Emule and bittorent tuttorials

Pina · December 10, 2006, 1:10pm

Chaosas dear newbie, read my post carefully.

AOwL™ actually I am wide open, because right after I add the TCP In rule Activity Logs stop. Maybe I would be safe if emule run all the time, but it doesn’t.

pandlouk · December 10, 2006, 2:07pm

You are not wide open.
The first line of defence of CFW is “Network monitor”.
The second line of defence is “Application Monitor”. If no programs access the ports that you open in network monitor, then those ports are blocked and stealthed by the “Application Monitor”

Pina · December 10, 2006, 4:22pm

Do you mean that when Network Monitor has some TCP port open, they are still closed because Application Monitor blocks them?
I created a rule “Allow & Log” for my TCP port. Emule was not running. During an hour I got 14 info messages of Access Granted through my TCP port of some IPs that I see for the first time.
What are these?

AOwL · December 10, 2006, 5:07pm

Do you have the default block rule at the bottom (IP in/out)?

pandlouk · December 10, 2006, 5:13pm

Yes.

These logs mean that network monitor accepted the packets. It does not mean that they arrived at your pc. If you have closed emule, then those packets where dropped by the “Application Monitor”.

ps.Go at pcflank and do an online scan of those ports. you will understand what I 'm talking about.

Pina · December 10, 2006, 7:50pm

I do.

pcflank cannot get my IP and doesn’t want to test ports.
Whatever… I still don’t believe you since I saw “Access Granted” in the Log 8)

pandlouk · December 10, 2006, 7:57pm

Since I can see your IP then pcflank can see it too! ;D

AOwL · December 10, 2006, 8:10pm

Can you try that again, and do it right after a reboot, without starting any programs?
Right click the log and save as html. post it here.
Also make a screenshot of your network monitor rules. Make sure you can read things in that screenshot.

Pina · December 11, 2006, 10:12am

Here: http://voila.pl/755j1/?1 and here: http://voila.pl/755j1/?2
Half of the log is after reboot, the rest is without TCP/UDP rules.

m0ng0d · December 11, 2006, 8:39pm

Pina post:58:

Hi!
I’ve read all emule topics and I don’t think they solve my problem with Low ID. My knowledge of internet is small so excuse my naive language :
The only ports that are accesible from outside my WLAN are exactly the ports that Emule needs to have High ID. Also Comodo’s Activity Logs show lots of Inbound Policy Violations to these ports. So I think it is quite obvious that I cannot open these port since this would make Comodo Firewall useless. Am I wrong?
I tried to add to Network Monitor IP’s of all emule BiG ■■■■ servers and got High ID, but only theoretically - I could only download from High ID users - as in Low ID.
Is there a solution that wouldn’t open my PC to the whole wide world? Allowing ONLY emule to use my open ports? Help!

P.S. If there isn’t, which free firewall can do that? (:TNG)

Pina,

I beleive that you can accomplish what you want, but it may require a bit of effort to maintain over the long run.

Firstly… The network control rules are pure traffic shaping. They allow or deny “generic” traffic with disregard for what application (a.k.a traffic shaping). Protocals and ports can be defined at this level.

Secondly… The application control rules control specific applications, and can be defined down to the port for what traffic hits/leaves the applications (if the communication passed the network rules).

I beleive that what you will want to do is change your Alert Frequency (within the Miscellaneous section of the Advanced tab) to High…

At this frequency, the firewall will show alerts for outgoing and incoming connection requests for both TCP and UDP protocals on specific ports for an application.

Now what this is going to allow you to do is control, right down to the port, what communication your application(s) can work with. But on the outset, almost appears to doom you to a fate of answering a plethora of application popups for every new port that comes the applications way (notice how the default application rules are set to port Any). But the good news is that you might enjoy playing with a new combination for an application rule…

Action: Block
Protocal: TCP or UDP
Direction: In
Destination: Your IP or Zone
Destination Ports: enter the port(s) you want to allow
Destination Ports Exclude: True (check the box)

…what this style of rule does in English is… Block the incoming TCP/UPD traffic to this application for all ports except the ones I’ve specified.

I’ve noticed that in one of your screenshots that you do have some Allow & Log rules. This is great, and you should have a rule like that set so that you can see all port requests on that protocal… as you may need to tweak your application rule using information logged there if suddenly a communication attempt is blocked on the application rule side.

I understand where you were coming from about being “open”; especially when the default ports for any application rule are “Any” for the lower Alert options.

And for the record, I see some misinformation has been put your way.

Inbound rules are unsolicited traffic… meaning you didn’t request the communication… IP of “Any” on an incoming rule means that anybody on the LAN or WAN “could” send you a packet.
Outbound rules imply an incoming response is allowed to your request… an Inbound authorization for the results of the Outbound request you made.
For anyone that needs more details on rules and traffic, please refer to my How To - Understanding & Creating Network Control Rules properly

Pina · December 12, 2006, 4:43pm

Probably that’s the problem.

no application running - ports blocked
emule running - ports enabled only for emule

Seems that Comodo is useless for me.
What’s more worrying is that at the beginning of this topic you encourage people to open ports that can be used by anyone on the internet.

AOwL · December 12, 2006, 4:59pm

What's more worrying is that at the beginning of this topic you encourage people to open ports that can be used by anyone on the internet.

The port is not open!
Even if you open a port with an IN rule in network monitor, it’s closed/stealth when you are not using it. YOU have to start a program (emule) from INSIDE your PC to open it. Then when it’s in use, it’s still closed from outside if YOU/emule have not requested a response.
I think I got it right… ;D

Probably that's the problem.
* no application running - ports blocked
* emule running - ports enabled only for emule
Seems that Comodo is useless for me.

Why is it a problem that the ports are blocked???
If you want your computer open, don’t use a firewall…

First you complain that it’s closed, and then in the same post you complain that it’s open… :
I don’t get it… ???

Pina · December 12, 2006, 5:17pm

“Probably that’s the problem.” in my last message was about the quote above.
The list below is what I want to have.
If the port is closed when no program is running what does that:

Date/Time :2006-12-10 22:16:38 Severity :Low Reporter :Network Monitor Description: Information (Access Granted, IP = my IP, Port = xxx) Protocol: TCP Incoming Source: 201.68.76.168:12569 Destination: my IP:xxx TCP Flags: SYN Reason: Network Control Rule ID = 1

mean?? And no, I haven't requested any response from noone 5 times every minute.

pandlouk · December 12, 2006, 6:24pm

I explained what it means in one of the above posts.

If you disable “Network monitor” on CFW then it will work as most of the other software firewalls.
“Application Monitor” drop these pachets.

An online scan from any security site will confirme that!

ps. download the latest beta if you want to have more detailed logs

conanx · December 14, 2006, 1:48am

Hi,
First of all please be patient for my english. I have just one question, does have to emule be in Application Monitor after applying those rules in Network Monitor?

I notice that first I did not put emule in AM and after while emule did disconect and I was able to connect to servers only after restarting emule.

Then I put emule in AM with allow all TCP/UDP in/out rule. So far High ID and no problems at all.

I ask for that because it was not mentioned in any topics about emule, just Network Monitor rules, so it was not so obvious. Also CPF id not ask for rules on emule, probably because it was part of svchost.exe, thats why it was not in AM on beginning.

By the way so far I am very happy with COMODO, after trying Kaspersky IS, Outpost, Zone Alarm and BitDefender I think my trust is highest with CPF!!!

If I understand correctly it is like having 2 in 1, kind of router security and software firewall. Not to mention CPF have highest scores in latest tests.

Thank you for your patience. (V) (:CLP)

AOwL · December 14, 2006, 1:54am

Yes you should have all your programs that connect to the net in application monitor.
The reason for not getting a popup for it at first, is probably because you have scanned for known applications, and Emule is in the trusted list.
You can go to activity/logs and see why some program is blocked, and where.
Good luck.

conanx · December 14, 2006, 2:08am

That was faaaast answer. Thank you very much now is clear, at list so far. :THNK

Yes I did scan.

(R)

Balterra · December 14, 2006, 2:56am

pandlouk post:1:

EMULE
A mini tuttorial of how to open ports for emule
First you must go at the “Network Monitor” panel.
There you should click with the right button of the mouse and choose “Add rule”->“add”
at the new window that appear you should put the following rules:

Rule for TCP protocol

Action = Allow
Protocol = TCP
Direction = In
Source IP = Any
Destination IP = your computer IP adress (you can also use “Any”, if you are using a modem and not a router; by this you won’t have to change the IP address every time you connect in internet )
Source port = Any
Destination port = the port your Emule uses for the TCP connections

Rule for UDP protocol

Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = your IP adress (or “Any” )
Source port = Any
Destination port =the port your Emule uses for the UDP connections

Bittorent
A mini tuttorial of how to open ports for bittorent and similar p2p programs
Go at the “Network Monitor” panel and add the following rule

Rule for TCP/UDP protocol

Action = Allow
Protocol = TCP or UDP
Direction = In
Source IP = Any
Destination IP = your computer IP adress (or “Any” )
Source port = Any
Destination port = the port your bittorent program uses for the TCP/UDP connections

You must move the rules up, over the default rule “Block IP in”. ( CPF “reads/applicates” the rules from the top to the bottom)

ps. Remember that for CPF “Source IP” is the adress of the computer which sends the data and “Destination IP” is the computer that receives them. When your computer sends data is consindered Source, when receives them is consindered Destination.

by pandlouk (R)

edit (27/10/2006)
For using the search in Kad you must disable the feature “Do protocol analysis”

IMPORTANT
you will have to disable the UPnP option from the program you use if you want this guide to work properly. If you don’t disable it you will have NAT problems.

example for azureus:
Azureus->Tools → Options → Plugins → UPnP
There uncheck “Enable UPnP”

I have followed this guide, but my emule gives me low ID. I wish that someone explain me the steps to open the ports. This firewall looks great, but the ports are closed :(.

Thanks for your help,

Balterra

AOwL · December 14, 2006, 3:12am

Welcome to the furum.

I will try to make you one,
first you hav to set the rules in your Emule.
Choose a port(s) with a high number like 54321
Then close Emule.

Go to Network monitor (security/network monitor).
Right click on your top rule and add/add after.
Do these settings.

Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : Any (or zone if you have one)
Source Port : Any
Destination Port : A single port : 54321

If it doesn’t seem to work, restart CF or reboot your PC.

Always remember to place your allow rules you make, above the default block rule.
Network monitor reads the rules from the top to the bottom.

Also check the log in activity/logs and try to see which rule that blocks your app.

Balterra · December 14, 2006, 10:20am

Thanks for your answer.
I don’t know how I can to make this:

I have to configure the rule follow yours instruccions, but mi emule is low ID too.

Thnaks for yyour help and sorry for my English,

Balterra