Meganeoman
Newbie
Offline
Posts: 23
|
 |
« Reply #15 on: November 30, 2007, 11:22:56 AM » |
|
How to configure Comodo firewall 3 for utorrent. 1. Go to : Firewall -> Advanced -> Attack Detection Settings -> Miscellanous and disable Do Protocol analysis2. Go to : Firewall -> Advanced -> Predifined Firewall Policies and select Add...Give a name at the new Predifined Policy for example: utorrentAdd the following rules: Rule 1 Action = Allow Protocol = TCP or UDP Direction = In Description = Rule for incoming TCP and UDP connections Source Address = Any Destination Address = Any Source port = A port range = ( start port = 1025 / end port = 65535) Destination port = the port of utorrent Rule 2 Action = Allow Protocol = TCP Direction = Out Description = Rule for outgoing TCP connections Source Address = Any Destination Address = Any Source port = A port range = ( start port = 1025 / end port = 65535) Destination port = A port range = ( start port = 1025 / end port = 65535) Rule 3 Action = Allow Protocol = UDP Direction = Out Description = Rule for outgoing UDP connections Source Address = Any Destination Address = Any Source port = the port of utorrent Destination port = A port range = ( start port = 1025 / end port = 65535) Rule 4 Action = Ask (enable Log as a firewall event if this rule is fired) Protocol = TCP Direction = Out Description = Rule for HTTP requests Source Address = Any Destination Address = Any Source port = A port range = ( start port = 1025 / end port = 65535) Destination port = 80 Rule 5 Action = Block (enable Log as a firewall event if this rule is fired) Protocol = IP Direction = In/OUT Description = Block and Log All Unmatching Requests Source Address = Any Destination Address = Any IP Details = Any 3. Start utorrent. When Comodo asks you with a popup, choose Treat this application as select utorrent and enable Remember my answer. Have a nice file sharing.  Panagiotis --------------------------- If you have connectivity problems: Go at Firewall -> Common Tasks -> Stealth ports wizard and select Alert me to incoming connections- stealth my ports on a per-case basis--------------------------- Because of a bug you must change the rule 4 (for HTTP requests) to allow. I hope this will be resolved with the next updates. --------------------------- That guide doesn't work at ALL! It just boost the attacks on the newest comodo firewall! 
|
|
|
|
|
Logged
|
|
|
|
pandlouk
I love Comodo
Global Moderator
Comodo's Hero
   
Offline
Posts: 2240
Panagiotis
|
 |
« Reply #16 on: November 30, 2007, 02:40:11 PM » |
|
That guide doesn't work at ALL! It just boost the attacks on the newest comodo firewall!   Yeah right!  p.s. have you disabled uPnP in utorrent?
|
|
|
|
« Last Edit: November 30, 2007, 03:04:57 PM by pandlouk »
|
Logged
|
|
|
|
pandlouk
I love Comodo
Global Moderator
Comodo's Hero
   
Offline
Posts: 2240
Panagiotis
|
 |
« Reply #17 on: November 30, 2007, 09:16:02 PM » |
|
Why you need to disable protocol analysis? What's the reason? In emule tutorial you said it's for search KAD. I have azureus and it's have no search function...
thank you
Comodo interfears with the obfuscated connections. If you leave it enabled you will have a slower download speed. 
|
|
|
|
|
Logged
|
|
|
|
warchief_ryan
Comodo Member

Offline
Posts: 33
|
 |
« Reply #18 on: December 01, 2007, 01:43:05 AM » |
|
Nothing against you pandlouk but that seems excessive to me.
When I set mine up I just added Global rules, Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents). Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.
and the same for uTorrent in Application Rules. Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents). Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.
Why did you set the external users ports 1025-65535? I've had uTorrent running for a few days straight now, haven't had any problems. uTorrent only uses the one defined port correct? Could I be hindering uTorret in some way with my setup?
|
|
|
|
|
Logged
|
|
|
|
|
|
pandlouk
I love Comodo
Global Moderator
Comodo's Hero
   
Offline
Posts: 2240
Panagiotis
|
 |
« Reply #20 on: December 01, 2007, 07:07:23 PM » |
|
Nothing against you pandlouk but that seems excessive to me.
When I set mine up I just added Global rules, Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents). Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.
and the same for uTorrent in Application Rules. Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents). Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.
Why did you set the external users ports 1025-65535? I've had uTorrent running for a few days straight now, haven't had any problems. uTorrent only uses the one defined port correct? Could I be hindering uTorret in some way with my setup?
Hi warchief_ryan, Please eliminate that rule from your global rules. With that one you give permanent access at that port on all applications. Well you could run uttorent without a firewall and it would not have any problems.  The rules that I made are based on the ports needed for utorrent to connect without problems. The ports that are not needed (Priviliged ports=1-1024) are taken out.
|
|
|
|
|
Logged
|
|
|
|
Meganeoman
Newbie
Offline
Posts: 23
|
 |
« Reply #21 on: December 01, 2007, 07:09:23 PM » |
|
So I should skip that?
And follow your guide?
|
|
|
|
|
Logged
|
|
|
|
pandlouk
I love Comodo
Global Moderator
Comodo's Hero
   
Offline
Posts: 2240
Panagiotis
|
 |
« Reply #22 on: December 01, 2007, 07:13:29 PM » |
|
I have fixed It now myself, doesn't this work? It's much easier!
So I should skip that?
And follow your guide?
Feel free to use yours. I'm not trying to convince anyone. p.s. Never use the global rules for opening ports!You leave that one port available to the outside for every program; not only utorrent.
|
|
|
|
|
Logged
|
|
|
|
Soyabeaner
Global Moderator
Comodo's Hero
   
Offline
Posts: 6621
Akagi
|
 |
« Reply #23 on: December 01, 2007, 07:59:50 PM » |
|
Hey Pan, I've been re-arranging my rules (again) to use what you recommend for uTorrent and found in the log a lot blocked UDP outgoing to the destination port 53 entries from my IP to others. Is it ok to have these blocked because I understand it's for DNS?
|
|
|
|
« Last Edit: December 01, 2007, 08:25:11 PM by Soyabeaner »
|
Logged
|
|
|
|
pandlouk
I love Comodo
Global Moderator
Comodo's Hero
   
Offline
Posts: 2240
Panagiotis
|
 |
« Reply #24 on: December 01, 2007, 08:27:16 PM » |
|
Hey Pan, I've been re-arranging my rules (again) to use what you recommend for uTorrent and found in the log a lot blocked UDP 53 entries from my IP to others. Is it ok to have these blocked because I understand it's for DNS?
Yes, it is ok. From the packet sniffers I saw that most are DNS requests; but some are not. p.s. on my pc those adresses get banned at once. I cannot see why someone should use reservered ports for filesharing. 
|
|
|
|
|
Logged
|
|
|
|
Soyabeaner
Global Moderator
Comodo's Hero
   
Offline
Posts: 6621
Akagi
|
 |
« Reply #25 on: December 01, 2007, 08:30:27 PM » |
|
Hmmmm...I just found that not adding this rule didn't allow me to download from a particular torrent  : Allow UDP Out from Source Port [1025-65535] Destination Port [53]
|
|
|
|
|
Logged
|
|
|
|
pandlouk
I love Comodo
Global Moderator
Comodo's Hero
   
Offline
Posts: 2240
Panagiotis
|
 |
« Reply #26 on: December 01, 2007, 08:33:52 PM » |
|
Hmmmm...I just found that not adding this rule didn't allow me to download from a particular torrent  : Allow UDP Out from Source Port [1025-65535] Destination Port [53] I guess that you connect with a modem. that is a legittimate DNS request and you can allow it. Uttorent could not find the site. If you are behind a router just configure your trusted zone.
|
|
|
|
|
Logged
|
|
|
|
Soyabeaner
Global Moderator
Comodo's Hero
   
Offline
Posts: 6621
Akagi
|
 |
« Reply #27 on: December 01, 2007, 08:35:23 PM » |
|
Right. Only a modem without a router. BTW, can you explain why the 0-1024 are special ports and shouldn't be used by uTorrent (or other programs  ). And I don't know why, but ever since I followed your rules (delete everything in Global Rules except the Block In ICMP Echo Request rule) there have been no more ICMP "complaints" log. Guess it's a good thing? 
|
|
|
|
« Last Edit: December 01, 2007, 08:37:42 PM by Soyabeaner »
|
Logged
|
|
|
|
pandlouk
I love Comodo
Global Moderator
Comodo's Hero
   
Offline
Posts: 2240
Panagiotis
|
 |
« Reply #28 on: December 01, 2007, 08:40:51 PM » |
|
Right. Only a modem without a router. BTW, can you explain why the 0-1024 are special ports and shouldn't be used by uTorrent (or other programs  ). In this chase the best thing to do is to use a specific DNS server (on your windows connections settings) and then add a allow UDP rule for port 53 on that specific server. 
|
|
|
|
|
Logged
|
|
|
|
Soyabeaner
Global Moderator
Comodo's Hero
   
Offline
Posts: 6621
Akagi
|
 |
« Reply #29 on: December 01, 2007, 08:44:06 PM » |
|
In this chase the best thing to do is to use a specific DNS server (on your windows connections settings) and then add a allow UDP rule for port 53 on that specific server.  For my ISP connection or my NIC (modem) connection? For the former I can simply ask my ISP on what the DNS server(s) should be, but how would I find out for the latter? BTW, that rule I added for DNS was for uTorrent, not System or anything else.
|
|
|
|
« Last Edit: December 01, 2007, 08:51:19 PM by Soyabeaner »
|
Logged
|
|
|
|
|