emule UPnP setting with comodo firewall?

i just recently installed Comodo and I have a question regarding the post from pandlouk about emule settings:

https://forums.comodo.com/index.php/topic,411.0.html

towards the bottom is says :

IMPORTANT:
you will have to disable the UPnP option from the program you use if you want this guide to work properly. If you don’t disable it you will have NAT problems.

Were you referring to router issues because I have the network rules setup exactly like the guide but if I disable UPnP on my Emule, ED2K will not connect and KAD is labeled as firewalled. If i turn on UPnP both connect and work fine. I turned UPnP back on so that Emule will work but I am concerned.

I am behind a U.S. Robotics router with the virtual server ports set to 4662 and 4672 like emule if that helps.

Is this correct or am I just to paranoid. Any ideas?

mcq360

Hello, Mcq360. Welcome to the Forums.
My own personal experience with this is: if it is connecting properly with the rules in place, you should be fine. I too am behind a router and let its firewall manage NAT.

John,

Thanks for your reply. Its nice to have knowledgeable folks here to help out the lost folks like me.I will leave the UPnP alone. I did have something interesting happen last night thought. I started Emule last night and it connected and started running fine but after about 30 minutes I went to to the firewall summary of Comodo and there was 1800 blocked intrusion attempts which scarred the hell out of me. I checked the firewall log and half were blocked TCP/ UDP attempts by Emule port 4662/4672 and other half were windows operating system blocked port 4662/4672. I immediately shut down Emule and disconnected from the internet. I ran SpyBot and then ran Avast. They found nothing. After the paranoia went away I re-connected the internet and then re-started Emule. After Emule connected there was a Comodo firewall pop-up on the screen that said Emule is trying to connect to internet and after consulting the Comodo Forum I went to do this: When Comodo asks you with a popup, choose Treat this application as select Emule and enable Remember my answer. Emule was not an option under treat this application as, it had web browser, windows install or updater,etc. Since Emule was not and option under Treat application as, I checked the allow option with remember my answer ,reconnected Emule and it worked fine all night. This morning i checked the network security policy for Emule and noticed that there were 4 new rules in front of the original rules 1-6 from: [i]https://forums.comodo.com/empty-t14735.0.html[/i] and it looks like this in this order:

  1. Allow all requests.

  2. Allow UDP in from any IP to IP any where source port is any.

  3. Allow UDP out from any IP to IP any where source port is any.

  4. Allow TCP out from any IP to IP any where source port is any.

  5. rule for incoming tcp connections.

  6. rule for incoming udp connections.

  7. rule for outgoing tcp and udp connections

  8. ping the server

  9. rule for http requests.

  10. Block and Log All Unmatching Requests.

I am assuming the first four rules showed up from me selecting Allow and not Treat application as.

Should I remove those first four rules?

Also any ideas on why Emule did not show up under Treat application as? ???

Thanks for your help.
Mcq360

That option is available when you create your own predefined firewall policy.
(the ruleset for eMule for example can be used to create this custom predefined policy)
These can be created from Firewall/Advanced/Predefined Firewall Policies.

What option where you referring too?

Sorry I am confused.

It seems that the only way to get Emule to work correctly on my computer is to either select allow application or to select trusted application on the Emule trying to connect to internet pop-up and then after the other rules are gone and there is only one rule in the network security policy: Allow all outgoing and incoming requests.

Both of these just don’t sound safe to me.

I have read the Comodo user guide and have set all other programs but at this point I am confused about the Emule program and its rules. I am confident that the other programs are set correctly but I am concerned that the Emule program is not and might be a weak point in my computer firewall.

Thanks for your help,
Mcq360

Hi mcq360:

I use rules I find in the forum, I don’t remember exactly where, were in Italian, but works fine for my.

  1. Go to : Firewall → Advanced → Attack Detection Settings → Miscellanous and disable Do Protocol analysis

  2. Go to : Firewall → Advanced → Predifined Firewall Policies and select Add…

Give a name at the new Predifined Policy for example: Emule

Add the following rules:

Rule 1

Action = Allow
Protocol = TCP
Direction = In
Description = Rule for incoming TCP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = your TCP port of emule

Rule 2

Action = Allow
Protocol = UDP
Direction = In
Description = Rule for incoming UDP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = your UDP port of emule

Rule 3

Action = Allow
Protocol = TCP or UDP
Direction = Out
Description = Rule for outgoing TCP and UDP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = A port range = (start port = 1025 / end port = 65535)

Rule 4

Action = Allow
Protocol = ICMP
Direction = Out
Description = Ping the server (edk network)
Source Address = Any
Destination Address = Any
ICMP Details = ICMP Echo Request

Rule 5

Action = Ask (enable Log as a firewall event if this rule is fired)
Protocol = TCP
Direction = Out
Description = Rule for HTTP requests
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = 80

Rule 6

Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any

  1. Start Emule. When Comodo asks you with a popup, choose Treat this application as select Emule and enable Remember my answer.

If you have connectivity problems:
Go at Firewall → Common Tasks → Stealth ports wizard and select
Alert me to incoming connections- stealth my ports on a per-case basis

Because of a bug you must change the rule 5 (for HTTP requests) to allow. I hope this will be resolved with the next updates.

If you still have some problems, there is last thing you can try.

I hope it works for you.

lol

[attachment deleted by admin]

Rolo,

I have my pre-defined firewall policy for emule set exactly from that guide.
I have tried setting the stealth ports wizard either with ports stealthed or stealth on per case basis but neither makes a difference.

The problem I am having is that i am getting two pop-up windows,

#3. Start Emule. When Comodo asks you with a popup, choose Treat this application as select Emule and enable Remember my answer.

I get that pop-up and follow it exactly… but then 1 second later there is another pop-up exactly like that one but emule is not available under the treat application as options. Only these are available:

Installer or Updater
Trusted Application
Windows System Application
Isolated Application
Limited Application

Which one do you choose???

There are two ways in which I got Emule to connect.

  1. I have chosen Trusted Application which made one rule for Emule that was: Allow all incoming and outgoing requests which can’t be safe or is it??

  2. The other option i have tried was to just to select: Allow request/Remember my answer, which then places a new rule on top of the original six rules set for emule. The rule is: Allow Ip In from From Ip Any to Ip Any Where Protocol Is Any. Is this safe??

I can try Creasy’s method but that bypasses the original rules anyway. Is that safe??

I have tried to explain this as detailed as possible but if does not make sense i can post actual screen clips to help.

Thanks for your help,
McQ360

This second popup is Defense+, asking if you started this program, and if so, how do you wish it run (the choices it gave you).
Since you have your ports configured correctly, you should be able to say (as far as the program goes) this is a trusted application.

John,
Thanks for your reply.
Makes sense but if you select trusted application why would Defense+ change the network policy rule for Emule from the 6 pre-determined rules to one rule which is : Allow all incoming and outgoing requests?

Does this defeat the purpose of those 6 pre-determined firewall rules?

McQ360

It shouldn’t change the Firewall rules.
If it is changed, just manually reset it back.

Hi mcq360:

Start eMule and try Installer or Updater when defense+ pop up ask you. Next go to Defense+ - Advance - Computer Security Police - Aplication: (C:\Program Files\eMule\emule.exe) eMule Installer or Updater and Edit this. Change Installer updater for Custom Police. Acces Rigths:

Keyboard - allow access
Disk - allow
Computer Monitor - allow
DNS client service - allow
Windows Messages - allow

Works for my, and never have another popup after the first start up.

Regards

Seems to be working now. I don’t have computer security police so that must be a option form comodo v2.It was a problem with the Defense+ and not the firewall.

Thanks for all your help.

Mcq360