Hi -
Trying to use comodo firewall to force a program (uTorrent) to only be able to send traffic FROM a specific adapter (my vpn adapter) on ip address range 10.4.x.x to 10.9.x.x - Setup up the following test to verify its working.
Using - Version 5.10.228257.2235
Basically, Step one - Launch uTorrent with VPN disconnected (this means the allowable address range doesn’t exist, and hence uTorrent should be able to send NO Traffic
Yet - uTorrent is sending out a packet from 192.168.1.2 - Why can it do this?
Step two connect vpn, uTorrent runs / works as expected -Only thing odd is Comodo is still asking me what I want to do with packets - even though i have a policy defined
step 3 - drop VPN, expect uTorrent to halt traffic, yet instead, torrent continues to run with even more traffic being sent from 192.168.1.2 - I don’t understand how this is possible.
3 Screen shot attached, you can see the rules, connections using currports etc
Im sorry, perhaps I dont understand how the rules work,
Doesnt for example. rule 3, which says:
Block and log ip out from not in (range) to mac any where protocal is any
mean I shouldnt be able to send traffic OUT from any ip other than the range specified? The From should dictate source address - How does that evaluate to
It can’t connect to any address in 10.4.0.0 - 10.9.255.255
My bad, I obviously need new glasses, as I missed that :-[ That rule should indeed prevent connections not specified in the range.
I seem to remember from past questions regarding utorrent and VPN connections, that it’s better to use the MAC address of the OpenVPN TAP adapter rather than the IP address block. As I understand, this helps prevent utorrent form ‘leaking’ Maybe worth a try.
Thanks for the suggestion, I tried it with the MAC also… same rule as rule 3, but with the MAC of the vpn adapter in there - when the VPN drops off, uTorrent still happily runs on the 192 subnet… Very odd.
OK - Tested it out - Never even got a chance to test the VPN out - With those rules, utorrent is still sneaking through packets on the 192 subnet… - (TCP)
Log entries: (I xed out the IP’s)
4/3/2012 11:01:22 AM Added uTorrent.exe TCP 192.168.1.2:44275 x.241.99.41:2710
4/3/2012 11:01:22 AM Removed uTorrent.exe TCP 192.168.1.2:44274 x.211.88.54:80
4/3/2012 11:01:23 AM Removed uTorrent.exe TCP 192.168.1.2:44275 x.241.99.41:2710
Is there anything else I can do on my end to help this? Happy to run more tests if you can think of anything -
have you turned off allow connection from the firewall options page and set stealth all ports on a per case bases and ask me for connection? Or something like that.
Firewall Security level is set to custom, as that says in the description only allow traffic that adheres to security policy. (with the rules provided in this thread in place) -
I didnt play with the stealth port because the goal here is to block only utorrent…
Yes, and I took the utorrent rule set and moved it to the top of the list -
Could it be OS specific? Im running windows 7 ultimate 64 -
Another thing I was thinking is, perhaps its an issue with currports (the program im looking at the traffic with) I assumed the firewall would have to get the packet first because it looks like its at the driver level, is this a bad assumption?
OK - Ill do my best to give you what I think is relevant… if I left out a specific setting you need to know, just let me know:
Connection -
Port used for incoming connections: 5xxxx
Upnp Port Forwarding - enabled
Nat PMP port mapping - enabled
Add Windows Firewall exception - Enabled ( windows firewall is turned off on my machine)
BitTorrent -
Enable DHT - Enabled
Enable DHT for new torrents - Enabled
Enable Local Peer Disc - Enabled
Enable Bandwith Management - Enabled
UDP Tracker - Enabled
Ask Tracker to Scrape Info - Enabled
Enable Peer Exchange
Protocol Encryption Enabled, Alow incoming Legacy Connections Enabled
I configured utorrent with the settings you provided but I’m still not getting any ‘leaks’. One thing I would recommend is disabling port forwarding/mapping. It’s also worth playing around with DHT/PEX on and off.