So the ONLY differences between your post and Pan’s rules on page 1,are the DNS rule and the utorrent outgoing port, and the comodo rules in bold that are changed for that port?
Hi. I have a question about Rule 1 above, in particular setting the source port to start at 1025 outside of the well-known ports.
I saw some blocked traffic to my utorrent port from six or seven different IP addresses today. Details of blocked traffic: Application: C:\Program Files\uTorrent\uTorrent.exe, Source Port: UDP 80 (sometimes UDP 21), Destination Port: my utorrent listen port.
I am assuming these are legitimate requests. It’s odd to use UDP 80, or UDP 21 as a source port. But may be these guys are behind a corporate firewall, and are trying to circumvent restrictions on the the use of other ports.
So my question is this: shouldn’t Rule 1 be modified to allow traffic originating at all source ports. Currently Rule 1 only allows traffic if the source port is outside of the well-known ports.
Thanks.
Hi. When I use the rule set you wrote, I have no problems. My uTorrent client gets incoming connections, and as well, initiates connections fine, and quickly maxes out.
I am behind a home broadband ADSL modem/router, and I did not do any port forwarding. My LAN IP is 192.168.1.2 and the router can be accessed with http://192.168.1.1
Coming to my question: Within uTorrent, I did not disable UPnP portmapping as you suggested above. Is that suggestion for people who do port forwarding?
Thanks.
OK. That answers my first question. I should have guessed. Having been a ZoneAlarm Free user for long, I am not used to tinkering with low-level rules.
I am getting non-stop “bloccked intrusion attempts”, all from utorrent, the vast majority of which are tcp or UDP connections going both to and from ports below 1025. Why start the range there? And why is my utorrent client even trying to connect using a different port than the one sent?
How big a risk is it to just open up all the ports specificaly to utorrent?
Hi.
To answer your second question, uTorrent’s listen port is totally different from the port it uses for ougoing connections. For example, my uTorrent listen port is 55000. So uTorrent listens for incoming connections on this port. When uTorrent needs to send data, it will use any random port it pleases.
As to why you are getting so many blocked connections, could you make an image file of your global rules and uTorrent rules and post them here?
Be glad to…er…how am I doing that? 
Go to FIREWALL | ADVANCED | NETWORK SECURITY POLICY | APPLICATION RULES
Go to FIREWALL | ADVANCED | NETWORK SECURITY POLICY | GLOBAL RULES
You can take two different screenshots and attach the images.
Here you go. It looks like all the rules are behaving as they should be. It’s just that there is a LOT of traffic going to and from utorrent that is being blocked because it is from a port below the accepted range in these rule sets.
[attachment deleted by admin]
Can you tell me what your uTorrent listening port it.
Open uTorrent and go to OPTIONS | PREFERENCES | CONNECTION
You will find the port number there.
I think I’m good. I swapped out pandlouk’s rules with Ragwing’s.
Ragwing’s instructions + cracktcpip = speedfest, no intrussion warnings.
That’s nice.
Hi guys. Im newbie at this forum, Im using COMODO firewall and have a questions:
- How to ports forward for using uTorrent (PFConfig doesnt help at all, but once it forwarded all I needed, I beleive it fakes me)?
- In conjunction with 1.: How to track using COMODO’s capabilities any move of particular application, ANY?
Not necessarily true and not advisable. See my post above.
No. Ports below 1025 are outside of specs and not to be trusted. That IS the reason why you are using a firewall in the firstplace, isn’t it? People shouldn’t use their corporate lines anyway, those are blocked for a reason.
I must agree with Jorgosch on the use of privileged ports. If someone is using a privileged port for a torrent, then I really hate to imagine what else they’ve been doing & I certainly don’t want to connect my system with a system that is controlled by a user who does things like this.
I’ve updated my post with my rule sets now. I’ve included an easier rule set for beginners, and an more advanced to disallow the use of privileged ports, without logging them as intrusion attempts (it might flood your log a lot if you keep uTorrent on during the night).
Cheers,
Ragwing
Point taken. At any rate, the percentage of torrents users who use UDP 80 or UDP 21 as a source port is probably only a small fraction of the total user base.
Some people might not want to do manual port forwarding. Since this is a guide for beginners, perhaps you might want to mention that, if supported, the UPnP facility can be used as an alternative to manual port forwarding. In that case you would have to modify your instruction to disable UPnP withing uTorrent.
Look up your router model number, then go to portforward.com, then go to the section dealing with your router model.
One alternative to manual port forwarding is to use the UPnP facility.
As for how to track, here is a recent post explaining this in great detail:
https://forums.comodo.com/help_for_v3/log_active_connections-t24475.0.html
Here’s another recent post on the limitations of logging in Comodo Firewall:
https://forums.comodo.com/help_for_v3/comodo_firewall_log_not_showing_some_blocked_events-t24304.15.html