For some reason I need to have the DNS Client disabled from WinXP’ Services.
By doing that, uTorrent won’t connect at all.
I’ve managed to improvise a Rule
Action: Allow
Protocol: UDP
Direction: In/Out
Source Address: Any
Destination Address: Any
Source Port: A Single Port - Port 53
Destination Port: A Single Port - Port 53
With this Rule for uTorrent, I can connect and download alright but there are many errors listed in Firewall Events that look like
uTorrent (application) / Blocked (Action) / UDP (Protocol) / 192.168.10.101 (Source IP) / 55553 (Source Port - which waries in the high 50k’s) / 192.168.10.1 (Destination IP) / 53 (Destination Port)
I recognize some problems since Source IP is the router and Destination IP is the modem (so that I can access both from one pc) but I have no idea how to separate them from Comodo’s rules…
The thing that instantly strikes me is that a) The rule should be for Out only (bi-direction rules with ports specified rarely work as expected & DNS queries should not be inbound) and b) the Source Port should be Any (it will not be 53, which is why the bi-directional rule will not work).
If you disable the DNS client some applications will start sending their DNS queries directly to your configured DNS Server(s) of your connection, i somehow doubt that 192.168.10.101 is your router, i think that’s the ip address of your PC, can you please verify using a command-box (Start, Run, Cmd) and then type:
ipconfig
And press Enter after that, it will show your IP Address subnet Mask and the Gateway Address.
I just modified it and it still gives out those errors. Thanks also for the explanation, it sounds right but wonder why it still shows up with those errors and uTorrent gives a “hostname not found” error but still downloads somehow… strange
Wow, you’re totally right about it! Ipconfig reports the IP as the one ending in .101 and Default Gateway as .1
Is there any workaround this issue from the Firewall rule or is it something system-wide and preferably DNS Client should be kept up and running?
Thanks, Josh
So… the PC’s (.101) DNS requests to the Gateway/Router (.1) are being blocked. The router acts as a DNS server (set-up against your LAN adapter’s IP/IP4 config in Windows)?
Can you post an expanded shot of the firewall’s Global Rules & the rules for uTorrent, thanks. Actually a screen shot of the firewall’s event log wouldn’t go a miss either.
Sorry, I should probably explain further. In most cases, the router (192.168.10.1) often acts as the DNServer. This is specified in Windows under the advanced options of the LAN adapter that the router is connected to. However, the router usually tweaks things to transfer those requests to the proper DNServers (primary & secondary) defined by the ISP. Routers often have browser-based status pages to show this information & to change it.
It’s odd that CIS is mentioning file LAN IP addresses in the blocks… this implies that CIS doesn’t know about the relationship between 192.168.10.1 & 192.168.10.101. I suspect it should be a trusted one. I don’t think CIS should interferer in LAN communications between LAN members & the router at all. Ronny?
Well that depends on your configuration, you can completely isolate your system from the rest of the LAN and not trust anything, then you also have to allow traffic from your pc to your Router in this case acting as a DNS Relay, it just picks up the DNS Query like www.comodo.com and forwards it to the upstream DNS Servers from the provider like you explained.
Now if you disable DNS Client on windows then the applications can no longer ask DNS Queries to the Windows DNS Client (Cache) and thus the application has to connect to the DNS Server configured on the IP Stack in this case the 192.168.10.1 so some applications need outgoing traffic like this configured:
Application X
Action: Allow
Protocol: UDP
Direction: Out
Source Any
Destination Any (Or Single ip 192.168.10.1)
Source port Any
Destination port 53
Once this is applied the Application should be able to connect to the DNS Server.
Kail had a great idea to look over uTorrent’s rules… upon verification, the DNS rule was located below the ‘Block and Log All Unmatching Requests’, upon moving it above, no more Port 53 ;D
Though, at the same time I opened a pre-set port in the router:
'Allow Virtual Server DNS WAN,* LAN,192.168.10.101 UDP,53 ’
should this be open at all or is not necessary?
The General Rules consists only of one single Block Rule:
‘Block ICMP In From IP Any To IP Any Where ICMP Message is ECHO REQUEST’
I’ll apply Ronny’s rule to any app from now on that shows up with those errors. Glad it works now but I think it’s even better that now at least I have an idea on what is going on, at least I hope I do
Just wanted to do an edit since only now I realized it was located in the Virtual Server (too much tweaking around) and saw your post.
Now it works alright thanks to you guys!
Josh
