FW and Vuze

Hi all.

I’ve been noticing difficulties with torrent downloads. Leaching goes reasonably well; but my seeding is quite poor. If I change the first rule in Vuze (see snapshot) from Block to Allow would it make a difference? And would it be dangerous?


[attachment deleted by admin]

First of all you need to move the Allow IP Out etc rule above the Block and log rule. Comodo reads rules from top to bottom.

Did you also make the necessary rule to open ports under Global Rules?

Hi Eric.

Did you also make the necessary rule to open ports under Global Rules?

No, I didn’t. Could you explain that?


All peer to peer clients need (an) open port(s) for incoming traffic to properly function. These port(s) need to be opened on both your router, when present, and in the firewall. Opening a port is adding a rule to the Global Rules.

To open the port TCP 1723 for example.

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.

Got that. One question though:
Do I need to port forward? And if so, is portforward.com reliable?


You need to port forward, or to put it differently open ports, on both the firewall of your computer as on the router. Portforward.com is a very reliable site with lots of useful information. It is highly recommended.

Things are running smoothly with the new configuration. Thanks once more Eric.

One thing has been troubling me though.
Since there is an open port in my router couldn’t that be used somehow for an atack? Shouldn’t I create a new rule in FW global rules? Something like Block/IP/In Any/Any/Any/Port xxxxx


When Vuze is not active the port will still show stealth (this assumes you used the Stealth Ports Wizard to stealth your computer). Can you show a screenshot of your Global Rules so I can see if they are set to stealth?

When you would add that rule to your Global Rules you could undermine the effect of opening the same port.:wink: If you want some extra security you can move the rule to under the basic block rule(s) when Vuze is not running. And move it back to above the basic block rule(s) before you start Vuze.

Hi Eric.

No, I didn’t stealth. I’ve been taking a look at the User Guide; let me see if I got it right: even if I stealth, when Vuze is not running the port in question is hidden; but when Vuze is running the port is vulnerable to an atack. Is that it?
I mean, if I forward a port on the router I can’t forward it to only one specific program (Vuze); it will be forwarded to someone else who’s passing by and sees it open (hacker).
Correct me if I’m wrong.


P.S. You see, if there is the slightest chance of risk I rather cope with slow downloads/uploads.

When Vuze is running your system would only be vulnerable to attack if Vuze would be vulnerable. Just make sure Vuze stays updated to lower risks. F.e. I have used e Mule many times over the years without getting compromised. Yes, there are risks but there are ways of of making them as small as possible.

Another strategy is to use IP filtering to block access to IP addresses that might be a risk. There are two ways to go here. Use the build in IP filter facility of Vuze; you need to point it to a url from where it can update the list. Or you can use an external program like Peerblock. Peerblock is sort a follow up of the Peer Guardian IP blocker.

Peerblock can update many list. Also the ones from Bluetack Internet Security Solutions. When using and appreciating these free initiatives consider donating some to them a little from time to time.

When using Peerblock make to set it to not filter HTTP traffic (on ports 80 and 443) as it will interfere too much with surfing the web.

My grateful thanks Eric.