Azureus nat test ok but no inbound, then net dies ?

[New user]
Windows XP, I’m running a fresh installation of Kaspersky and Comodo firewall, connectivity is through an usb adsl “modem” (no network, dhcp or other involved).
Previously I was running Trend Micro pc-cillin with the integrated personal firewall, no problems (beside lack of advanced features).

Any “normal” network usage (email, browsing ecc) works fine, saturating the available bandwidth doesn’t create problems (for example by downloading lots of podcasts in itunes).

The nat test in azureus says OK. When downloading azureus does download fine but won’t upload anything (yes I checked I should have some connections, on seeder starved torrents with lots of leechers), then after some time (half an hour to an hour) all the networking will completely stop - no transfer of any kind will work anymore, no udp (no dns), but even tcp directly to ip addresses (say telnet at port 80 of a known web server) won’t work. In that case Comodo will still show lots of Azureus connections and will still log the occasional worm portscanning the machine, but no (inbound or outbound) transfer will work anymore. Stopping azureus, comodo and/or bouncing the adsl connection doesn’t resolve, only a reboot makes it work again.

Azureus is enabled for every kind of traffic in application monitor, and the relevant inbound port is enabled with an explicit rule (just before the last deny-all rule) in network monitor. Azureus Upnp support is disabled.

What should I try, any other info I should supply ?
If it matters, the cisco vpn client is installed, too (was installed before comodo) but doesn’t start at boot.

Hello,

You will need to make sure you have everything configured correctly in the firewall, the topics below were created to help users with setting up Comodo Firewall so they could use Azureus and other P2P clients.

https://forums.comodo.com/index.php/topic,29.0.html
https://forums.comodo.com/index.php/topic,411.0.html
https://forums.comodo.com/index.php/topic,1022.0.html
https://forums.comodo.com/index.php/topic,2562.0.html
https://forums.comodo.com/index.php/topic,8049.0.html

Justin

I went over those guides another time.
I have a network monitor rule ALLOW and LOG TCP or UDP IN FROM IP [Any] to IP [Any] WHERE SOURCE PORT IS [Any] AND DESTINATION PORT IS 57654. Previously this rule was just before the last block-all rule, now I moved this rule to first position.
I have a Application control rule for Azureus.exe, skip parent check, Allow TCP or UDP In/Out Dest. IP Any Dest. Port Any Misc: Allow invisible connection attemps, Skip advanced security checks.
Azureus is configured for port 57654, upnp is disabled.
The port tester at grc.com says I’m connectable.
(Now) I can seed fine - the only thing I changed is moving top the network monitor rule, which should not have changed anything since before that rule I had only (default) ALLOW rules.

Yet still after maybe half an hour all network connectivity grinds to a complete halt until a reboot, while the activity monitor shows lots of running azureus connections (ok) and the logs show other clients trying to connect to the azureus port, and the occasional blocked worm trying out some windows port.

Help ? Please ?

hmm… sounds a bit like the dreaded “EventID 4226” problem .
try going to "Administrative tools/Computer-management/Event Viewer/System "
and look for :
<<EventID 4226: TCP/IP has reached the security limit imposed on the number
of concurrent TCP connect attempts>> … if you have 4226-entries you need to either:
a : set “max connections globally” in Azureus to a lower value, or
b : apply the “TCPIP.sys” patch from www.LvlLord.de - Tipps, Tricks & Utilities - Tools and set the
“max half_open” connections to a number higher than the 10 micro$oft in their immense
wisdom have imposed in order to “stop mallware from spreading so fast”.

Note that some AV’s flag the patch as “malicious” or even as a “virus”.
It’s NOT a virus or anything like it but it does change a protected windows system-file…
not a thing you want to happen without knowing !

It doesn’t seem that problem, I don’t have any 4226s, also when the problem happens I can close azureus (for some time all the open IN/OUT and IN connections are still visibile in Activity/Connections), wait until no connections are visible, close the network connection and reconnect, but still outbound network connections hang (while the occasional inbound port scan is still logged).

I’m going to try uninstalling kaspersky antivirus, uninstall CFP, reinstall CFP, test azureus. If the problem is the same uninstall CFP, install Kaspersky internet security (Kaspersky antivirus with firewall), test again. If the problem is still present reinstall my old pccillin (my license is still valid), test. So at least I’ll know if the problem on my machine is CFP, kaspersky, the combination of both, or some other problem (windows/azureus).

Uninstall CFP, uninstall kasperskyAV, reinstall COMODO.
Azureus +CFP -KAV ran OK as expected.
When trying to reinstall Kaspersky AV with CFP already on the system it complained loudly about an installed incompatible application (guess which).
So for now I switched to KIS (Kaspersky internet security, with integrated firewall but far less flexible than CFP) simply because I’m changing work and moving into another city and don’t have enough time and energy left :frowning:
Still I’ll return trying with CFP in the future. Not that I think CFP can expect any cooperation from Kaspersky, after all they prefer to sell KIS than KAV :frowning:

imho Kaspersky Internet Security is a nice product. I always recommend to those with uhmm less time to figure out whats going on.
I am using CFP and Avast! anti vir (the free AV).