Firewall Tutorial for Utorrent with Comodo Internet Security

[Guest]

[Comofo]

Hey radhx,
Have you been here: http://portforward.com/ and made sure that 45888 is forwarded like it aught to be? Are you using that port every time (no randomizing in µTor)? Have you added 45888 to "My Port Sets" in CFP3 (for Ragwings)?

[radhx]

Hi Comofo,

Yes, I tried to follow the instructions at portforward.com as well as steps described in previous pages.
I am not using randomizing in uT and have created a port set in CFP3 for 45888 which using in the rules.
I also tried to allow ICMP in/out, but that didn't work.

I am using WLL CDMA land-line for connecting to internet. Can that be creating the problem? Or any setup is required for it?

Thanks & Regards,
Rad.

[Comofo]

Happy Friday Rad,
I'm afraid I must plead ignorance to your query regarding your connection - I'm simply unfamiliar [anyone with some insight please interject].
However, I'm curious to know what your logs look like when you're running µTorrent.
Does your dial-up machine torrent okay?
Do you have a Global Rule that might be prohibiting the inbound connections to your port (45888)?

[3xist]

Happy Friday Rad

It's Saturday Sunday in 7 hours.

Josh

[Comofo]

Yeah, in Borneo or wherever you dwell...  




[I just got off work - give me a break ]

[comode]

Sorry in advance if the following has already been posted but I have only looked at the first and last page of the thread. This information will tighten security even more and at the same time might solve some firewall issues that people might be having.

First, go to utorrent options -> Preferences -> Advanced
and set net.outgoing_port to the same port that you've used for incoming connections. Now change your firewall rules accordingly:

Rule 1
Action = Allow
Protocol = TCP/UDP
Direction = In
Description = Rule for incoming TCP and UDP connections
Source Address = Any
Destination Address = Local Area Network Zone
Source port = Unprivileged port set (start port = 1025 / end port = 65535)
Destination port = the port of utorrent

Rule 2
Action = Allow
Protocol = TCP
Direction = Out
Description = Rule for outgoing TCP connections
Source Address = Local Area Network Zone
Destination Address = Any
Source port = Your utorrent port
Destination port = Unprivileged port set (start port = 1025 / end port = 65535)

Rule 3
Action = Allow
Protocol = UDP
Direction = Out
Description = Rule for outgoing UDP connections
Source Address = Local Area Network Zone
Destination Address = Any
Source port = Your utorrent port (Without setting net.outgoing_port this would have to be "ANY" contrary to the original post)
Destination port = Unprivileged port set (start port = 1025 / end port = 65535)

Rule 4
Action = Ask (enable Log as a firewall event if this rule is fired)
Protocol = TCP
Direction = Out
Description = Rule for HTTP requests
Source Address = Local Area Network Zone
Destination Address = Any
Source port = Unprivileged port set (start port = 1025 / end port = 65535)
Destination port = 80

DNS Rule
Action = Allow
Protocol = UDP
Direction = Out
Description = Allow Outgoing DNS
Source Address = Local Area Network Zone
Destination Address = DNS Zone (your ISP's DNS servers)
Source port = Your utorrent port
Destination port = 53

Please refer to the manual how define Port sets and Zones. Hopefully you'll find this useful!

So the ONLY differences between your post and Pan's rules on page 1,are the DNS rule and the utorrent outgoing port, and the comodo rules in bold that are changed for that port?

[cloudforest]

How to configure Comodo firewall 3 for utorrent.

Rule 1
Action = Allow
Protocol = TCP or UDP
Direction = In
Description = Rule for incoming TCP and UDP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = the port of utorrent

Hi. I have a question about Rule 1 above, in particular setting the source port to start at 1025 outside of the well-known ports.

I saw some blocked traffic to my utorrent port from six or seven different IP addresses today. Details of blocked traffic: Application: C:\Program Files\uTorrent\uTorrent.exe, Source Port: UDP 80 (sometimes UDP 21), Destination Port: my utorrent listen port.

I am assuming these are legitimate requests. It's odd to use UDP 80, or UDP 21 as a source port. But may be these guys are behind a corporate firewall, and are trying to circumvent restrictions on the the use of other ports.

So my question is this: shouldn't Rule 1 be modified to allow traffic originating at all source ports. Currently Rule 1 only allows traffic if the source port is outside of the well-known ports.

Thanks.

[cloudforest]

1. In uTorrent settings->Connections, disable "Activate UPnP portmapping" ...

Hi. When I use the rule set you wrote, I have no problems. My uTorrent client gets incoming connections, and as well, initiates connections fine, and quickly maxes out.

I am behind a home broadband ADSL modem/router, and I did not do any port forwarding. My LAN IP is 192.168.1.2 and the router can be accessed with http://192.168.1.1

Coming to my question: Within uTorrent, I did not disable UPnP portmapping as you suggested above. Is that suggestion for people who do port forwarding?

Thanks.

[cloudforest]

p.s. on my pc those adresses get banned at once. I cannot see why someone should use reservered ports for filesharing.

OK. That answers my first question. I should have guessed. Having been a ZoneAlarm Free user for long, I am not used to tinkering with low-level rules.

[IamOkaw]

I am getting non-stop "bloccked intrusion attempts", all from utorrent, the vast majority of which are  tcp or UDP connections going both to and from ports below 1025. Why start the range there? And why is my utorrent client even trying to connect using a different port than the one sent?

How big a risk is it to just open up all the ports specificaly to utorrent?

[cloudforest]

I am getting non-stop "bloccked intrusion attempts", all from utorrent, the vast majority of which are  tcp or UDP connections going both to and from ports below 1025. Why start the range there? And why is my utorrent client even trying to connect using a different port than the one sent?

How big a risk is it to just open up all the ports specificaly to utorrent?

Hi.

To answer your second question, uTorrent's listen port is totally different from the port it uses for ougoing connections. For example, my uTorrent listen port is 55000. So uTorrent listens for incoming connections on this port. When uTorrent needs to send data, it will use any random port it pleases.

As to why you are getting so many blocked connections, could you make an image file of your global rules and uTorrent rules and post them here?

[IamOkaw]

Be glad to...er...how am I doing that? :-P

[cloudforest]

Be glad to...er...how am I doing that? :-P

Go to FIREWALL | ADVANCED | NETWORK SECURITY POLICY | APPLICATION RULES

Go to FIREWALL | ADVANCED | NETWORK SECURITY POLICY | GLOBAL RULES

You can take two different screenshots and attach the images.

[IamOkaw]

Here you go. It looks like all the rules are behaving as they should be. It's just that there is a LOT of traffic going to and from utorrent that is being blocked because it is from a port below the accepted range in these rule sets.

[cloudforest]

Be glad to...er...how am I doing that? :-P

Can you tell me what your uTorrent listening port it.
Open uTorrent and go to OPTIONS | PREFERENCES | CONNECTION
You will find the port number there.

[Tags:]