DC++ and similar Direct connect clients tutorial

[mantra]

is there a way to use dc++ in connection-->direct connection  instead firewall with port forwarding

[Jorgosch]

In that case you'd have to allow incoming connections to all unpriviledged ports since dc++ will assign a new random listening port on each porgram start. This will only work if you are either directly connected to the internet (no router or NAT) or if all those ports are also open in the router. Not recommended.

Please note that in the latest batch of DC++ software, there is an ADDITIONAL incoming TCP port for TLS (secure) connections. This port should be different from the regular TCP listening port and will also have to be openend both in the firewall as well as in the router.

I noticed that the previously posted rulesets lack outgoing connections (or maybe I've read too quickly over them). You will thus also need the following rules:

Rule for TCP protocol

Action = Allow
Protocol = TCP
Direction = Out
Source IP = Local Network zone
Destination IP = Any
Source port = [unprivileged] port set
Destination port = [unprivileged] port set

Rules for UDP protocol

Action = Allow
Protocol = UDP
Direction = Out
Source IP = Local Network zone
Destination IP = Any
Source port = [unprivileged] port set
Destination port = [unprivileged] port set

Action = Allow
Protocol = UDP
Direction = Out
Source IP = Local Network zone
Destination IP = [Your DNS Servers] zone
Source port = [unprivileged] port set
Destination port = 53


If a hub uses a tcp port below 1025 you will have to either change the destination port to "any" in the tcp rules or make separate rules.

[kawaii]

Ok i will post my configuration for DC++

First of all i'm using dc++ 0.674, i know this is an old version but i like this release. Now the problem is that dc++ produces an annoying nag-screen to update because it keeps calling home. I haven't found any option to disable it, so I made a rule to block this aswell.

In DC++ set fixed ports for both TCP and UPD traffic. In my case is use 5665 for TCP and 5885 for UPD traffic.

In comodo make a new portset, i've used the name "dcports" in my example here. In that portset add the UPD and TCP ports, but very important also add the ports of the hubs you connect too. In my experience you also need the ports from the hubs to be able to search properly.

Here are the rule I use:

Rule 1, to block the update nag-screen from dc++
Block, TCP or UPD Out
Source: your own IP address, or zone if you have a dynamic address (use any if you want)
Destination: 216.34.181.96 *
Source port: any
Destination port: a single port "80"
*)If you use a newer version of dc++ (f.i 0.699) the IP used for the update might be different, check your connection list in dc++ and change if neccesary.

Rule 2, Allow incomming upd and tcp traffic
Allow, TCP or UPD In
Source: Any
Destination: Your own IP address, or zone if you have a dynamic address (use any if you want)
Source port: Any
Destination Port: a set of ports "dcports"

Rule 3, Allow outgoing incomming upd and tcp traffic
Allow, TCP or UPD Out
Source: Your own IP address, or zone if you a have a dynamic address (use any if you want)
Destination: Any
Source port: a set of ports "dcports"
Destination port: Any

Rule 4, ask unknown IP traffic
Ask, IP out
Source: Your own IP address, or zone if you have a dynamic address (use any if you want)
Destination: Any
IP Details: Any

Rule 5, Ask unknown http requests
Ask, TCP out
Source: Your own IP address, or zone if you have a dynamic address (use any if you want)
Destination: Any
Source port: Any
Destination Port: A single port "80"


For me these rules work fine. I only use 3 hubs and all those hub ports together with my udp and tcp ports are in the portset "dcports" and i have experienced no problems.

Let me know what you think