Best rules or way of setting up Comodo with WebcamXP

Hi,
I am a recent convert to Comodo after installing Vista. Excellent bit of software, very impressed so far!

I wanted some advice on the best/safest way to set this up with WebcamXP for broadcasting webcams via the internet using port 8080.

I have this working succesfully at the moment using Global Rules to allow in/out TCP/UDP from all IP addresses to go to port 8080 only. Although this does work is there a better way of doing this, or a more secure way. The application is also listed as trusted but this does not seem to be enough on its own to let it work.

Any ideas please?

Cheers, Adrian

Hello,

I believe the WebcamXP’s internal HTTP server listens on TCP port 8080. So, you could “tighten up” your System Rule a bit by only allowing incoming TCP connections to port 8080. You probably already have the System Rule that allows outgoing connections (check your System Rules list), so no need to mention outgoing TCP/UDP again.

On the application level you should allow WebcamXP to receive incoming connections to port 8080 (for it’s internal HTTP server) and to create outgoing TCP connections to those hosts and ports that are mentioned in the FTP Upload / HTTP POST sections (port 21 for FTP, port 80 for HTTP, unless you specify something else there), if you use those features. A final “blocking” rule should then be created, denying any connections not mentioned before.

So, in Global Rules:

Rule 1:

Action: Allow
Protocol: TCP
Direction: In

Source Address: Any
Destination Address: Any
Source Port: Any
Destination Port: 8080

Make it the first rule on the list to make sure nothing else blocks it.

In Application Rules (for WebcamXP’s executable):

Rule 1.

Action: Allow
Protocol: TCP
Direction: In

Source Address: Any
Destination Address: Any
Source Port: Any
Destination Port: 8080

Rule 2 (If you use the HTTP POST feature):

Action: Allow
Protocol: TCP
Direction: Out

Source Address: Any
Destination Address: IP of the web server you are posting to
Source Port: Any
Destination Port: 80 (or any port the target web server is listening to)

Rule 3 (if you use the FTP Upload feature):

Action: Allow
Protocol: TCP
Direction: Out

Source Address: Any
Destination Address: IP of the FTP server you are uploading to
Source Port: Any
Destination Port: 21 (or any port the target FTP server is listening to)

Rule 4:

Action: Block
Protocol: IP
Direction: In/Out

Source Address: Any
Destination Address: Any
Source Port: Any
Destination Port: Any

This way you make sure WebcamXP’s internal HTTP server is accessible to the world, and that outgoing connections only target those web/FTP servers that you specified. Looks quite safe to me. Now let me know if it works.

Hi MaratR,

I just wanted to say a very belated thank you for your excellent and detailed reply which I have implemented. (I just forgot to update this previously!)

I appreciate your help

Cheers

Adrian

Hi adrian,

If you’re behind a router, you will also need to port forward port 8080 to your internal IP.

Ewen