Tutorial for Utorrent with Comodo Firewall 3

[Guest]

[Meganeoman]

How to configure Comodo firewall 3 for utorrent.

1. Go to : Firewall -> Advanced -> Attack Detection Settings -> Miscellanous and disable  Do Protocol analysis

2. Go to : Firewall -> Advanced -> Predifined Firewall Policies and select Add...

Give a name at the new Predifined Policy for example: utorrent

Add the following rules:

Rule 1

Action = Allow
Protocol = TCP or UDP
Direction = In
Description = Rule for incoming TCP and UDP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = the port of utorrent


Rule 2

Action = Allow
Protocol = TCP
Direction = Out
Description = Rule for outgoing TCP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = A port range = (start port = 1025 / end port = 65535)

Rule 3

Action = Allow
Protocol = UDP
Direction = Out
Description = Rule for outgoing UDP connections
Source Address = Any
Destination Address = Any
Source port = the port of utorrent
Destination port = A port range = (start port = 1025 / end port = 65535)

Rule 4

Action = Ask (enable Log as a firewall event if this rule is fired)
Protocol = TCP
Direction = Out
Description = Rule for HTTP requests
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = 80

Rule 5

Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any

3. Start utorrent. When Comodo asks you with a popup, choose Treat this application as select utorrent and enable Remember my answer.

Have a nice file sharing.

Panagiotis
---------------------------
If you have connectivity problems:
Go at Firewall -> Common Tasks -> Stealth ports wizard and select
Alert me to incoming connections- stealth my ports on a per-case basis
---------------------------
Because of a bug you must change the rule 4 (for HTTP requests) to allow. I hope this will be resolved with the next updates.
---------------------------

That guide doesn't work at ALL! It just boost the attacks on the newest comodo firewall! 

[pandlouk]

That guide doesn't work at ALL! It just boost the attacks on the newest comodo firewall! 

Yeah right!

p.s. have you disabled uPnP in utorrent?

[pandlouk]

Why you need to disable protocol analysis? What's the reason? In emule tutorial you said it's for search KAD. I have azureus and it's have no search function...

thank you

Comodo interfears with the obfuscated connections. If you leave it enabled you will have a slower download speed.

[warchief_ryan]

Nothing against you pandlouk but that seems excessive to me.

When I set mine up I just added Global rules,
Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents).
Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.

and the same for uTorrent in Application Rules.
Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents).
Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.


Why did you set the external users ports 1025-65535?  I've had uTorrent running for a few days straight now, haven't had any problems.  uTorrent only uses the one defined port correct? Could I be hindering uTorret in some way with my setup?

[Meganeoman]

I have fixed It now myself, doesn't this work? It's much easier!



http://static.pici.se/pictures/szmxuEYqx.jpg

[pandlouk]

Nothing against you pandlouk but that seems excessive to me.

When I set mine up I just added Global rules,
Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents).
Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.

and the same for uTorrent in Application Rules.
Allow TCP/UDP IN from IP any to IP any Source Port any and Destination Port (uTorrents).
Allow TCP/UDP OUT from IP any to IP any Source Port (uTorrents) and Destination Port Any.


Why did you set the external users ports 1025-65535?  I've had uTorrent running for a few days straight now, haven't had any problems.  uTorrent only uses the one defined port correct? Could I be hindering uTorret in some way with my setup?

Hi warchief_ryan,

Please eliminate that rule from your global rules. With that one you give permanent access at that port on all applications.

Well you could run uttorent without a firewall and it would not have any problems.

The rules that I made are based on the ports needed for utorrent to connect without problems. The ports that are not needed (Priviliged ports=1-1024) are taken out.

[Meganeoman]

So I should skip that?

And follow your guide?

[pandlouk]

I have fixed It now myself, doesn't this work? It's much easier!

So I should skip that?

And follow your guide?

Feel free to use yours.
I'm not trying to convince anyone.

p.s.  Never use the global rules for opening ports!You leave that one port available to the outside for every program; not only utorrent.

[Soyabeaner]

Hey Pan, I've been re-arranging my rules (again) to use what you recommend for uTorrent and found in the log a lot blocked UDP outgoing to the destination port 53 entries from my IP to others.  Is it ok to have these blocked because I understand it's for DNS?

[pandlouk]

Hey Pan, I've been re-arranging my rules (again) to use what you recommend for uTorrent and found in the log a lot blocked UDP 53 entries from my IP to others.  Is it ok to have these blocked because I understand it's for DNS?

Yes, it is ok.

From the packet sniffers I saw that most are DNS requests; but some are not.

p.s. on my pc those adresses get banned at once. I cannot see why someone should use reservered ports for filesharing.

[Soyabeaner]

Hmmmm...I just found that not adding this rule didn't allow me to download from a particular torrent :
Allow UDP Out from Source Port [1025-65535] Destination Port [53]

[pandlouk]

Hmmmm...I just found that not adding this rule didn't allow me to download from a particular torrent :
Allow UDP Out from Source Port [1025-65535] Destination Port [53]

I guess that you connect with a modem. that is a legittimate DNS request and you can allow it. Uttorent could not find the site.

If you are behind a router just configure your trusted zone.

[Soyabeaner]

Right.  Only a modem without a router.  BTW, can you explain why the 0-1024 are special ports and shouldn't be used by uTorrent (or other programs ).

And I don't know why, but ever since I followed your rules (delete everything in Global Rules except the Block In ICMP Echo Request rule) there have been no more ICMP "complaints" log.  Guess it's a good thing?

[pandlouk]

Right.  Only a modem without a router.  BTW, can you explain why the 0-1024 are special ports and shouldn't be used by uTorrent (or other programs ).

In this chase the best thing to do is to use a specific DNS server (on your windows connections settings) and then add a allow UDP rule for port 53 on that specific server.

[Soyabeaner]

In this chase the best thing to do is to use a specific DNS server (on your windows connections settings) and then add a allow UDP rule for port 53 on that specific server.

For my ISP connection or my NIC (modem) connection?  For the former I can simply ask my ISP on what the DNS server(s) should be, but how would I find out for the latter?

BTW, that rule I added for DNS was for uTorrent, not System or anything else.

[Tags:]