Emule and bittorent tuttorials

[Guest]

[Little Mac]

penn, the first easy test to do (to see if it's related to Comodo) is to briefly change CFP's Security Level to Allow All to see if you can access the private site.  If you can, we know there are CFP rules issues.  If you can't, that pretty much rules CFP out as the source of the problem.  In any event, I would not advise downloading this way; it's just to test if you can access the site (as Allow All effectively removes all CFP protection).

LM

[fedeloop]

I'm new with this and need some help.
I have read this tutorial and the proper NM rule config.
I have made the Rule for TCP protocol and the Rule for UDP protocol
using the configured Emule destination port.

When I start eMule and try co connect to a server, the connection fails by timeout

The activity log has many entries (every 10 seconds or so) like this one:

Descrip:Inbound Policy Violation (Access Denied, ICMP= PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: Changes IP and port en each entry
Destination:xxx.xx.xx.xx:28076 (wich is my modem default gateway address)
Message: PORT UNREACHABLE
Reason: NM default last block rule

Any idea?

Thank you!

 (V)


Moderator's Edit:  masked public IP for user's privacy

[Little Mac]

This sometimes happens with p2p applications.  Right-click that last block rule, select Add/Add Before.  Build the rule:

Action:  Allow
Protocol:  ICMP
Direction:  In
Source IP:  Any
Destination IP:  Any
ICMP Details:  Echo Request

That should take care of it.  CFP blocks the ICMP request before it reaches your computer, then causes a message to be forwarded so that the application knows (thus, the "port unreachable" message).

You may find other ICMP issues w/p2p applications, and end up allowing more that just Echo Requests.  Some do, some don't.  Some users find allowing these increases their speed; others don't find the difference significant or consider it worthwhile.

LM

PS:  I edited your post regarding the IP address you posted, as this is your external/public IP addy (for privacy).

[ashleyna]

I'm new to comodo firewall and i'm not a computer expert since i'll pass out just by looking at data only. First, thank you coz now I have the green light in my utorrent. but, i'm wondering, does this mean 'anything' (like spyware and virus) can slip into my computer using the specified port for my utorrent? How can I know, only utorrent is allowed to use that port? (M)

[Little Mac]

i'm wondering, does this mean 'anything' (like spyware and virus) can slip into my computer using the specified port for my utorrent? How can I know, only utorrent is allowed to use that port? (M)

As part of CFP's layered security, in order for an unsolicited Inbound connection to be accepted by Network Monitor, there has to be an approved application (ie, Application Monitor) actively listening on that port.

If some spyware/malware/etc tries to gain access to listen to that port, you will be notified by either Application Monitor or Application Behavior Analysis (provided you have not turned either one Off).  Thus, you are still safe.  For a higher level of control, make sure that all of the applications listed in Application Monitor are only Allowed Outbound connections; not Inbound (then they can't listen, regardless - except for your p2p, etc, apps). 

If you want complete total control (ie, the paranoia sets in...), you will need to increase Alert Frequency to High (as this includes Port detail) and create port-specific application rules for everything in the list.  Again, make sure there are no Inbound rules except for the p2p (or other apps that need them).

LM

[ashleyna]

Ok.., I'm confused here. Do I have to do frequent check at Application monitor and Application Behavior Analysis? Another thing, when I don't use my torrent client, does that mean the specified port is available (open) for anything else to go in/out?

And, I have another application that need for port listening. And CFP ask me whether to allow or to deny.. I allowed it but when I checked in Application Monitor, its not written there as rule.. Is this mean that the port only open for that application?

How many applications can use the same port?


Thanx..!

[Little Mac]

ashleyna,

You might want to read the explanation about CFP's layered rules in this thread:

http://forums.comodo.com/index.php/topic,6167.0.html  That should help you get a better understanding of how it all works.

Another thing, when I don't use my torrent client, does that mean the specified port is available (open) for anything else to go in/out?

No.  As I stated before, there has to be an agreement between the monitors, and an application has to be actively running on that port.  And in order for an application to be connected, you would have to allow it.  The tutorial goes into more detail on that.

And CFP ask me whether to allow or to deny.. I allowed it but when I checked in Application Monitor, its not written there as rule..

If you don't check "Remember" no rule will be created.  The connection will be allowed for that session only; no permanent rule.

The thing to remember here is that CFP does not open or close ports.  The system does that, in conjunction with the requesting application.  If a port is not in use, the system should be closing it.  What CFP does in that respect, is it controls traffic access (ie, Network Monitor) and application access (ie, Application Monitor), based on the combined ruleset.  Again, see the tutorial for more detailed info.

LM

[ashleyna]

Ok, I think I understand. I shouldn't worry too much since CFP is great in doing its job. Thanx for the explanation, Little Mac! 

[Little Mac]

Ok, I think I understand. Thanx for the explanation, Little Mac!

No problem; glad to help.

LM

[Calibur]

Hi.

Having a little problem here with Kad Low ID.
All ports are forwarded on the router, so no problem there. However, there seems to be a problem with Comodo. I've set it to allow the ports used for emule. All directions and stuff are set correctly, moved above the block rule, etc.

When I boot up eMule, I can see a lot of Inbound Policy Violations on the activity log.

Severity :Medium
Reporter :Network Monitor
Description:Inbound Policy Violation (Access Denied, ICMP = NET UNREACHABLE/PORT UNREACHABLE/HOST UNREACHABLE)
Protocol:ICMP Incoming
Source: All kinds of sources here
Destination: 192.168.1.64
Message: NET UNREACHABLE/PORT UNREACHABLE/HOST UNREACHABLE
Reason: Network Control Rule ID = 8

My log is also full of these messages.

Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, Protocol =  IGMP)
Protocol:IGMP Incoming
Source: 10.**.**.*
Destination: 224.0.0.1
Reason: Network Control Rule ID = 8

I tryed Little Mac's method on the top of the page - still low id.

[Little Mac]

I tryed Little Mac's method on the top of the page - still low id.

By this, do you mean you did this:
https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/emule_and_bittorent_tuttorials-t411.0.html;msg86982#msg86982
or this:
https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/emule_and_bittorent_tuttorials-t411.0.html;msg90722#msg90722

If you did the "Allow All" and got nothing, then the problem is not from CFP.

If you created the Inbound ICMP rule, we may need to broaden that rule from just "Echo Request" to "ICMP Any."

LM

[Calibur]

Setting Comodo to 'Allow all' does not help.

Tryed changing the ICMP rule, no success.

Comodo is causing the problem, when I uninstalled it, I got High ID.

[ashleyna]

I'm sorry, but I have to ask about this. I allow my uTorrent TCP/UDP In. In Connection Activity the protocol for my uTorrent are; TCP Out, UDP Out, TCP In/Out; what do these mean? I only allow TCP/UDP In, right? And then, do I have to give uTorrent right to connect to the internet? Even after I allow them to listen to the specified port?   

[Little Mac]

Setting Comodo to 'Allow all' does not help.

In this case, the problem is not Comodo.  Combined with your p2p working after uninstalling CFP, experience says the problem is due to the conflicting remains of your previous firewall, or possibly a conflict that occurred during the installation of CFP.  Most commonly, it relates to the former firewall not being completely gone. 

I would suggest looking for detailed instructions on removing the remains of your old FW, and doing a thorough registry cleaning.  If possible, use SafeMode to minimize conflicts.  Then reinstall CFP in SafeMode.  If you let us know what your old FW was, we may be able to help point you in the right direction.

LM

[Little Mac]

I only allow TCP/UDP In, right? And then, do I have to give uTorrent right to connect to the internet? Even after I allow them to listen to the specified port?   

CFP has a "layered" approach to security.  Inbound traffic must first pass Network Monitor, then Application Monitor, then Advanced Analysis/Behavior.  Outbound traffic must first pass Application Monitor, then Advanced Analysis/Behavior, then Network Monitor. 

So, for a p2p application, you must have the Inbound Network rules as given in the first post of this thread.

You must also have appropriate Application Monitor rules for the application as well.  I would suggest having these separate - ie, one to Allow TCP/UDP Out, one to Allow TCP/UDP In (where you can define that Destination Port if you like).

LM

[Tags:]