I’ve a problem with Skype file transfers and Comodo Fire Wall. When nothing is configured, Skype can talk but it can’t transfer files (unless realyed - which is VERY slow).
In order to make it work I had to 1) Disable advanced protocol checking 2) make the other computer (running Zone Alarm) “trusted” by Allowing all the protocols to that IP address (total 3 rules).
This is a kind of an awkward configuration that has to be repeated for each of my fellows on Skype…
Is there any way to make an application FULLY trusted ? I mean FULLY. By default CFW trusts Skype but for file transfers it is a problem.
Another issue is internet connection sharing. Can there be just one “tick” like in Kerio to enable ICS ? Why an interface MUST be declared TRUSTED in order to share connection with it ? Maybe I don’t trust it (it may be an old Win98 PC) but it should have some way of getting out…
Anyway, Skype file transfers are the most acute to me right now.
Skype file transfers have always been sloooow for me, and that’s even before i started using CFP.
It was/is a known problem related to Skype. I haven’t used it for a while,so i don’t know if they have improved the file transfer speed yet. In Skype settings you can set a port for it, and you can try to set a network rule for the same port in CPF. If you don’t know how, just let me know and i will help you.
Well, depending on a system they were, well, up to some 2000KByte/sec (on 100MBit LAN, before installing CPF). With proper CPF settings (as I said previously) they are like that. The problem is that the configuration must be done per IP address. When no specific configuration is provided, Skype can’t connect P2P and it makes the “relayed” transfer which tops at 3KByte/sec.
I’ll try your idea of opening “Skype specific” ports, it looks like some stable and “general enough” workaround.
I have a network rule for Skype, but i haven’t tried to send any files…
If you set up port 45555 in Skype (tools/options/connection), you should make a network rule in CPF like this.
Action : Allow
Protocol : TCP or UDP
Direction : IN
Source IP : Any
Destination IP : Any (Zone if you are behind a router)
Source Port : Any
Destination Port : 45555
Move the rule up to the top.
Restart the firewall.
Now, try if it works.
You can try to toggle the option “use port 80 and 443 as alternatives for incoming connections”, in tools/options/connection in Skype, just to see if it makes any difference…
In application monitor, you can try to check the boxes at “skip advanced sec…” and “allow invisible…”.
This is the way you can set up port(s) for P2P/Torrent programs and so on.
I use the stable Skype version. As a matter of fact, when there is no active call, Skype file transfer rates are quite impressive. Their file transfer appears fixed for more than a year, I think.
I’ve almost given up FTP applications, except for WinSCP needed for some SFTP accesible Apache server.
As for 8.5MB/sec download, it is really cool ! I’m not sure Microsoft can boast such speed…
More questions…
I’ve just turned on the “advanced protocol checking”, and it slashes the speed by 2!
Is it that necessary (the protocol checking, I mean) ?
I’ve also found that UDP:137 is a nbname port. Can an (effective) attack be launched from there ?
I’m not familiar with NetBIOS so I can’t judge that. The only reasoning is that if Skype worked previously with file transfers, without compromizing the machine (as far as I know), then it may be OK.
It’s like that it used to be… as soon as you hang up, the file transfer went really fast. Skype said that it was because their priority’s was in voice quality, the file transfer was only second… Voice calls do take a lot of bandwidth.
I had netbios turned off, but i turned it on again, since i couldn’t see the other computers on my network…
Download this program wwdc.exe and let it close all "dangerous processes/ports. I had to turn on the netbios one to see my network. It uses port 137, 138, 139
You can go to security/advanced/misc and uncheck “do not show alerts…” and put the security level slider to the top, so you will get a lot of pop ups, and then you can see more clear what needs to be blocked/allowed.
Yep, I agree with them, voice should have the priority, then video and only then data…
Since they don’t know available bandwidth, they default to a VERY low data rate, just in case.
WinSCP with SFTP works just fine.
Thanks for the link, I’ll try it.
Yes, the pop-ups can do a nice configuration job, along with the log. Thanks for the advice, just log can be too difficult (probably need to modify some rules).
I try to use the PC running CPF as a “router” or Internet connection sharing “server”. I’m connected to a university LAN, there is only one outlet and I must not use a bridge. Still I have to connect a laptop (in addition to the PC with CPF). Instead of playing with wireless I’m using “good old” Ethernet.
I’ll try to play around with NetBIOS and I’ll “report” (probably one of the next days).
If you have your own server you have to go to security/advanced/misc and check “skip loopback TCP”
You should have both checked. UDP is by default, TCP is not, just to protect you, IF you are behind a proxy.
It (skipping loopback TCP) was almost the first thing I’ve done after installing CPF, it is required by Google Desktop Search (they make an extensive use of the loopback).
I’ve run that nice piece of SW, the wwdc. It helped to plug some holes on my computers. Still I had to leave NetBIOS active (for the sake of LAN). I believe that, according to my current CPF rules, an alarm or log entry will be generated upon NetBIOS intrusion other than on 137 (needed for Skype).
Interestingly, wwdc couldn’t access/modifiy some registry entries. Is it Comodo’s “influence” ? Or can AVG be responsible ?
I don’t think it’s Comodo. It protects it’s own registry key’s only.
It could be the AV, or if you have a spyware program. They usually have some “active shield” or something like that.
Nice servers…