Emule connections problem [Resolved]

Hi guys,

I´ve a problem with low id in emule.
I´ve already set some rules in Network Monitor, allowing TCP and UDP(emule ports) IN, but still had low id.
Do i have to allow TCP and UDP OUT too??

Thank you very much.

Any ideas???

master kenobi,

Have you seen pandlouk’s tutorial? https://forums.comodo.com/index.php/topic,6167.msg45504.html#msg45504. This copy of it is in a locked compilation; it has a link back to the original where you can post questions if need be.

A couple quick things that might apply:

The Network rules MUST be above the Block & Log IP In/Out Any/Any rule, and that rule must be at the very bottom of the Network Monitor. This is because CFP filters the rules from the top, downwards.

You have to disable UPNP within emule, and also disable the automatic port allocation; set it to a specific port instead, which you will use in the Network Monitor rules.

LM

Thank you Little Mac.

But i´ve done all that things and still get a LOW ID in Emule.
Another thing; every time i start CFP, all other programs work fine, but after a while(2 or 3 hours)
some programs just freeze, like the antivurus update, or the webbrowser. I don´t know why.
I´ve done everything like the tutorials.

Something’s not set up correctly, if you’re not getting the green light. If you will do the following:

Open CFP’s Network Monitor to full-screen. Capture & save a screenshot as a jpg, png, or gif. Attach to your post under Additional Options.

Clear your logs (in CFP, go to Activity/Logs; right-click an entry and select “Clear all logs.” Reboot.

Open emule. When it doesn’t give you the green light, open the logs again, right-click and select Export to HTML. Copy from the HTML file (once you save & reopen it), and Paste as text into your post here.

LM

Espaço de Log:: Hoje

Data/Hora: 2007-03-12 18:14:10
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 88.241.70.197, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 88.241.70.197:3127
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:14:10
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 82.49.134.241, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 82.49.134.241:58926
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:14:10
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 83.18.143.242, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 83.18.143.242:2849
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:14:05
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 83.18.143.242, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 83.18.143.242:2849
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:14:05
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 88.241.70.197, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 88.241.70.197:3127
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:14:00
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 88.241.70.197, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 88.241.70.197:3127
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:14:00
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 83.181.226.51, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 83.181.226.51:40878
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:55
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 84.142.199.38, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 84.142.199.38:4672
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:55
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 89.142.115.140, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 89.142.115.140:1479
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:55
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 83.35.226.19, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 83.35.226.19:1939
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:55
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 88.8.61.56, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 88.8.61.56:18900
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:55
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 88.154.189.244, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 88.154.189.244:22936
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:50
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 83.35.226.19, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 83.35.226.19:1939
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:50
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 85.241.157.249, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 85.241.157.249:4672
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:50
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 88.154.189.244, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 88.154.189.244:22936
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:50
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 89.142.115.140, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 89.142.115.140:1479
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:45
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 83.35.226.19, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 83.35.226.19:1939
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:45
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 85.139.117.79, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 85.139.117.79:4672
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:45
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 88.154.189.244, Porta = 54662)
Protocolo: TCP Entrada
Fonte: 88.154.189.244:22936
Destino: 192.168.1.100:54662
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:45
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 82.50.12.185, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 82.50.12.185:4672
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

Data/Hora: 2007-03-12 18:13:40
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 87.20.186.254, Porta = 54672)
Protocolo: UDP Entrada
Fonte: 87.20.186.254:12328
Destino: 192.168.1.100:54672
Razão: ID da Regra de Controlo da Rede =10

[attachment deleted by admin]

Thanks, master kenobi.

I presume your Rules ID 0 & 1 are the emule rules, which you have as In/Out rules. This can confuse things, in my experience. They only need to be “In” (entrada). So they would look like this:

1. Rule for TCP protocol

Action = Allow
Protocol = TCP
Direction = In
Source IP = Any
Destination IP = your computer IP adress (you can also use “Any”, if you are using a modem and not a router; by this you won’t have to change the IP address every time you connect in internet )
Source port = Any
Destination port = the port your Emule uses for the TCP connections

2. Rule for UDP protocol

Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = your IP adress (or “Any” )
Source port = Any
Destination port =the port your Emule uses for the UDP connections

So make those changes… only “In” for direction, your emule port for destination, and make sure source port is “any.” Be sure to reboot after the changes.

The logs show that Rule ID 10 is blocking the inbound connections, so there’s a reason that the other rules are not allowing the traffic; I think it may be because of the current selection of “In/Out” instead of just “In.” In addition, if you selected a Source Port as well, that may be part of the problem.

Let me know if that helps.

LM

Now everything is ok!!! :BNC :BNC :BNC :BNC :BNC

I´m gonna wait a couple of hours and then i let you know.
Thank you very much for your advice. I think it was because i don´t restart the Comodo, at the begining, and then i´ve make a few mistakes.

Thank you again Little Mac.

and may the force be with Comodo Firewall Pro! (V) (V) (V) (V)

Great, I’m glad you have had some success there! Let us know if that keeps on working for you (or if it doesn’t…).

LM

Hi Little Mac,

Bad news!!! Something´s wrong with Comodo in my system (:AGY) (:AGY) (:AGY).
At the begining(as i told you ) everything is ok, but after a few hours
the Comodo just freeze my system. Even the web browser just don´t open the pages.
I have this:

Web browser–K-meleon
PeerGuardian
NoAdware 4
Ad-Ware SE personal
kaspersky anti-virus(6)
Ewido

After a few hours, one by one, everything just stop working. I have to restart the system because
nothing response. Even the Ctrl-Alt-Del don´t work.
What can it be??? ??? ??? ???

Thank you again Little Mac,
Have a good day

Look in the firewall logs for that time (when the loss of connection occurred) for a lot of blocked inbound entries, and let me know what you find.

Here’s what I’m thinking may have happened: After you close down your p2p application, the torrent doesn’t always know you’re gone, and keeps giving you the feed. Well, CFP blocks it. In some cases, it may be a sufficient amount of traffic that it resembles a denial of service or similar Flood activity, causing CFP to go into emergency mode and block all your connections.

In that scenario you will need to Add a new rule to the Network Monitor, anywhere above/before (lower Rule ID #) the bottom Block & Log IP In/Out rule. The rule will look like this:

Action: Allow
Protocol: ICMP
Direction: Out
Source IP: Any
Destination IP: Any
ICMP Details: Port Unreachable

This allows your computer to let the torrent know that you’re no longer there; this will stop the feeds to your computer.

You may also need to increase the Flood values in CFP, so that it doesn’t trigger so easily that way.

LM

But i don´t have close the torrent aplication(Utorrent), and the Emule . Everything is ON.
Is something about that ?
When i come home(I´m at work) i will post the logs here, for you.
I really need your help!!

Thank you again,

Okay, I’ll wait for the logs; that should show more about what is happening.

Also if you don’t mind, at that point post a new screenshot (full-screen), of your Network Monitor. If you can post two, that would be even better. One would be of the Network Monitor with your TCP rule highlighted (so the details appear at the bottom); the other would be of the Network Monitor with your UDP rule highlighted (so the details appear at the bottom). That will be helpful as well.

LM

Ok, i will post 2 screenshots.

Thank you again for your concern.

have a nice day

Why is it necessary to create such complex port-specific rules to set the eMule ports wide open?

Making Network Rules to open ports is something you’d do with a router, not a software firewall with application filtering.

The problem with opening ports with a Network Rule instead of an Application Rule is that the port is open for any other app that happens to listen on the same port (unless you specifically block it), and that the port stays open even when your eD2k client is not running.

Before Comodo I used Kerio. Berfore Kerio I used ZoneAlarm. It only took a simple Application Rule to allow inbound traffic to my P2P programs. Is it possible to make Comodo behave in the same way?

CFP doesn’t hold the port open; it’s not a firewall that does that. The port’s not open unless it is actively in use (ie, you’re running a torrent). Even having eMule running (without downloading) isn’t going to hold the port.

CFP’s Network Monitor functions in a fashion similar to a router; all communications by allowed applications happens in this context. It’s not just a software firewall with application filtering.

This is like port forwarding with your router. IF another application is running and accessing that port, then yes, there could be a conflict. Here’s why it’s important to turn off the automatic port assignment & plug n play w/in the p2p app, and assign a specific high port number. Also, with CFP, in order for the possibility of a connection to exist, there has to be an application allowed by the Application Monitor, in order for the Network Monitor rule to be of any purpose. And, that application must be running.

Sure. You can turn the Network Monitor off, then you’ll have Kerio or ZoneAlarm again, and the corresponding level of protection. Not, IMO, a viable option.

You might take a peak at this thread, starting here: https://forums.comodo.com/index.php/topic,7178.msg52479.html#msg52479. Although it’s about a different subject, this issue came up as well. This will also help you understand how CFP works a little better: https://forums.comodo.com/index.php/topic,6167.msg45450.html#msg45450; you’re looking for the explanation of layered rules (link in the first post).

Hope that helps,

LM

Thanx for pointing that one out. Since I already have a router I only need Comodos application filtering, so I’ve turned the network monitor off.

You’re welcome. It’s not something I advise, from a security standpoint, though.

CFP’s network rules go beyond what your router, and the Application Monitor is capable of, in regards to increasing security and controlling application access and network access. Once you learn more about how CFP works, and why, you’ll should see there IS a difference. However, that’s a topic for another thread…

If you know enough about computer security that you truly don’t need this layer of protection, you probably know enough not to need any firewall. Until that point, CFP, as designed, is currently the best firewall out there. For a reason.

LM

Hi Little Mac,

I´ve make some experiences, and i think the problem it´s(as you say) UTORRENT.
I lunch UTORRENT, and after ±2 hours the system(gradualy) freezes. And in Task Manager the cfp.exe was in 99%. Almost nothing works, not even the antivirus update. So, i switch of UTORRENT and after a few minutes everything is OK. Only PeerGuardian can´t make the updates, but i think it needs a rulle.
So what you think? Before i test the UTORRENT i´ve made that ICMP rule, so i think it needs something more.

The first log is from Peerguardian Updates, and the second is from the UTORRENT when i turn it on.

I´m sorry for disturbing you, but i really don´t want to go back to zone alarm, or another firewall.

Thank you.

Data/Hora: 2007-03-13 19:05:54
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, Protocolo = IGMP)
Protocolo: IGMP Entrada
Fonte: 192.168.1.1
Destino: 224.0.0.1
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:05:43
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = upnp-mcast(1900))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:upnp-mcast(1900)
Destino: 239.255.255.250:upnp-mcast(1900)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:05:18
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = upnp-mcast(1900))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:upnp-mcast(1900)
Destino: 239.255.255.250:upnp-mcast(1900)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:05:03
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, Protocolo = IGMP)
Protocolo: IGMP Entrada
Fonte: 192.168.1.1
Destino: 224.0.0.1
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:04:52
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = upnp-mcast(1900))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:upnp-mcast(1900)
Destino: 239.255.255.250:upnp-mcast(1900)
Razão: ID da Regra de Controlo da Rede =9

Data de Criação: 19:07:37 13-03-2007

Espaço de Log:: Hoje

Data/Hora: 2007-03-13 19:07:34
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, Protocolo = IGMP)
Protocolo: IGMP Entrada
Fonte: 192.168.1.1
Destino: 224.0.0.1
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:29
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = nbname(137))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:4301
Destino: 192.168.1.100:nbname(137)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:24
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = nbname(137))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:4301
Destino: 192.168.1.100:nbname(137)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:24
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = upnp-mcast(1900))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:upnp-mcast(1900)
Destino: 239.255.255.250:upnp-mcast(1900)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:19
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 89.122.151.143, Porta = 36283)
Protocolo: TCP Entrada
Fonte: 89.122.151.143:2214
Destino: 192.168.1.100:36283
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:19
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = nbname(137))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:4300
Destino: 192.168.1.100:nbname(137)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:14
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 89.122.151.143, Porta = 36283)
Protocolo: TCP Entrada
Fonte: 89.122.151.143:2214
Destino: 192.168.1.100:36283
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:09
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 89.122.151.143, Porta = 36283)
Protocolo: TCP Entrada
Fonte: 89.122.151.143:2214
Destino: 192.168.1.100:36283
TCP Flags: SYN
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:07:04
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = nbname(137))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:4300
Destino: 192.168.1.100:nbname(137)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:06:59
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = upnp-mcast(1900))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:upnp-mcast(1900)
Destino: 239.255.255.250:upnp-mcast(1900)
Razão: ID da Regra de Controlo da Rede =9

Data/Hora: 2007-03-13 19:06:54
Severidade: Média
Relatado: Monitor de Rede
Descrição: Violação da Politica de Entrada (Acesso Negado, IP = 192.168.1.1, Porta = nbname(137))
Protocolo: UDP Entrada
Fonte: 192.168.1.1:4299
Destino: 192.168.1.100:nbname(137)
Razão: ID da Regra de Controlo da Rede =9

[attachment deleted by admin]

master kenobi,

First part, regarding peerguardian:

I only have two rules for peeguardian in CFP; both are in the Application Monitor only. One Allows TCP Out, the other Allows UDP Out.

There are no Network Monitor rules for peerguardian and it works just fine.

The logs you posted are related to multicast; this has nothing to do, as far as I know, with PG. I just ran a manual update on PG to check the connections, and this was not an issue. Looks more like this is your router, based on IP address. Some routers use IGMP; generally it is not needed by your computer/connection, unless you’re specifically using it.

LM