I am not sure when it started, but Comodo is blocking any port forwarding I try to do.
If I go to canyouseeme.org and put in the open port, it shows as closed. If I disable Comodo, then it shows as open.
Any assistance would be MUCH appreciated!
I am not sure when it started, but Comodo is blocking any port forwarding I try to do.
If I go to canyouseeme.org and put in the open port, it shows as closed. If I disable Comodo, then it shows as open.
Any assistance would be MUCH appreciated!
Have you created a global rule to allow incoming connections on that port and put it on the top of the list?
No, because that port can change.
You’re telling me that I’m going to have to change that rule every time the port changes?!
Depends on other global rules, could you post your other global rules (if any)? (Screenshot would work) I just want to be sure whether or not you have any rules that block all incoming connections, if you do then of course you need a global rule to overrule that rule for the ports that you want to allow incoming traffic on, or you could remove the block all incoming rule. If you don’t have any global rules that should interfere with incoming connections then no you shouldn’t have to create any global allow rules and I’m not sure what the problem would be at that point.
Here are the current (default) settings - I added the Port Forwarding setting (at the top of the list, per your instructions).
Since the default IP Block is the last setting, which explicitly blocks, wouldn’t it make sense that the default would be that all ports are open?
Thanks!
[attachment deleted by admin]
What exactly does the “Port Forwarding” rule say (Protocols, source IP, destination IP, Source Port, Destination ports, etc) and what ports do you want to port forward? Also did the rule make it work?
I’m not sure exactly what you mean but let me explain most of the rules you have in there and what they mean in practice.
Allow All Outgoing Requests If The Target Is In [Home #1]
This rule will allow all outgoing requests if the target is in your LAN, for example it would allow ExampleApplication.exe to send outgoing requests to for example your phone, or other devices connected to your LAN. (This rule doesn’t interfere with Port Forwarding)
Allow All Incoming Requests If The Sender Is In [Home #1]
This rule will allow all incoming requests if the sender is in your LAN, for example it would allow your phone or other devices on your Lan to initiate a connection to your computer. (This rule doesn’t interfere with Port Forwarding)
Allow IP Out From MAC Any To MAC Any Where Protocol Is Any
This will allow all outgoing requests no matter what, in my personal opinion this is a security issue and I would personally have removed this rule, for example it means that ExampleMalware.exe is able to connect to the Internet without any alerts. (Does not interfere with Port Forwarding but is in my opinion a security risk)
Allow ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is FRAGMENTATION NEEDED
Just leave be
Allow ICMPv4 In From MAC Any To MAC Any Where ICMP Message Is TIME EXCEEDED
Just leave be
Block IP In From MAC Any To MAC Any Where Protocol Is Any
This rule will block ALL Incoming connections (Except those that are overruled due to the above rule to allow incoming connections from the LAN) This means that all incoming connections will be blocked, meaning when canyouseeme.org tries to connect (incoming) it is blocked. (Interferes with Port Forwarding, i.e Blocks it)
So there you have it, the last rule in your global rules will block all incoming connections, incoming connections are needed for external computers to be able to connect to your Computer. You have at least two options, the first is to create a rule that allows incoming traffic on the ports that you want and put it at the top (Like the “Port Forwarding” port you have) but this is in and of itself a security issue in my personal opinion since it allows ANY person to connect to you over that port. Now the second option is to remove the Block IP In From MAC Any To MAC Any Where Protocol Is Any and the Port Forwarding rules and then go with that, then you won’t have anything that blocks the incoming traffic but you won’t have anything that allows it by default, hence the CIS Firewall will now ask what to do with the incoming connection on a per application basis. However canyouseeme.org MAY still show you as closed, it depends, it may try to connect to an open port but there is no application listening to that port and in that case CIS may simply block the connection which to canyouseeme.org may look like a closed port, the best way to actually test it is to have a program set up that accepts incoming connections on a certain port and then connect to it over that port to see if it work, a good example to test would be a torrent program, you could check the Active Connections to see if it has any incoming connections (make sure a legal torrent is downloading though)
I hope that helps… Maybe I just made it more confusing… :embarassed:
Thank you! I will keep all that in mind.
Don’t know, but I think this could be a good candidate for a STICKY - you pretty much summed up all the issues (I’m sure I’m not the only one with these issues/questions)