Firewall blocks allowed IPs

I recently installed Comodo in suggestion to a connectivity issue I have been having. I only use the firewall portion of the software. I play WarCraft 3: TFT on battle.net and I have made WC a safe application, set battle.net IP range to allow all TCP and UDP packets in and out, and also set the ports (source and destination) with which battle.net uses to send packets to allowed. Even after all these seperate and what seems redundant rules for 1 application the firewall still blocks it, disconnecting me. Anyone know why?

Welcome to the forum ViRTue.

Please try this:

First, delete any rules you may have already created for Battlenet. Now, place the firewall in to training mode and run the game for a short time, basically do everything you would normally do in a gaming session. Exit the game and put the firewall back to it’s original settings.

Placing the firewall and D+ in to training mode gives CIS a chance to ‘learn’ whatever it needs to know to allow the game to run.

Hope this helps.

Ive done as you suggested Quill and let it stay that way for almost a week now, and its still blocking battle.net IPs. I have not changed it back from training mode yet, do you think that would make any difference?

I have been thinking of disabling it all together and see if it still blocks it.

Can you show us a screenshot of your Global Rules? They can be found under Firewall → Common Tasks → View firewall events.

You got me confused here, asking for one thing and telling me to find another.

Global Rules Found: Firewall → Advanced → Network Security Policy ;D

http://i29.tinypic.com/xaqn87.jpg

You still need to open the appropriate ports in CIS for incoming traffic. Follow the next steps (they are for a different port number)0 but you will get the drill):
To open the port TCP 1723

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC or Single IP address (only when it is fixed) or Host Name
Source Port: Any
Destination Port: 1723

Then push Apply → Ok.

Now make sure the rule is somewhere above the basic block rule(s), they have a red icon, at the bottom.

I opened the ports in the firewall for what it was blocking port 6112 UDP, but its still blocking it. Could one of the blocking rules be causing this?

Something else I noticed which was quite interesting is a constant flood of UDP packets to port 2251 all coming from various IPs (Proxies?). I got around to looking up the IPs and found they are coming from all over the world. Is this an attempt at a DoS attack? I looked up the port to see what application are registered to it and all I found was “Distributed Framework Port” no clue what that means. Shouldnt there be some program on my computer that was intended to recieve this information?

I’ll add a screenshot of the firewall events page to show you what I mean. It started today(8/21/09) at 1:31 pm and continued for 2 hours…

http://i29.tinypic.com/2d85k6o.jpg

Is this UPD port needed for the game you play? Make sure that the rules that open the port(s) are above the basic block rules (red icons) at the bottom.

On top of opening the port in Global Rules you need to adapt the Application Rule for the used program. Easiest for testing is to make the program Trusted. Does that do the trick for you?

In the settings of the game (Warcraft 3) you can change the port used to whatever you want, the default (which is what its is set at) is 6112 udp and tcp. The program is trusted due to the training mode setting in the firewall.

The other UDP port is not used for anything on my computer (that I am aware of.) I suspect this to be a DoS attack. I was looking through the settings and found a place that detects attacks (Firewall → Advanced → Attack Detection Settings.) It asks, “How long should the firewall stay on Emergency Mode while the host is under DoS attack.” and im curious if this “Emergency Mode” is stopping all traffic, resulting in my loss of connection to Battle.Net?

The amount of traffic on UDP port 2251 is not enough to be called DoS attack. For DoS attack you are talking about many many connection attempts per second.

Somebody was trying to get a connection to your system and the firewall did what it needed to do. This is what you have a firewall for. When the same IP address keeps trying to connect you can look up the ISP and report the IP to the ISP’s abuse department.

EricJH,
These other connection attempts on ports 2251 are coming from many different IP addresses. The same IP would be used in a span of attempts but after it cannot connect another IP is used in a different span of attempts. Isnt the firewall in the router supposed to block these connection attempts as well. I am behind 2 routers and this ■■■■ is still gettin through…

I would really like to figure out why Comodo is blocking Battle.Net. We still have no solution to this, and I really would not like to remove Comodo because its blocking unwanted persons from connecting to my computer.

Would be nice if Comodo could tell you WHY it is blocking something. Like a notice of the rule that has restricted access.

Back on topic. I think the “blue print” I gave for opening a port was not clear enough. In your case you need to open port 6112 TPC and 6112 UDP. You report port 6112 UDP still being blocked, that means the rule needs to be changed to be open for both TCP and UDP protocol. Here is how to change the port rule under Global Rules:

Firewall --> Advanced --> Network Security policy --> Global Rules --> Add --> fill in the following: Action: Allow Protocol: TCP or UDP Direction: In Description: Incoming Port 6112 for game

Source address: Any
Destination Address: Choose MAC or Single IP address (only when it is fixed) or Host Name
Source Port: Any
Destination Port: 6112

Then push Apply → Ok.

Now make sure the rule is somewhere above the basic block rule(s), they have a red icon, at the bottom.

Sorry for the inconvenience.

Before testing I would like to suggest to change the firewall rule for the program to Trusted Program. When things work you can tune that rule further if you want.

I would like to thank you EricJH for giving me an idea how to make the correct global rule. However it was still being blocked even with that last suggestion so I played with it a bit. I left the game up all night and was still connected in the morning.
Here is the rule I created.

Action: Allow
Protocol: TCP or UDP
Description: Left blank so I could see the rule
Source Address: Any
Destination Address: (My internal IP)
Source port: Range 6112 - 6119
Destination Port: Any

You’ll notice the only thing I did was change the Source and Destination Ports. I found that my computer doesnt always recieve packets from Battle.Net on the designated ports, but Battle.Net always sends packets from the designated ports. The program was switched to Trusted as per your last post and now everything seems to be running smoothly.

I spoke too soon, 10 minutes after I had posted this I lost connection to Battle.Net and the firewall log shows it as being blocked the exact time I was disconnected. :frowning:

In the rule you showed you forgot to mention the direction. I assume that will be set to In. Also double check that the open port rule is above the basic block rules.

Please change the source and destination ports. First of all your firewall is now almost totally leaky. Second when a server sends data from another port to ports 6112 - 6119 traffoc will not be accepted.

Test with the ports as described. Show me a screenshot of your Global Rules and Firewall logs of around the time of disconnect. I need to be sure the Firewall is properly set up before I can proceed any further. Hence my question.