Tutorial for Utorrent with Comodo Firewall 3

[Guest]

[Metallo]

Hi,

I applied the Pandlouk rules as in page 1 but I noticed in the firewall events log that all the connections with UDP protocol are blocked.
This happens if:

The source IP is my IP address with destination IP 239.192.152.143 and source and destination ports 6771 in most of the cases.

The source IP is my IP address with destination IP my router and source and destination ports 5351 in some cases.

The source IP is X IP address with with various destination IPs and source port 80 or 81 or 89 or 911 or 926 and destination port my uTorrent port

The source IP is X IP address with various destination IPs and source port 500 or 666 or 53  and destination port my uTorrent port

I guess something is wrong or does not comply with the Pandlouk rules? 

Would appreciate your explanation.

Thank you!
Alex

Hi,

Can anybody help me to understand where the problem is? 

Thank you!
Alex

[Yoda1953]

This is how I got utorrent to work properly.

If you use Ragwing's tip by setting a utorrent port in my port sets you can easily change the utorrent port once by changing only the port in my port sets.

And with these rules you can stealth the firewall.

Quote:

1. In uTorrent settings->Connections, disable "Activate UPnP portmapping" and "Randomize port everytime uTorrent starts". Choose a port for incoming connections.

2. Go to Firewall->Common Tasks->My Port Sets->Add->A New Port Set

Name it uTorrent or something. Now right-click it and select Add... Choose the port you've set uTorrent to listen on.

3. Go to Firewall->Advanced->Network Security Policy->Application Rules and add the following rules for uTorrent.exe:

Allow TCP OR UDP In From IP Any To [Your MAC/IP] (remark :here I use ANY) Where Source Port Is Any And Destination Port is In [uTorrent port] (remark:choose a set of ports and then utorrent instead of the single port option)

Allow TCP OR UDP Out From [Your MAC/IP] (remark :here I use ANY)To IP Any Where Source Port Is Any And Destination Port Is Any

[uTorrent] is the port set that you've created in step 2.

4. Go to Firewall->Advanced->Network Security Polciy->Global Rules and add this rule at the top:

Allow TCP OR UDP In From IP Any To [Your MAC/IP] (remark :here I use ANY) Where Source Port Is Any And Destination Port Is In [uTorrent port] (remark: choose a set of ports and then utorrent instead of the single port option)

This works with everything enabled in Attack Detection Settings.

End quote.

[Hitchcockwarning]

Hi Ragwing,

if you apply those rules then you must really trust utorrent and all those with which it connects. 
I do not trust any program to give it access IN/OUT in every protocol.

1. Are those rules the same as selecting utorrent as a "trusted application" ?

2. Are you saying you would never select any application as "trusted" in the firewall rules (e.g. Network Security Policy/Application Rules) ?

[uhohkimee]

I did the setup thats posted and my blocked intrusion jumped from 0 to 500 in like 10mins... is that normal?

[Comofo]

I did the setup thats posted and my blocked intrusion jumped from 0 to 500 in like 10mins... is that normal?

Only if the logged block falls outside of your predefined Utorrent rules.
For example: If you have a rule to allow TCP in from IP Any port 1025-65535 to your Utor port and the block is
From source port 1024 to your Utor port then that is normal.

If the logged block falls within your rules however, then somethings wrong.
Example: If you have a rule to allow TCP in from IP Any port 1025-65535 to your Utor port and the block is
Blocked from source port 1026 to your Utor port.

In this case I'd double check everything to make sure nothing's conflicting.

[uhohkimee]

I double checked and everything seems to be fine. So any ideas why I'm getting so many blocked intrusions? Is the http request rule bug fixed or should I set it to "allow"? Should I make utorrent a trusted app on D+?

Update:

I turned off utorrent and restarted my comp and even reset my modem and router and for some reason I'm still getting blocked intrusions.

Application: Windows Operating System
Destination IP: My ip
Destination port: The utorrent port

So any ideas?

[uhohkimee]

BUMP for my question... need help pls.

[Comofo]

I double checked and everything seems to be fine. So any ideas why I'm getting so many blocked intrusions? Is the http request rule bug fixed or should I set it to "allow"? Should I make utorrent a trusted app on D+?

Update:

I turned off utorrent and restarted my comp and even reset my modem and router and for some reason I'm still getting blocked intrusions.

Application: Windows Operating System
Destination IP: My ip
Destination port: The utorrent port

So any ideas?

Do you have a rule in Global to allow incoming connections to that port?

[jccm]

Hi, I am using Pandlouk's method:

How to configure Comodo firewall 3 for utorrent.

1. Go to : Firewall -> Advanced -> Attack Detection Settings -> Miscellanous and disable  Do Protocol analysis
2. Go to : Firewall -> Advanced -> Predifined Firewall Policies and select Add...
Give a name at the new Predefined Policy for example: utorrent

Add the following rules:

Rule 1
Action = Allow
Protocol = TCP or UDP
Direction = In
Description = Rule for incoming TCP and UDP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = the port of utorrent

Rule 2
Action = Allow
Protocol = TCP
Direction = Out
Description = Rule for outgoing TCP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = A port range = (start port = 1025 / end port = 65535)

Rule 3
Action = Allow
Protocol = UDP
Direction = Out
Description = Rule for outgoing UDP connections
Source Address = Any
Destination Address = Any
Source port = the port of utorrent
Destination port = A port range = (start port = 1025 / end port = 65535)

Rule 4
Action = Ask (enable Log as a firewall event if this rule is fired)
Protocol = TCP
Direction = Out
Description = Rule for HTTP requests
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = 80

Rule 5
Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any

3. Start utorrent. When Comodo asks you with a popup, choose Treat this application as select utorrent and enable Remember my answer.

But I also had to do this to get the 'green light':

If you have connectivity problems:
Go at Firewall -> Common Tasks -> Stealth ports wizard and select
Alert me to incoming connections- stealth my ports on a per-case basis

But when stealth is set that way Symantec security http://security.symantec.com says port 135 is open.  Also, I'm not the only user on this PC so someone might mistakenly allow an incoming connection.  Any way around this?  I am on WinXP SP2 with CFP v3.0.22.349 and utorrent v1.7.7.  When I stealth ports to everyone the green light is replaced by a yellow triangle.
Thank you!

[ganda claus]

finally i got the guts to use bittorrent. 
quick questions:
what's the point of having "ask" rule for HTTP requests (rule no.4)? i have firewall alert every time i start downloading.and i just allow it  may i change the rule to "allow"?

[Comofo]

finally i got the guts to use bittorrent. 
quick questions:
what's the point of having "ask" rule for HTTP requests (rule no.4)? i have firewall alert every time i start downloading.and i just allow it  may i change the rule to "allow"?

Hey shin-,
Changed mine to Allow (and log at first - to keep an eye on it, but they're few and far between) long ago - without a doubt eased things.

[ganda claus]

Hey shin-,
Changed mine to Allow (and log at first - to keep an eye on it, but they're few and far between) long ago - without a doubt eased things.

understood  i'll change mine to allow & log. thx a lot 

[uhohkimee]

Do you have a rule in Global to allow incoming connections to that port?

I don't since it's not mention in the tutorial... should I be making one?

[Comofo]

When you next fire up Utorrent - try adding the Global Rule:
Allow TCP/UDP in from IP Any to IP Any Source Port 1025-65535 to Port (your Utorrent Port)

You probably have a Global Rule to Block all incoming attempts near the bottom of the list, your new rule must go above that.

Curious to see if that does it.

[beat915]

Need assistance. I followed Padlouk's settings but I'm receiving many blocked connections via TCP. I'm not sure what I'm doing wrong. I never had any problems when I used 2.4 with his settings fort that one but for 3.0, I'm stumped. I'm behind a router and portforwarded to one port, the same one Utorrent is set to. In his settings, do I need to open a port range of 1025-65535 in my router as well? I'm assuming no. I do get a green light in Utorrent but speeds are quite slow. Also, when I check to see if my port has been forwarded through utorrent, it says it is blocked. I would try the global rules but reading thru the forums I see that some people say it is unnecessary to use them, and that it is potentially unsafe. Could some help. I'm almost thinking of going back to v2.4 because I'm just not getting it.

[Tags:]