I´m new in this forum. I wanted to ask a question about Comodo Firewall.
Sorry for my English, I´m Spanish, so, I´ll try.
My problem is that a rule doesn´t work, or that is what I see. I have a trusted Application “Remote Desktop”, and I have said to Comodo that from every source and for every destination, I trust this application from the WAN.
The router is with NAT-T when 3389 TCP is targetting to an IP, that´s correct because that´s too easy.
But the point is that when it comes to connect from the WAN to my pulblic IP, Firewall shows a pop-up to check if I allow that conection. As I´m not at home, I´m not able to answer “Yes, allow this connection”, but I don´t know why this pop-up appears when I trust this applitacion
Read the following tutorial I made. Substitute the port numbers and protocol for your situation.
To open the port TCP 1723 for example
First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.
Notice that Physical address = MAC address
Firewall → Network Security policy → Global Rules → Add → fill in the following:
Description: Incoming Port
Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723
Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.
-Isn´t it the same thing opening 3389 in a Global Rule and Trusting Remote Desktop? At least, that´s what I though, that´s why I didn´t do it that way.
That should work.
As I told in my previous post, I trusted Remote Desktop from any source to my IP
Did you fill in your local IP address here and not your global IP address?
, and in the router I have the proper way to do it : NAT 3389 local IP and so on.
It´s cuirous when you say that, in the destination, I have to put the MAC, I haven´t worked with many firewalls but all of them I worked with, you needed the IP, not the MAC of the Network Card.
You may run into trouble using a MAC address to identify the other computer on the web because a MAC address does not get routed over the web. When it is not working use the local IP address or ANY; ANY always works. I think using the MAC address for your own computer would work.
Probably I´ll do what you told me to do and it works, but I´d like to know why it isn´t work in this way.
Thanks a lot for your time !!
I read your topic start again. I now noticed
As I´m not at home, I´m not able to answer “Yes, allow this connection”, but I don´t know why this pop-up appears when I trust this applitacion
That means you are using the default Global Rules which will ask for incoming traffic. I missed that the firs time.
Try setting the Global Rules to stealth settings using the Stealth Ports Wizard. Click on the third option of the Stealth Ports Wizard; Block all incoming connections and make my ports stealth for everyone.
When done check to see that the Global Rules have changed and that the rule for the open port is somewhere above the block rule (with the red icon) at the bottom. This with the Trusted Application policy should make it work.
When I do what you say about Stealth Ports Wizard, and I choose the third option, everything is blocked, RDP, 445 to share documents, et cetera.
I got the solution making a rule for svchost , with destination port 3389, and Destination IP 192.168.99.X , so, it´s strange for me how this firewall works, becuase if I only set a rule in Global Rules, with the same parametres as in svchost.exe, it doesn´t work !
Are Stealth port those which you don´t want anyone from the WAN to see them, if any hacker scan your Public IP?
Because as I say, when I set that, I hadn´t connection to the pc, even from the LAN.
Thanks a lot for you time, I´ll do a further research anyway, and if any expert of this great forum have some idea, it is welcomed !!! …Sorry for my English, I´m Spanish.
As you said, Remote Desktop was a Trusted Application, but I didn´t know I had to make a rule for svchost, but I read a topic in this same forum about that, about svchost for a rule, that´s kind of strange to me.
Many times, when I see my proccesses, there are a lot of them handled by svchost, I have to undertand that, I´d like to understand that, because, how do you know if one of those proccess are a trojan?
So, Stealth ports is sort of “invisible” ?
I did an alternative configuration for RDP, in order to see if it worked: I just open port 3389 IN, TCP, with any source to my destination IP, and it worked, and I removed RDP from Trusted Application, and it worked. I did this, as I say, in order to understand how Comodo works.
Incoming traffic will first go through Global Rules and then through Application Rules. With stealth settings (the 3rd option i the Stealth Ports Wizard) all incoming traffic will be blocked unless you allow it with additional rules.
When the apllication needs to listen to incoming traffic you need to give is a policy in which it will listen. For testing I often advice to use the Trusted Application policy because it is easy and fail proof. Only the Trusted Application policy will allow for incoming traffic.
Because you are using the Windows RDP this gets handled by svchost.exe. Because svchost.exe covers a lot of processes. It is good you made a custom rule for that instead of using the Trusted Application rule which allows all incoming traffic.
I´ve created again an Application Rule. I mean, I trust “RDP” again, with a certain destination IP (in my local network).
2.I don´t see the difference between trusting RDP and making a Global rule allowing 3389 TCP IN to an IP in my local network (previously doing NAT-T in my router of course)
3.I took off the rule about svchost in it still works, without svchost, so, I´m kind of confused with that process , though I know it handle a lot of process when you see “Task Manager” . For example, right now I´m seeing nine processes in my pc handled by svchost.exe, which is confusing for me, but I guess I will have to do a research about “svchost” on the internet.
About Stealth Settings, it is no use for me, since I´m giving a few services on the internet (smtp server, imaps server, https server…) , so I guess it´s not a good idea setting “Stealth Settings” with the third option, except, as you explain very well, I make exception so that people can reach my servers in my lan from the wan.