Cannot Open port CIS 7.0

Hi, i have a little problem trying to open a port for utorrent in this case, Internet Security Premium 7.0.317799.4142

i have fallow instuctions on this https://forums.comodo.com/firewall-faq-cis/my-p2p-client-is-not-working-properly-anymore-v4-t54156.0.html

i been use this webpage to test ports: Open Port Check Tool - Test Port Forwarding on Your Router
by success checking when is open or closed with windows firewall.

After try both methods still get network intrusions as:
Windows operating system / Blocked / In / TCP / source ip x / source port x / my ip / my port

Try giving uTorrent the Allowed Application policy in Application Rules.

Incoming traffic will first go through Global Rules (where you will open the port) and then through Application Rules. To allow an application to respond to incoming traffic you need to either give the Allowed Application policy (quickest and easiest) or a dedicated rule which will alow incoming traffic at given port(s).

oh right that make more sense now, just open port on app rules for windows os for test purposes and now is working.

i like the way is working even when open port on global is not really open for everything.

I was confused because the webtool cant tell if was open or not like windows firewalls just allow.

ty for reply.

You have to understand that the Global Rules are the outer perimeter. This can be a dry moat - without rules - or gator infested swamp with rules. It should be considered outer marker-inbound.

The Gatekeeper for your system is Windows Operating System. Even if the drawbridge is lowered over the moat, the Gatekeeper will declaring “None shall pass” unless it is provided the answer to a riddle.

Once unsolicited inbound packets have crossed the Rubicon of Global Rules, answered the Gatekeeper’s riddle, they still need a key to get in the applications door. Packets that are dropped by either the Global Rules or the Gatekeeper, will never even get inside the building to try to open the apartment door.

The same principle works in reverse, except the Gatekeeper is control tower and the Global Rules are the outer fence past the threshold; if you’re higher than the fence: you’re flying. Otherwise the packet crashes and burns.

Capisce?

Okay, so if I want to run a server that is a simple file, like a .jar file (yes Minecraft), then I have to open the port on global, then open exposure to the specfic .jar file, is that right?

You have to allow the protocol, e.g., TCP, UDP, ICMP, unsolicited packets inbound on required port. It may be necessary for both Global and Windows Operating System, but definitely the latter. Subsequently inbound connection attempts will request access to specific resources on the system, e.g., Minecraft hosting service that is executing. I think that the allow rule at the Global perimeter won’t be necessary, but Windows Operating System or perhaps even System wil be required.

Unless you’re particular about unsolicited incoming connection attempts, i.e., explicit declared source IP address(es), then source Any will be required for Windows Operating System. Apparently Minecraft server utilizes port 25565, but I don’t know if that’s connection attempt made to or from; perhaps its both. Perhaps remote client attempts connection to your server using any port, but the host server will only establish the connection on port 25565. In that case the rule will be:

required IP protocol, e.g., TCP, UDP, etc source IP address [Any] to [NIC] source port Any destination port 25565.

But maybe remote client uses port 25565 also. In that case the rule would be:

required IP protocol, e.g., TCP, UDP, etc source IP address [Any] to [NIC] source port 25565 destination port 25565.

In any case, make sure the rule is specific to inbound and outbound explicitely; don’t use the in/out rule; that don’t make sense between the two directions because the source / destination IP address switch depending if the host server is sending or the remote client is sending.

You can create a block rule for at the Global perimeter to prevent incoming connections to Minecraft hosting service ports, e.g., 25565, when you’re not hosting Minecraft sessions. Then its a simple toggle at the Global perimeter to turn on and off.

That’s it in a nutshell. If you want to see the logic quickly you can give the jar file the Allowed Application policy. That will allow all in and outgoing traffic. Once you’ve established that it works you could make a tailor made rule for your application.