would this procedure allow to run both utorrent and separate web pages smoothly at the same time? i find that whenever utorrent or soulseek is up, my web pages take MUCH longer to open up, sometimes even cancelling 
Maybe because uTorrent or SoulSeek is hogging your bandwidth. Did you ever think of that? Check how fast the downloads are when that happens. That’s normal. I get that also.
i am using bittornado, set it to use ports 26666 - 29999
behind a router & CFP. so portforwarding using CPF doesn’t fully help too much.
a few questions…
-
What considerations should i have when behind a router? maybe the router “NAT-ed” my ports → what i learnt looking at logs. but if i use Application Monitor, allowing all ports should be sufficient? no need to portforward using Network Monitor?
-
how should i configure the router → currently used Port Triggering & Firewall rules. i think port triggering is safer right? but how should i know the trigger port all that? also the source & destination. say i have Allow TCP/UDP In → source IP should be Any destination is My Com, then for Out ould be opposite. if in the logs i see it used TCP/UDP In/Out i shouldn’t be using In & Out rules separated?
IceAngel89,
There are some steps you need to take to get this to work properly.
-
Assign a single specific port for each protocol (TCP, UDP) in your p2p app, rather than a range. Make sure to disable the UPnP function within the p2p app.
-
Forward those ports in your router.
-
In CFP’s Network Monitor, create a rule (or rules) to Allow In those protocols to those Destination Ports.
-
Make sure your Application Monitor rule for the p2p app Allows In/Out traffic for those protocols. You do not need to specify ports there, unless your Alert Frequency is set to High; if so, you will need separate In and Out rules, instead of combined.
There may be some other tweaks necessary depending on your setup, but this is what you need to get started.
In answer to your question 1. CFP has a layered security, where Inbound traffic must first be approved by the Network Monitor, then Application Monitor. Especially with p2p applications, you do not want to try to bypass Network Monitor.
For question 2, see the first post in this thread. It will give you an example of how those Network Monitor rules should be structured; just substitute the ports you choose for the examples given there.
LM
First Sorry for my bad english
For my emule i made following rules
In AM i´ve got 2 times emule
Destination: all
port: all
protkoll: tcp/udp in
Destination: all
port: all
portokoll tcp/udp out
In NM i´ve got following rules
protokoll : tcp in
source: all
destination: my internal ip adress
source port : all
Destination port: my emule port
protokoll: udp in
source: all
destination: my internal ip adress
source port: all
destination port: my emule port
Is this ok in this way ? I have a High ID but the download speed is much slower than i worked before comondo
Luigi,
You may want to look at CFP’s Activity Logs for blocked traffic during the time that you’re using eMule. You may find that you’re blocking various ICMP traffic related to eMule, and it may help to create some Network Rules to allow that.
LM
there are only a few icmp traffic blocked, but in the log is a few blocked udppacktes with the discreption fake udp packets.
But in the meanwhile the traffic speed is all right
Well, Luigi, as long as it is working, then there is no need to break it… 
LM
I’m having the same problem with UDP packets.
Manual rules set according to tutorial.
Connecting to kad network works like a charm , but once I perform a search on kad i get just a few replies . Tried some keywords that used to get me 300 results , now I get 10.
At the same time Comodo logs show me a huge list of blocked UDP packets being them fake/malformed or fragmented IP packets.
I guess there are those 290 results i’m no longer getting.
Is there any way to get rid of this?
Tnx.
NVM , I missed the “protocl analysis” feature … my bad.
I followed the suggestions in this topic regarding setting up rules
currently using utorrent 1.6.1
seems to work ok as far as downloading and uploading are concerned but when I go to one of the private torrent sites that I belong to - the site says: “connectable: No”
At one time it read “connectable: YES” (not sure how I did that) but last week I uninstalled and reinstalled a few things on my computer and now I can’t seem to get it connectable again.
what am I doing wrong??
penn, the first easy test to do (to see if it’s related to Comodo) is to briefly change CFP’s Security Level to Allow All to see if you can access the private site. If you can, we know there are CFP rules issues. If you can’t, that pretty much rules CFP out as the source of the problem. In any event, I would not advise downloading this way; it’s just to test if you can access the site (as Allow All effectively removes all CFP protection).
LM
I’m new with this and need some help.
I have read this tutorial and the proper NM rule config.
I have made the Rule for TCP protocol and the Rule for UDP protocol
using the configured Emule destination port.
When I start eMule and try co connect to a server, the connection fails by timeout
The activity log has many entries (every 10 seconds or so) like this one:
Descrip:Inbound Policy Violation (Access Denied, ICMP= PORT UNREACHABLE)
Protocol:ICMP Incoming
Source: Changes IP and port en each entry
Destination:xxx.xx.xx.xx:28076 (wich is my modem default gateway address)
Message: PORT UNREACHABLE
Reason: NM default last block rule
Any idea?
Thank you!
(V)
Moderator’s Edit: masked public IP for user’s privacy
This sometimes happens with p2p applications. Right-click that last block rule, select Add/Add Before. Build the rule:
Action: Allow
Protocol: ICMP
Direction: In
Source IP: Any
Destination IP: Any
ICMP Details: Echo Request
That should take care of it. CFP blocks the ICMP request before it reaches your computer, then causes a message to be forwarded so that the application knows (thus, the “port unreachable” message).
You may find other ICMP issues w/p2p applications, and end up allowing more that just Echo Requests. Some do, some don’t. Some users find allowing these increases their speed; others don’t find the difference significant or consider it worthwhile.
LM
PS: I edited your post regarding the IP address you posted, as this is your external/public IP addy (for privacy).
I’m new to comodo firewall and i’m not a computer expert since i’ll pass out just by looking at data only. First, thank you coz now I have the green light in my utorrent. but, i’m wondering, does this mean ‘anything’ (like spyware and virus) can slip into my computer using the specified port for my utorrent? How can I know, only utorrent is allowed to use that port? (M)
As part of CFP’s layered security, in order for an unsolicited Inbound connection to be accepted by Network Monitor, there has to be an approved application (ie, Application Monitor) actively listening on that port.
If some spyware/malware/etc tries to gain access to listen to that port, you will be notified by either Application Monitor or Application Behavior Analysis (provided you have not turned either one Off). Thus, you are still safe. For a higher level of control, make sure that all of the applications listed in Application Monitor are only Allowed Outbound connections; not Inbound (then they can’t listen, regardless - except for your p2p, etc, apps).
If you want complete total control (ie, the paranoia sets in…), you will need to increase Alert Frequency to High (as this includes Port detail) and create port-specific application rules for everything in the list. Again, make sure there are no Inbound rules except for the p2p (or other apps that need them).
LM
Ok…, I’m confused here. Do I have to do frequent check at Application monitor and Application Behavior Analysis? Another thing, when I don’t use my torrent client, does that mean the specified port is available (open) for anything else to go in/out?
And, I have another application that need for port listening. And CFP ask me whether to allow or to deny… I allowed it but when I checked in Application Monitor, its not written there as rule… Is this mean that the port only open for that application?
How many applications can use the same port?
Thanx…!
ashleyna,
You might want to read the explanation about CFP’s layered rules in this thread:
https://forums.comodo.com/index.php/topic,6167.0.html That should help you get a better understanding of how it all works.
Another thing, when I don't use my torrent client, does that mean the specified port is available (open) for anything else to go in/out?No. As I stated before, there has to be an agreement between the monitors, and an application has to be actively running on that port. And in order for an application to be connected, you would have to allow it. The tutorial goes into more detail on that.
And CFP ask me whether to allow or to deny.. I allowed it but when I checked in Application Monitor, its not written there as rule..If you don't check "Remember" no rule will be created. The connection will be allowed for that session only; no permanent rule.
The thing to remember here is that CFP does not open or close ports. The system does that, in conjunction with the requesting application. If a port is not in use, the system should be closing it. What CFP does in that respect, is it controls traffic access (ie, Network Monitor) and application access (ie, Application Monitor), based on the combined ruleset. Again, see the tutorial for more detailed info.
LM
Ok, I think I understand. I shouldn’t worry too much since CFP is great in doing its job. Thanx for the explanation, Little Mac! (:WAV)
No problem; glad to help.
LM
Hi.
Having a little problem here with Kad Low ID.
All ports are forwarded on the router, so no problem there. However, there seems to be a problem with Comodo. I’ve set it to allow the ports used for emule. All directions and stuff are set correctly, moved above the block rule, etc.
When I boot up eMule, I can see a lot of Inbound Policy Violations on the activity log.
Severity :Medium Reporter :Network Monitor Description:Inbound Policy Violation (Access Denied, ICMP = [i]NET UNREACHABLE/PORT UNREACHABLE/HOST UNREACHABLE[/i]) Protocol:ICMP Incoming Source: [i]All kinds of sources here[/i] Destination: 192.168.1.64 Message: [i]NET UNREACHABLE/PORT UNREACHABLE/HOST UNREACHABLE[/i] Reason: Network Control Rule ID = 8My log is also full of these messages.
Severity :Medium Reporter :Network Monitor Description: Inbound Policy Violation (Access Denied, Protocol = IGMP) Protocol:IGMP Incoming Source: 10.**.**.* Destination: 224.0.0.1 Reason: Network Control Rule ID = 8
I tryed Little Mac’s method on the top of the page - still low id.