Change the rule for the HFS app from ALLOW to ASK. What kind of alerts do you get when somebody tries to access the web page? If you’re not getting any alerts, then its a different app that’s getting hit instead, OR some global rule is intercepting access attempts.
Global rules are implemented first inbound, then application specific. For outbound its by application first, then global rules.
I get this alert from Comodo when someone tries to access my web page:
But even after allowing it others cannot enter my web page.
What sort of Global Rules should i create?
In my first post i mentioned that i followed the utorrent guide from this forum, can you kindly take a look at that guide and tell me if that is blocking HFS?
Can you show show me a screenshot of your Global Rules (Firewall → Advanced → Network Security Policy) as well as your Application Rules (Firewall → Advanced → Network Security Policy)?
I tried both. The screenshot was when my friend tried to enter from LAN. But i also asked my friends to access from the web and the weren’t able to enter my web page.
The application rule you made for HFS will only respond to traffic coming from the local network.
In conjunction with the application rule you made you need to make a Global Rule to have an open port for incoming traffic. Read the following tutorial I made. Substitute the port number and protocol for your situation.
To open the port TCP 1723 for example
First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.
Notice that Physical address = MAC address
Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port
Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723
Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.
Now the situation will work for the LAN. To be able to receive traffic from the web you need to change the HFS rule. You think you can handle that?
EricJH i followed your rule with LAN and for HFS Rule i am not sure.
I tried doing the same thing you mentioned with the HFS Rule from Firewall>Advanced>Network Security Policy>Application Rules>HFS>Edit>Add and added you rule with port 80 as Destination port.
Odd. Everything looks like it should be. Is your port 80 open on your router?
Can you post a screesnhot of the firewall logs? They can be found under Firewall → Common Tasks → View Firewall Events.
Can you add at the bottom of the HFS rule a Log and Ask all incoming IP rule? This is to see if we are missing any traffic. Can you then post a screenshot of the firewall logs after you put this rule in motion.
Ok EricJH i am gonna do that and post the screensot of my log. BTW i am not using any router. i have a broadband connection.
Thanks to burebista for testing HFS.
BTW is there a chance that these utorrent rules are interfering with the Global Rules:
Add the following rules:
Rule 1
Action = Allow
Protocol = TCP or UDP
Direction = In
Description = Rule for incoming TCP and UDP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = the port of utorrent
Rule 2
Action = Allow
Protocol = TCP
Direction = Out
Description = Rule for outgoing TCP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = A port range = (start port = 1025 / end port = 65535)
Rule 3
Action = Allow
Protocol = UDP
Direction = Out
Description = Rule for outgoing UDP connections
Source Address = Any
Destination Address = Any
Source port = the port of utorrent
Destination port = A port range = (start port = 1025 / end port = 65535)
Rule 4
Action = Ask (enable Log as a firewall event if this rule is fired)
Protocol = TCP
Direction = Out
Description = Rule for HTTP requests
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = 80
Rule 5
Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any
Start utorrent. When Comodo asks you with a popup, choose Treat this application as select utorrent and enable Remember my answer.
Have a nice file sharing. Wink
Additional Notes
If you have connectivity problems:
Go at Firewall → Common Tasks → Stealth ports wizard and select
Alert me to incoming connections- stealth my ports on a per-case basis
Because of a bug you must change the rule 4 (for HTTP requests) to allow. I hope this will be resolved with the next updates.
Let’s not divert attention to uTorrent at this point. I was wondering. I gave you a little tutorial on how to open a port with CIS which uses port number 1723. I just want to make sure you used port 80 instead of 1723.
It didn’t work again.