Link to post
OpenSourcerer 1442 Posted ... 3 hours ago, Arceon said: I did remember having to use port forwarding for P2P programs. Does that have to do with this? If there's nothing listening on your forwarded port on your computer, like a torrent client, there won't be any incoming traffic. The other incoming traffic works only after you initiate some kind of outgoing request, so essentially, if you block outgoing, you also block incoming passively. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Arceon 1 Posted ... 21 minutes ago, giganerd said: If there's nothing listening on your forwarded port on your computer, like a torrent client, there won't be any incoming traffic. The other incoming traffic works only after you initiate some kind of outgoing request, so essentially, if you block outgoing, you also block incoming passively. I take it this is what happens when using Network Lock, then? If so, how would I block incoming when connected to my VPN apart from my forwarded ports? Quote Share this post Link to post
OpenSourcerer 1442 Posted ... 3 minutes ago, Arceon said: I take it this is what happens when using Network Lock, then? It places firewall rules to block all that is outgoing and not directed towards AirVPN server IPs. 6 minutes ago, Arceon said: If so, how would I block incoming when connected to my VPN apart from my forwarded ports? You're behind NAT routers both with your ISP and AirVPN. Anything you didn't explicitly forward does not pass through to your computer. There's nothing to block. You only need to worry about the outgoing connections because NAT routers typically forward the source ports of these connections dynamically and close them when the connection is closed. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Arceon 1 Posted ... 16 hours ago, giganerd said: It places firewall rules to block all that is outgoing and not directed towards AirVPN server IPs. You're behind NAT routers both with your ISP and AirVPN. Anything you didn't explicitly forward does not pass through to your computer. There's nothing to block. You only need to worry about the outgoing connections because NAT routers typically forward the source ports of these connections dynamically and close them when the connection is closed. Thank you for the clarification. I remember I have disabled UPnP and NAT-PMP on my router, is this what you are referring to? Quote Share this post Link to post
OpenSourcerer 1442 Posted ... Universal Plug and Play and the NAT-Port Mapping Protocol are protocol stacks with which a torrent client for example can forward a port it needs on your router explicitly. Means, when you check in your router's web interface or so, you can see them being open. These are separate technologies from the basic functionality of NAT: Those ports are implicit and usually only survive one short connection, sometimes a session (FTP or SSH for example). You normally don't see them in the web UI and are only opened when you initiate the connection ("no incoming without outgoing traffic"). UPnP and NAT-PMP are a bit problematic because they can easily open that torrent port on your ISP router explicitly without you being notified of it. Therefore, it usually is a better idea to disable them behind a VPN, as you did. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Arceon 1 Posted ... On 5/17/2019 at 5:40 PM, giganerd said: Universal Plug and Play and the NAT-Port Mapping Protocol are protocol stacks with which a torrent client for example can forward a port it needs on your router explicitly. Means, when you check in your router's web interface or so, you can see them being open. These are separate technologies from the basic functionality of NAT: Those ports are implicit and usually only survive one short connection, sometimes a session (FTP or SSH for example). You normally don't see them in the web UI and are only opened when you initiate the connection ("no incoming without outgoing traffic"). UPnP and NAT-PMP are a bit problematic because they can easily open that torrent port on your ISP router explicitly without you being notified of it. Therefore, it usually is a better idea to disable them behind a VPN, as you did. Thank you for the clarifications! It is clear to me now Quote Share this post Link to post
Not connected, Your IP: 3.12.76.168
Online: 26656 users - 337227 Mbit/s total BW