NASA_NBC_Guy
January 10th, 2007, 09:21 PM
Hello.
I'd really like some help configuring my Cisco PIX 515E to allow uTorrent connections through.
I'd be willing to switch to another torrent client. It honestly doesn't matter that much to me.
I'm running Cisco PIX Firewall Version 6.3(5).
I know that there are no access lists or static NAT entries that reference uTorrent.
I've tried several things that I've gleaned from various websites, but nothing seems to work.
Not a whole lot of people running full-fledged PIX firewalls in their home....
I guess I'm just lucky.......DOH!
Here is the config (with certain parts eliminated):
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password ___________ encrypted
passwd _________ encrypted
hostname "mypix"
domain-name none
!
!
names
access-list 101 permit icmp any host xxxxxxx echo-reply
access-list 101 permit icmp any host xxxxxxx source-quench
access-list 101 permit icmp any host xxxxxxx unreachable
access-list 101 permit icmp any host xxxxxxx time-exceeded
pager lines 24
logging on
logging timestamp
logging console errors
logging buffered notifications
logging trap errors
logging history informational
logging facility 7
logging host inside XXX.XXX.XXX.7 6/1468
icmp deny any echo outside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside dhcp setroute
ip address inside xxx.xxx.X.1 255.255.255.0
no ip address intf2
ip audit name attack2 attack action alarm drop reset
ip audit interface outside attack2
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 512
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
!
!
http server enable
http xxxxxxx inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet xxxxxxx inside
telnet timeout 30
ssh timeout 5
console timeout 0
dhcpd address xxxxxxx inside
dhcpd dns xxxxxxx
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
I'm not a complete idiot......I'm just a whole lot more familiar with the VOIP side of the house.
Any help that you guys could give me would be greatly appreciated.
BTW, uTorrent worked very well before I upgraded from my WRT54G v6.
The PIX is just too sexy to not use!
Please help me so that I can leave my high speed connection up all the time and improve the community.
Thanks in advance.
Mike
I'd really like some help configuring my Cisco PIX 515E to allow uTorrent connections through.
I'd be willing to switch to another torrent client. It honestly doesn't matter that much to me.
I'm running Cisco PIX Firewall Version 6.3(5).
I know that there are no access lists or static NAT entries that reference uTorrent.
I've tried several things that I've gleaned from various websites, but nothing seems to work.
Not a whole lot of people running full-fledged PIX firewalls in their home....
I guess I'm just lucky.......DOH!
Here is the config (with certain parts eliminated):
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password ___________ encrypted
passwd _________ encrypted
hostname "mypix"
domain-name none
!
!
names
access-list 101 permit icmp any host xxxxxxx echo-reply
access-list 101 permit icmp any host xxxxxxx source-quench
access-list 101 permit icmp any host xxxxxxx unreachable
access-list 101 permit icmp any host xxxxxxx time-exceeded
pager lines 24
logging on
logging timestamp
logging console errors
logging buffered notifications
logging trap errors
logging history informational
logging facility 7
logging host inside XXX.XXX.XXX.7 6/1468
icmp deny any echo outside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside dhcp setroute
ip address inside xxx.xxx.X.1 255.255.255.0
no ip address intf2
ip audit name attack2 attack action alarm drop reset
ip audit interface outside attack2
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 512
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
!
!
http server enable
http xxxxxxx inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet xxxxxxx inside
telnet timeout 30
ssh timeout 5
console timeout 0
dhcpd address xxxxxxx inside
dhcpd dns xxxxxxx
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
I'm not a complete idiot......I'm just a whole lot more familiar with the VOIP side of the house.
Any help that you guys could give me would be greatly appreciated.
BTW, uTorrent worked very well before I upgraded from my WRT54G v6.
The PIX is just too sexy to not use!
Please help me so that I can leave my high speed connection up all the time and improve the community.
Thanks in advance.
Mike