Jump to content
Not connected, Your IP: 34.204.194.190
Arceon

ANSWERED Linux firewall with Eddie & Network Lock

Recommended Posts

Hi,

Yesterday I found out ufw wouldn't stay active after a reboot because of the Eddie Network Lock. When the VPN isn't active, that's all right, for then I don't want incoming or outgoing traffic, anyway.

However, how do I block incoming traffic when the VPN is active? I couldn't find an option for that in Eddie.

I did remember having to use port forwarding for P2P programs. Does that have to do with this?

Thank you

Share this post


Link to post
3 hours ago, Arceon said:

I did remember having to use port forwarding for P2P programs. Does that have to do with this?


If there's nothing listening on your forwarded port on your computer, like a torrent client, there won't be any incoming traffic. The other incoming traffic works only after you initiate some kind of outgoing request, so essentially, if you block outgoing, you also block incoming passively.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
21 minutes ago, giganerd said:

If there's nothing listening on your forwarded port on your computer, like a torrent client, there won't be any incoming traffic. The other incoming traffic works only after you initiate some kind of outgoing request, so essentially, if you block outgoing, you also block incoming passively.

I take it this is what happens when using Network Lock, then?

If so, how would I block incoming when connected to my VPN apart from my forwarded ports?

Share this post


Link to post
3 minutes ago, Arceon said:

I take it this is what happens when using Network Lock, then?


It places firewall rules to block all that is outgoing and not directed towards AirVPN server IPs.
 
6 minutes ago, Arceon said:

If so, how would I block incoming when connected to my VPN apart from my forwarded ports?


You're behind NAT routers both with your ISP and AirVPN. Anything you didn't explicitly forward does not pass through to your computer. There's nothing to block. You only need to worry about the outgoing connections because NAT routers typically forward the source ports of these connections dynamically and close them when the connection is closed.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
16 hours ago, giganerd said:

It places firewall rules to block all that is outgoing and not directed towards AirVPN server IPs.
 
You're behind NAT routers both with your ISP and AirVPN. Anything you didn't explicitly forward does not pass through to your computer. There's nothing to block. You only need to worry about the outgoing connections because NAT routers typically forward the source ports of these connections dynamically and close them when the connection is closed. 

Thank you for the clarification. I remember I have disabled UPnP and NAT-PMP on my router, is this what you are referring to?

Share this post


Link to post
Universal Plug and Play and the NAT-Port Mapping Protocol are protocol stacks with which a torrent client for example can forward a port it needs on your router explicitly. Means, when you check in your router's web interface or so, you can see them being open. These are separate technologies from the basic functionality of NAT: Those ports are implicit and usually only survive one short connection, sometimes a session (FTP or SSH for example). You normally don't see them in the web UI and are only opened when you initiate the connection ("no incoming without outgoing traffic").

UPnP and NAT-PMP are a bit problematic because they can easily open that torrent port on your ISP router explicitly without you being notified of it. Therefore, it usually is a better idea to disable them behind a VPN, as you did.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
On 5/17/2019 at 5:40 PM, giganerd said:
Universal Plug and Play and the NAT-Port Mapping Protocol are protocol stacks with which a torrent client for example can forward a port it needs on your router explicitly. Means, when you check in your router's web interface or so, you can see them being open. These are separate technologies from the basic functionality of NAT: Those ports are implicit and usually only survive one short connection, sometimes a session (FTP or SSH for example). You normally don't see them in the web UI and are only opened when you initiate the connection ("no incoming without outgoing traffic").

UPnP and NAT-PMP are a bit problematic because they can easily open that torrent port on your ISP router explicitly without you being notified of it. Therefore, it usually is a better idea to disable them behind a VPN, as you did.

Thank you for the clarifications! It is clear to me now

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...