For my uTorrent I use pandlouk’s guide. After updating to 5.3 CIS blocks a lot of IPv6 connections. Are these rules still actual for uTorrent?
P.S. CIS 5.3, uTorrent 2.2.1, Windows 7 Ultimate
Hey and warm welcome to comodo forums:)
I have looked at the guide and of what I see it’s still the same.
do you have uTorrent in application rules in the firewall?
Regards,
Valentin N
Yes; Still can be used for uTorrent
Jake
Utorrent will make use of whichever underlying IPv6 transport mechanism is available on your system. If you have native IPv6 it will use that, if you use tunnelling, it will use that. if you have deactivated IPv6 on your system, utorrent can reactivate it.
In all of the above scenarios, if you wish to have utorrent make use of IPv6, you will need to ensure you have created the appropriate rules. These typically will entail one or more rules for the utorrent process and several for the Svchost and System processes.
Also, if you use tunnelling, you will need to allow ICMPv6 echo request OUT and add a Global rule to allow ICMPv6 echo reply IN. Without these, tunnels will not function correctly, if at all.
Comodo with pandlouk (or other) rules block me uTorrent IPV6 too. Please tell me detailed rules if possible.
Because firewall log says, blocked protocol is IPV6. But when I add rule, protocol only UDP/TCP/ICMP/IP. Which protocol is IPV6?
Which kind of IPv6 do you have? Native IPv6 will require different rules to, for example, Teredo.
Hi!
My OS is Win7 x64. IPv6 is native I think. Please tell me how possible create rules of IPv6 connections. Example please.
You should check with your ISP. However, open a command prompt, type ipconfig /all and post the results, it will give us a better idea. (remember to obscure the end part of the ip addresses for security) Also, does you router, assuming you use one, support IPv6?
Hi!
I’m not uses router, my internet connection from ISP I get with UTP cable. I need dial with my user name and password. My IC speed is 20/10Mbit.
ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : xxx
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
PPP adapter Digi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Digi
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : x.x.x.x(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : x.x.x.x
x.x.x.x
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Helyi kapcsolat: (~ local connect in english)
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : xxxx::xxxx:xxxx:xxxx:xxxx%xx(Preferred)
Autoconfiguration IPv4 Address. . : x.x.x.x(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : xxxxxxxxx
DHCPv6 Client DUID. . . . . . . . : xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx-xx
DNS Servers . . . . . . . . . . . : xxxx:0:0:ffff::1%1
xxxx:0:0:ffff::2%1
xxxx:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{x-x-x-x-x}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{x-x-x-x-x}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP adapter #2
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 adapter
Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx-xx-xx
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : xxxx:xxxx:xxxx::xxxx:xxxx(Preferred)
Default Gateway . . . . . . . . . : xxxx:xxxx:xxxx::xxxx:xxxx
DNS Servers . . . . . . . . . . . : x.x.x.x
x.x.x.x
NetBIOS over Tcpip. . . . . . . . : Disabled
From the information you’ve posted it would seem you don’t have a native IPv6 address, therefore, if you wish to use IPv6 with uTorrent, you’re limited to using a tunnel.
You already have Teredo enabled, which is the default option for Windows 7, and depending on the firewall rules you have for svchost and uTorrent, there’s a chance it may already be in use.
If you open uTorrent and select the Logger Tab you should see some information regarding IPv6. If it tells you have Teredo address, then you’re half way there.
Personally, I wouldn’t use Teredo, as it’s not terrible secure and also quite limited. You would be better off signing up with a free tunnel with a broker such as Hurricane Electric Free IPv6 Tunnel Broker and configuring your system to use that.
If you can post details of the firewall rules you have for svchost.exe and uTorrent, It should be apparent if Teredo has access.
Remember, even though you have IPv6 enabled and available, IPv4 will always be preferred, so even if a client in a swarm has an IPv6 address, there’s no guarantee it will be used.
Hi, thx for answer. OK, I’m uses not native IPv6, only limited tunnel with Teredo. At the moment, I don’t want install and use “Hurricane Electric tunnel” (needed register etc…)
svchot.exe : predefined presets, only outgoing connection enabled
utorrent exe:
allow TCP/UDP in, source 1025-65535, dest port only one port
allow TCP/UDP out, source 1025-65535, dest 1025-65535
allow TCP out , source 1025-65535, dest http ports
uTorrent logger tab: IPv6 is installed
With your rules as you’ve described them, you should be getting a Teredo address.
[attachment deleted by admin]
Thx.
From my logger tab, “Starting diagnostic thread” message is missing, and “Get teredo address…” message too missing. uTorrent 2.2.1. Only “IPv6 is istalled” message is visible.
But please, my first message is the question, and I no get answer for this: https://forums.comodo.com/firewall-help-cis/cis-53-utorrent-ipv6-t67414.0.html;msg511372#msg511372
Can you post a screen-shot of the blocked IPv6 entries from the firewall log, please
Sorry, that’s not that helpful, as I need to be able to see the address information. If you’re worried about privacy you can PM a mod and send the full image to them.
Thanks for the PM, I’ve taken a look at the logs and I have to say they’re quite strange. I’d like you to try something for me and report back, please.
Open a command prompt with administrative rights and type:
netsh int ipv6 reset
Doing this will set ipv6 back to the default state. after running the command it will either say something like Ok and this computer needs to be restarted, or it will tell you there is nothing to change. If it tells you to reboot, do so and once logged in check ipconfig and send me the details via PM.
Also try this. after trying the reset mentioned above, open a command prompt and type:
netsh int teredo set state client - restart the PC
Once restarted check ipconfig and also check utorrent logger tab.
Hi!
Thanks for anwer, but I think u absloutly can’t answer for me. My question is “My OS is Win7 x64. IPv6 is native I think. Please tell me how possible create rules of IPv6 connections. Example please.”
I dont see IPv6 setting under Comodo, I think Comodo can’t filter IPv6. Thats all.
But Ur quest:
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32>netsh int ipv6 reset There's no user specified settings to be reset. C:\Windows\system32>netsh int teredo set state client Ok. C:\Windows\system32>After restart I dont see any changes. uToprrent IPv6 logger tab is stay, IPv6 installed, that's all. ipconfig /all -> I sent for U via PM.
Unfortunately, you don’t have a native ipv6 address. What you do have, is a 6to4 address, which allows for tunnelling of ipv6 data over ipv4 networks, without the need for a server endpoint.
Settings for ipv6 in CIS are to be found under ‘Firewall/Firewall Behaviour Settings/Enable IPv6 Filtering’, which I assumed you had enabled, as your logs appear to be aware of IPv6. Ipv6 settings are also found in the rule creation dialogue boxes. (see images)
When creating rules, you may set the protocol field to IP, TCP or UDP and the address fields to ipv4 addresses, ipv6 addresses or the generic ANY, which will assume both ipv6 and ipv4. In the description of your uTorrent rules, you appear to be allowing TCP and UDP both IN and OUT, which should be sufficient.
What you could try, is adding some additional rules to utorrent that specifically use your 6to4 address. For example, to just test for ipv6 activity:
Action - Allow and log
Protocol - IP
Direction - OUT
Source Address - Your 6to4 address (2002…)
Destination Address - ANY
IP Details - ANY
Place this above the other utorrent rules and see if any log entries are captured. In theory, doing this shouldn’t make any difference because you’re placing data inside ipv4 frames before sending.
Another option may be to disable the 6to4 and ISATAP adapters and try again to add a Teredo adapter.
But Ur quest:After restart I dont see any changes. uToprrent IPv6 logger tab is stay, IPv6 installed, that's all. ipconfig /all -> I sent for U via PM.
Thank you for the information, I just wanted to check if the ipv6 protocol stack had any problems, which it appears it did not.
Personally, I use a tunnel broker for my ipv6 connectivity, which is terminated at my router, so I don’t have a 6to4 configuration available to play with. If I get the time later today, I’ll try and configure something. Failing that, I’ll make some inquiries elsewhere.
Edit:
I had another thought. If CIS isn’t filtering this traffic correctly, you could try adding a different kind or rule that allows ipv6 encapsulated traffic to be sent via ipv4 frames specifically, using protocol 41. (see third image)
Action - Allow and log
Protocol - IP
Direction - OUT
Source Address - ANY
Destination Address - ANY
IP Details - Custom - 41
This is only a test and can be ‘tweaked’ later.
[attachment deleted by admin]
This is clean.
I found this: https://forums.comodo.com/empty-t38465.0.html topic, this show all comm. with teredo.
Thank for answer.