The situation is like this: I have just started to use a new VPN service and I use Comodo Firewall to create rules for my Torrent application – so that it just allows communication through the VPN tunnels IP range. This is something that I have used for a long time with many other VPN services, so I know what it´s supposed to look like.
The thing I can´t understand is this: For my Torrent application I have made the normal ALLOW - IP IN and ALLOW IP OUT Rule in Comodo (from and to the VPN servers internal IP range) and also the General BLOCK everything else Rule. I have then tried to download; and I worked just great. I can see that all the traffic is going through the VPN tunnel and the general BLOCK Rule would otherwise show the intrusion attempts – and there is none. = great.
But then I also need to OPEN a PORT in the VPN service to be able to get additional single incoming connections. So I open up a specific port in the VPN service, and I add this information to the Torrent application. And yes……it then starts to accept single incoming connections as well – and the Torrent application is showing that the network is working as it should = great!
The difference is however: now with the PORT OPEN, Comodo Firewall shows a lot of intrusion attempts - the general BLOCK Rule has been “tripped”. At first this made me really nervous – thinking there was something wrong with the VPN service (a leak) or the created rules in Comodo - but the rules are fine. When I look closer at the intrusion attempts I can see that they are all from the Torrent application trying to directly connect FROM my INTERNAL IP address – given to my computer by my router, TO the VPN EXTERNAL IP address. In this case it tries to connect my internal: 192.1XX.X.XXX to the VPN´s external IP 94.XX.XXX.XX.
I have never had the Torrent application try to connect directly from my internal IP to the VPN servers external IP before. Not in any of the other VPN services I have used. (There are no other intrusion attempts being made at all, not in any case – just these from my internal to the external VPN). I can also see that the PORT being used for all the connection attempts is INFACT the one I have opened up in the VPN service. So I do understand that I has something to do with the port forwarding function somehow. If I close the port in the VPN service, the connection attempts stops – all of them.
My questions are: What are these connection attempts? Is this normal? Do I have a security problem/leak? AND should I allow or block them?
One other funny/strange thing is: If I do ALLOW these attempts in Comodo – I can´t seem to find them anywhere? The Torrent application is not showing any active connection being made from my INTERNAL IP. But in the “rule log” in Comodo I can still see the attempts being made from the tripped general “Block everything else” Rule. It also doesn´t seem to impact the speed AT ALL - for the torrent down/up loading - if I block these strange connections attempts or if I allow them. The speed is, from what I can see, exactly the same.
I´m very thankful if someone knowledgeable can help me understand this! Thanks.
(I´m on Windows 7, x64. And I have disabled IPv6).