Search Results

Search found 17 results on 1 pages for 'the snitch'.

Page 1/1 | 1 

  • Removing Little Snitch completely (Mac OS X Snow Leopard)

    - by Mathias Bynens
    I uninstalled Little Snitch months ago. Or so, I thought. When opening Console.app, I see something like this: Here’s a textual log: 21/11/09 22:05:31 com.apple.launchd[1] (at.obdev.littlesnitchd[10045]) Exited with exit code: 1 21/11/09 22:05:31 com.apple.launchd[1] (at.obdev.littlesnitchd) Throttling respawn: Will start in 10 seconds 21/11/09 22:05:33 Little Snitch UIAgent[10046] 2.0.4.385: m65968c1c 21/11/09 22:05:33 Little Snitch UIAgent[10046] 2.0.4.385: m579328b9 21/11/09 22:05:33 Little Snitch UIAgent[10046] 2.0.4.385: m41531ded 21/11/09 22:05:33 com.apple.launchd.peruser.501[170] (at.obdev.LittleSnitchUIAgent) Throttling respawn: Will start in 10 seconds 21/11/09 22:05:41 com.apple.launchd[1] (at.obdev.littlesnitchd[10049]) Exited with exit code: 1 21/11/09 22:05:41 com.apple.launchd[1] (at.obdev.littlesnitchd) Throttling respawn: Will start in 10 seconds 21/11/09 22:05:43 Little Snitch UIAgent[10050] 2.0.4.385: m65968c1c 21/11/09 22:05:43 Little Snitch UIAgent[10050] 2.0.4.385: m579328b9 21/11/09 22:05:43 Little Snitch UIAgent[10050] 2.0.4.385: m41531ded 21/11/09 22:05:43 com.apple.launchd.peruser.501[170] (at.obdev.LittleSnitchUIAgent) Throttling respawn: Will start in 10 seconds Spotlight searches for ‘little snitch’ or ‘littlesnitch’ yield no results. Yet, it seems like I didn’t get rid of Little Snitch entirely, since it’s still using up my CPU. Any ideas?

    Read the article

  • What's the closest equivalent of Little Snitch (Mac program) on Windows?

    - by Charles Scowcroft
    I'm using Windows 7 and would like to have a feature like Little Snitch on the Mac that alerts you whenever a program on your computer makes an outgoing connection. Description of Little Snitch from its website: Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware. Little Snitch provides flexible configuration options, allowing you to grant specific permissions to your trusted applications or to prevent others from establishing particular Internet connections at all. So you will only be warned in those cases that really need your attention. Is there a program like Little Snitch for Windows?

    Read the article

  • DOM Snitch : une extension de Google Chrome pour traquer les failles du code JavaScript, par détection heuristique

    DOM Snitch : une extension open source de Google Chrome pour traquer les failles Du code JavaScript par détection heuristique « DOM Snitch » est une nouvelle extension open source pour Chrome, destinée à aider les développeurs, testeurs et chercheurs en sécurité à débusquer les failles du code client des sites et applications Web. Cette extension développée par Google permet comme son nom l'indique, de suivre en temps réel l'évolution du DOM des pages Web (Document Object Model), sous l'action des différents scripts qui s'y exécutent. La fonctionnalité clé et le principal intérêt de Snitch résident dans ses capacités avancées de détection heuristique des failles, qu...

    Read the article

  • Google Chrome calling nypost.com every ~5 seconds

    - by TonyM
    I'm using Chrome 21.0.1180.49 beta on Mac OS X 10.7.4. Did some Googling and can't figure this out. I visited a page on nypost.com earlier this morning. Just noticed that Little Snitch is reporting that nypost.com is being called every 4-6 seconds or so. I closed the tab after reading the story, a few hours ago. I created a rule in Little Snitch denying access to nypost.com, but Chrome is apparently still connecting to it. (1) Why? and (2) How can I put an end to this? Thanks in advance for any thoughts.

    Read the article

  • Why is Transmission constantly active?

    - by Dov
    I am using Transmission (1.92, the latest version) in Mac OS X 10.6.2 Snow Leopard, and have noticed that, without any torrents (at all, not even paused), Little Snitch reports constant activity from it. What's going on? I'd always assumed when I saw that with Torrents loaded but inactive, it had to do with the DHT, or some such kind of scanning activity. But what could it be doing when no torrents are loaded at all?

    Read the article

  • Firewall to block traffic to specific websites

    - by Ctroy
    I have recently switched from MAC to Windows Vista. I used to have LittleSnitch on Mac where I can create filters and disable browsing to other websites. I mean, I can create filters so that LittleSnitch will not send traffic to specific websites like Google Analytics etc. However, I cannot find a similar software on Windows. I tried Zone Alarm firewall, but it doesn't let you add filters to stop traffic to specific websites. Are there any software available on windows which are similar to LittleSnitch?

    Read the article

  • How do I get rid of Adobe Download Akamai software on a Mac?

    - by CT
    I installed Adobe's Download Manager Software when I was downloading a CS4 trial. It was called Akamai. I can not seem to get rid of this pesky thing. I have Little Snitch installed so I was annoyed that it showed that this app would phone home for updates every login. I felt this was an unnecessary process I wanted rid of. I've uninstalled it using App Cleaner. Now on login the Akamai app does not produce any Little Snitch prompts. "SoftwareUpdateCheck" does. SoftwareUpdateCheck wants to connect to a950.gi3.akamai.net on TCP 80. SoftwareUpdateCheck is /System/Library/CoreServices/SoftwareUpdate.app/Contents/Resources/SoftwareUpdateCheck. How do I rid myself of this? Mac OS X 10.6

    Read the article

  • How did Google get on my Mac?

    - by SamGoody
    Am running a MacBook Pro, and have never installed Chrome, Google Earth, or anything blatantly Google. Just installed Little Snitch (are there no good free firewalls for Mac?) and see that CURL is sending to Google every few minutes, as is a request to Google update and more. Little Snitch doesn't say what program setup these requests. So, how do I find out how G got on my machine, why is it sending so many requests (every minute or so) and how do I remove it (and is it there for reasons other than to help G spy on me)?

    Read the article

  • tftpd starts randomly

    - by Mutant
    A few days ago my Little Snitch filter starts popping up tftpd. I'd never seen this before, so I immediately start freaking out thinking my Mac has been compromised. I can't find anything unusual on the system. The process usually dies before I can trace it (little snitch never allowed the connection just left the popup up). I finally caught it once, and found this: [10:32]: sudo lsof -nlP | fgrep tftp Password: tftpd 1924 18446744 cwd DIR 1,3 1326 2 / tftpd 1924 18446744 txt REG 1,3 29856 163979456 /usr/libexec/tftpd tftpd 1924 18446744 txt REG 1,3 600576 163686622 /usr/lib/dyld tftpd 1924 18446744 txt REG 1,3 303300608 189014898 /private/var/db/dyld/dyld_shared_cache_x86_64 tftpd 1924 18446744 0u IPv4 0x34a76100fcbb06e3 0t0 UDP *:55818 tftpd 1924 18446744 2u IPv4 0x34a76100f1113c53 0t0 UDP *:69 [10:32]: ps ax | fgrep 1924 1924 ?? S 0:00.00 /usr/libexec/tftpd -i /private/tftpboot 1949 s000 S+ 0:00.00 fgrep 1924 For the life of me I can't figure out what is starting this. Nothing in cron, launchdaemons, etc. Google searches haven't yielded much either. The connection IP is different each time. So my question is: Has anyone seen anything like this before?

    Read the article

  • On OS X, what is pubsubagent and why does it connect so many places?

    - by Eric
    I use Little Snitch to monitor network connections on OS X, and I frequently see attempts by something called pubsubagent to connect to many varying sites. What is this program for and why does it use so many connections? According to this article it's used by .me sync to synchronize RSS feeds and bookmarks. But I don't have any RSS feeds. And if it's synching bookmarks, then why is it going to places like 'l.google.com' (and many more random ones) instead of just to .me?

    Read the article

  • iPhone sdk can't get Mobclix to work

    - by Matt S.
    I followed the guide here, and when I build my application the ad (or anything for that matter) doesn't show up. Nothing, nada. I followed the guide very carefully. I know that it is trying to retrieve an ad (thanks to little snitch), but it doesn't display. Has anybody experienced this and do you know of a fix?

    Read the article

  • How can I configure Adobe Help so it doesn't chatter so much with Adobe's domain?

    - by Michael Prescott
    Adobe Help that came with Creative Suite 5 and/or Flash Builder Pro is constantly creating network traffic with an Adobe site, www.wip4.adobe.com In the Adobe Help application Preferences, I find that I can change the settings so that I must manually download updates, but apparently the application still likes to call home and chatter non-stop with www.wip4.adobe.com. I could use something like Little Snitch to block all this spyware-like behavior, but I'd really prefer to just change the application's behavior. Is there a hidden setting or configuration file to adjust this behavior to something more appropriate and polite?

    Read the article

  • How can one restrict network activity to only the VPN on a Mac and prevent unsecured internet activity?

    - by John
    I'm using Mac OS and connect to a VPN to hide my location and IP (I have the 'send all traffic over VPN connection' box checked in teh Network system pref), I wish to remain anonymous and do not wish to reveal my actual IP, hence the VPN. I have a prefpan called pearportVPN that automatically connects me to my VPN when I get online. The problem is, when I connect to the internet using Airport (or other means) I have a few seconds of unsecured internet connection before my Mac logs onto my VPN. Therefore its only a matter of time before I inadvertently expose my real IP address in the few seconds it takes between when I connect to the internet and when I log onto my VPN. Is there any way I can block any traffic to and from my Mac that does not go through my VPN, so that nothing can connect unless I'm logged onto my VPN? I suspect I would need to find a third party app that would block all traffic except through the Server Address, perhaps Intego Virus Barrier X6 or little snitch, but I'm afraid I'm not sure which is right or how to configure them. Any help would be much appreciated. Thanks!

    Read the article

  • How can one restrict network activity to only the VPN on a Mac and prevent unsecured internet activity?

    - by John
    I'm using Mac OS and connect to a VPN to hide my location and IP (I have the 'send all traffic over VPN connection' box checked in teh Network system pref), I wish to remain anonymous and do not wish to reveal my actual IP, hence the VPN. I have a prefpan called pearportVPN that automatically connects me to my VPN when I get online. The problem is, when I connect to the internet using Airport (or other means) I have a few seconds of unsecured internet connection before my Mac logs onto my VPN. Therefore its only a matter of time before I inadvertently expose my real IP address in the few seconds it takes between when I connect to the internet and when I log onto my VPN. Is there any way I can block any traffic to and from my Mac that does not go through my VPN, so that nothing can connect unless I'm logged onto my VPN? I suspect I would need to find a third party app that would block all traffic except through the Server Address, perhaps Intego Virus Barrier X6 or little snitch, but I'm afraid I'm not sure which is right or how to configure them. Any help would be much appreciated. Thanks!

    Read the article

  • S3 file Uploading from Mac app though PHP?

    - by Ilija Tovilo
    I have asked this question before, but it was deleted due too little information. I'll try to be more concrete this time. I have an Objective-C mac application, which should allow users to upload files to S3-storage. The s3 storage is mine, the users don't have an Amazon account. Until now, the files were uploaded directly to the amazon servers. After thinking some more about it, it wasn't really a great concept, regarding security and flexibility. I want to add a server in between. The user should authenticate with my server, the server would open a session if the authentication was successful, and the file-sharing could begin. Now my question. I want to upload the files to S3. One option would be to make a POST-request and wait until the server would receive the file. Problems here are, that there would be a delay, when the file is being uploaded from my server to the S3 servers, and it would double the uploading time. Best would be, if I could validate the request, and then redirecting it, so the client uploads it directly to the s3-storage. Not sure if this is possible somehow. Uploading directly to S3 doesn't seem to be very smart. After looking into other apps like Droplr and Dropmark, it looks like they don't do this. Btw. I did this using Little Snitch. They have their api on their own web-server, and that's it. Could someone clear things up for me? EDIT How should I transmit my files to S3? Is there a way to "forward" it, or do I have to upload it to my server and then upload it from there to S3? Like I said, other apps can do this efficiently and without the need of communicating with S3 directly.

    Read the article

  • CodePlex Daily Summary for Thursday, August 14, 2014

    CodePlex Daily Summary for Thursday, August 14, 2014Popular ReleasesWordMat: WordMat for Mac: WordMat for Mac has a few limitations compared to the Windows version - Graph is not supported (Gnuplot, GeoGebra and Excel works) - Units are not supported yet (Coming up) The Mac version is yet as tested as the windows version.Awake: Awake v1.4.0 (Stand-Alone-Exe): Awake is a tool, that resides in system tray and prevents the computer from entering the idle state, thus successfully preventing it from entering sleep/hibernation/the lock screen. It does not change any system settings, therefore it does not require administrative privileges. This tool is designed for those who cannot change the timings in their power settings, because of some corporate policy.Node.js Tools for Visual Studio: Latest dev build: An intermediate release with the latest changes and bug fixes.HP OneView PowerShell Library: HP OneView PowerShell Library 1.10.1193: Branch to HP OneView 1.10 Release. NOTE: This library version does not support older appliance versions. Fixed New-HPOVProfile to check for Firmware and BIOS management for supported platforms. Would erroneously error when neither -firmware or -bios were passed. Fixed Remove-HPOV* cmdlets which did not handle -force switch parameter correctly Fixed New-HPOVUplinkSet and New-HPOVNetwork Fixed Download-File where HTTP stream compression was not handled, resulting in incorrectly writt...Linq 4 Javascript: Version 2.3: Minor Changes Made In Queryable - don't check for collection length with >=. Use === (In The Next Method) TypeScript Change Only - Remove collection source and other inherit properties from all the chainables. Also in typescript add private - public to all properties. This should cleanup the typescript namespace a bit TypeScript Change Only - Change return type of ToDictionary to TKey, T instead of T, TKey Changed the unit test to Typescript so I can test how the caller experience is in...NeoLua (Lua for .net dynamic language runtime): NeoLua-0.8.17: Fix: table.insert Fix: table auto convert Fix: Runtime-functions were defined as private it should be internal. Fix: min,max MichaelSenko release.Azure Maching Learning Excel Add-In: Beta: Download the zip file and extract into your local directory. Then watch the video tutorials for installation steps.MFCMAPI: August 2014 Release: Build: 15.0.0.1042 Full release notes at SGriffin's blog. If you just want to run the MFCMAPI or MrMAPI, get the executables. If you want to debug them, get the symbol files and the source. The 64 bit builds will only work on a machine with Outlook 2010/2013 64 bit installed. All other machines should use the 32 bit builds, regardless of the operating system. Facebook BadgeOooPlayer: 1.1: Added: Support for speex, TAK and OptimFrog files Added: An option to not to load cover art Added: Smaller package size Fixed: Unable to drag&drop audio files to playlist Updated: FLAC, WacPack and Opus playback libraries Updated: ID3v1 and ID3v2 tag librariesEWSEditor: EwsEditor 1.10 Release: • Export and import of items as a full fidelity steam works - without proxy classes! - I used raw EWS POSTs. • Turned off word wrap for EWS request field in EWS POST windows. • Several windows with scrolling texts boxes were limiting content to 32k - I removed this restriction. • Split server timezone info off to separate menu item from the timezone info windows so that the timezone info window could be used without logging into a mailbox. • Lots of updates to the TimeZone window. • UserAgen...Python Tools for Visual Studio: 2.1 RC: Release notes for PTVS 2.1 RC We’re pleased to announce the release candidate for Python Tools for Visual Studio 2.1. Python Tools for Visual Studio (PTVS) is an open-source plug-in for Visual Studio which supports programming with the Python language. PTVS supports a broad range of features including CPython/IronPython, editing, IntelliSense, interactive debugging, profiling, Microsoft Azure, IPython, and cross-platform debugging support. PTVS 2.1 RC is available for: Visual Studio Expre...Sense/Net ECM - Enterprise CMS: SenseNet 6.3.1 Community Edition: Sense/Net 6.3.1 Community EditionSense/Net 6.3.1 is an important step toward a more modular infrastructure, robustness and maintainability. With this release we finally introduce a packaging and a task management framework, and the Image Editor that will surely make the job of content editors more fun. Please review the changes and new features since Sense/Net 6.3 and give a feedback on our forum! Main new featuresSnAdmin (packaging framework) Task Management Image Editor OData REST A...Aspose for Apache POI: Missing Features of Apache POI SS - v 1.2: Release contain the Missing Features in Apache POI SS SDK in comparison with Aspose.Cells What's New ? Following Examples: Create Pivot Charts Detect Merged Cells Sort Data Printing Workbooks Feedback and Suggestions Many more examples are available at Aspose Docs. Raise your queries and suggest more examples via Aspose Forums or via this social coding site.MFCBDAINF: MFCBDAINF: Added recognition of TBS, Hauppauge, DVBWorld and FireDTV proprietary GUID'sFluffy: Fluffy 0.3.35.4: Change log: Text editorSKGL - Serial Key Generating Library: SKGL Extension Methods 4 (1.0.5.1): This library contains methods for: Time change check (make sure the time has not been changed on the client computer) Key Validation (this will use http://serialkeymanager.com/ to validate keys against the database) Key Activation (this will, depending on the settings, activate a key with a specific machine code) Key Activation Trial (allows you to update a key if it is a trial key) Get Machine Code (calculates a machine code given any hash function) Get Eight Byte Hash (returns an...Touchmote: Touchmote 1.0 beta 13: Changes Less GPU usage Works together with other Xbox 360 controls Bug fixesModern UI for WPF: Modern UI 1.0.6: The ModernUI assembly including a demo app demonstrating the various features of Modern UI for WPF. BREAKING CHANGE LinkGroup.GroupName renamed to GroupKey NEW FEATURES Improved rendering on high DPI screens, including support for per-monitor DPI awareness available in Windows 8.1 (see also Per-monitor DPI awareness) New ModernProgressRing control with 8 builtin styles New LinkCommands.NavigateLink routed command New Visual Studio project templates 'Modern UI WPF App' and 'Modern UI W...ClosedXML - The easy way to OpenXML: ClosedXML 0.74.0: Multiple thread safe improvements including AdjustToContents XLHelper XLColor_Static IntergerExtensions.ToStringLookup Exception now thrown when saving a workbook with no sheets, instead of creating a corrupt workbook Fix for hyperlinks with non-ASCII Characters Added basic workbook protection Fix for error thrown, when a spreadsheet contained comments and images Fix to Trim function Fix Invalid operation Exception thrown when the formula functions MAX, MIN, and AVG referenc...SEToolbox: SEToolbox 01.042.019 Release 1: Added RadioAntenna broadcast name to ship name detail. Added two additional columns for Asteroid material generation for Asteroid Fields. Added Mass and Block number columns to main display. Added Ellipsis to some columns on main display to reduce name confusion. Added correct SE version number in file when saving. Re-added in reattaching Motor when drag/dropping or importing ships (KeenSH have added RotorEntityId back in after removing it months ago). Added option to export and r...New ProjectsAndroid PCM Audio Recording: Android PCM Audio Recording The source code records the PCM audio in android device.Azure Maching Learning Excel Add-In: The Azure ML Excel Add-In enables you to interact with Microsoft Azure Machine Learning WebServices through excel by adding the scoring endpoint as a function.bitboxx bbcontact: The bitboxx bbcontact module is a DNN module for providing a simple configurable contact form with easy setup and email notificationJD eSurvey Java Open Source Online Survey Application: JD eSurvey is an open source enterprise survey web application written in Java and based on the Spring Framework and Hibernate ORM developed by JD Software.Kobayashi Royale: A tactical space combat turn based game.OneApp Framework: Framework for building true cross platform application.Raspberry Pi Control Center: A GTK+ based Raspberry Pi Control Center. Made to be simple and fastSharePoint Farm's Logs Collector: Get Farm Logs from a centralized place. Sonar Snitch: Ferramenta para filtrar e monitorar aplicações no Sonar. Indica o quanto cada aplicação foi alterada em uma série de indicadores conhecidos.

    Read the article

  • How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

    - by Timbo
    I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

    Read the article

1