Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 8424 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering Blocking Torrents

Ch4rg3r
Hi,

I'm try to torrent and have setup the NAT and Firewall correctly however I still couldn't torrent. Tried for a fair while and eventually decided to turn web filtering off to see if had anything to do with that and bang, it started working.

The category to do with torrents was off anyway and I'm not sure what's going on.

Here is a snippet of the web filtering log (which grew to 3mb in 15 minutes trying to torrent).

2015:07:10-21:41:57 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe21af800" url="ts.eset.com/.../html"
2015:07:10-21:41:58 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="55" request="0xe21af800" url="ts.eset.com/.../plain"
2015:07:10-21:41:59 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe227c800" url="ts.eset.com/.../html"
2015:07:10-21:41:59 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="55" request="0xe227c800" url="ts.eset.com/.../plain"
2015:07:10-21:42:00 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.28.103" dstip="162.244.60.38" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="110049" request="0xe2285800" url="pod-000-1002-08.backblaze.com/" referer="" error="" authtime="0" dnstime="352" cattime="179455" avscantime="0" fullreqtime="4240072" device="0" auth="0" ua="" exceptions="" category="170" reputation="neutral" categoryname="Personal Network Storage"
2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1100" message="Write error on the epoll handler 112 (Broken pipe)"
2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.28.103" dstip="134.170.216.115" user="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="135" request="0xe323b800" url="134.170.216.115/" referer="" error="Connection refused" authtime="0" dnstime="1" cattime="265" avscantime="0" fullreqtime="177785" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="95" message="Unable to parse a http message of 67 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1536" message="unable to parse a http message on handler 105 (Resource temporarily unavailable)"
2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.28.103" dstip="162.244.57.12" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="10740" request="0xe21f7800" url="ca000.backblaze.com/" referer="" error="" authtime="0" dnstime="4" cattime="168" avscantime="0" fullreqtime="1203800" device="0" auth="0" ua="" exceptions="" category="170" reputation="neutral" categoryname="Personal Network Storage"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1100" message="Write error on the epoll handler 119 (Broken pipe)"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.28.103" dstip="134.170.216.115" user="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="124" request="0xe181b800" url="134.170.216.115/" referer="" error="Connection refused" authtime="0" dnstime="1" cattime="127" avscantime="0" fullreqtime="181096" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1100" message="Write error on the epoll handler 116 (Broken pipe)"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.28.103" dstip="134.170.216.115" user="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="113" request="0xe21fa000" url="134.170.216.115/" referer="" error="Connection refused" authtime="0" dnstime="1" cattime="156" avscantime="0" fullreqtime="181849" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="95" message="Unable to parse a http message of 57 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1536" message="unable to parse a http message on handler 105 (Resource temporarily unavailable)"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="95" message="Unable to parse a http message of 37 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1536" message="unable to parse a http message on handler 105 (Resource temporarily unavailable)"


Any one know if I can fix this?

Cheers for any help.


This thread was automatically locked due to age.
Parents
  • 0
    What firewall rules do you have for using BT?
  • 0 in reply to Coder68
    What firewall rules do you have for using BT?


    None. I removed them all because I'm now using SOCKS instead.

    It was:

    Definition and Users -> Network Definitions ->

    Name: Torrent PC
    Type: Host
    Interface: Any
    IPv4 Adress: Internal LAN Address of PC

    Definition and Users -> Service Definitions -> 

    Name: Torrent Port
    Type of Definition: TCP & UDP
    Destination port: 52225 
    Source port 1:65535

    52225 was the static port that was set in the torrent client for all torrent services in and out (I tired three different clients with the static port). 

    Network Security -> NAT -> 

    Type: DNAT
    Traffic From: Any
    Using Service: Torrent Port
    Going To: External (WAN) Address
    Change Destination to: Torrent PC
    And the Service to: Torrent Port
    Automatic Firewall rule: On

    Turned on.

    Firewall -> Rules -> 

    Sources: Any
    Services: Torrent Port
    Destinations: Torrent PC

    Turned on.

    Firewall -> Rules -> 

    Sources: Torrent PC
    Services: Torrent Port
    Destinations: Any

    Turned on.

    I could not get this to work with everything else turned off, including web protection and advanced threat protection.

    Tried multiple PC's and Torrent clients.
Reply
  • 0 in reply to Coder68
    What firewall rules do you have for using BT?


    None. I removed them all because I'm now using SOCKS instead.

    It was:

    Definition and Users -> Network Definitions ->

    Name: Torrent PC
    Type: Host
    Interface: Any
    IPv4 Adress: Internal LAN Address of PC

    Definition and Users -> Service Definitions -> 

    Name: Torrent Port
    Type of Definition: TCP & UDP
    Destination port: 52225 
    Source port 1:65535

    52225 was the static port that was set in the torrent client for all torrent services in and out (I tired three different clients with the static port). 

    Network Security -> NAT -> 

    Type: DNAT
    Traffic From: Any
    Using Service: Torrent Port
    Going To: External (WAN) Address
    Change Destination to: Torrent PC
    And the Service to: Torrent Port
    Automatic Firewall rule: On

    Turned on.

    Firewall -> Rules -> 

    Sources: Any
    Services: Torrent Port
    Destinations: Torrent PC

    Turned on.

    Firewall -> Rules -> 

    Sources: Torrent PC
    Services: Torrent Port
    Destinations: Any

    Turned on.

    I could not get this to work with everything else turned off, including web protection and advanced threat protection.

    Tried multiple PC's and Torrent clients.
Children
No Data
Unfiltered HTML