hi, I’m new to firewalls, and comodo in particular. I have cpf installed on a web server and all ports are stealthed. so far, no probs, but, as it’s a web server, I need to open only port 80. I have setup a rule in network monitor to allow it but when I test it with sygate, all ports are still stealthed. I’ve tried all sorts of configurations, the main one being allow tcp in/out, from any ip to any ip, and from all ports to port 80. could you tell me what I’m doing wrong? the rule is at the top of the list, btw. thanks
A port shouldn’t be open unless someone is trying to use it and you allow it. If you are talking about a test at Sygate showing the ports stealthed then you are in good shape as nothing is showing as open on your firewall. Port 80 should be closed unless someone is accessing the content on your web server thru that port. I think I have read on here that some people are using this firewall for servers and it does the job very well.
You only actually need to allow traffic IN with your rule as traffic will go back out automatically once a connection is made from the outside. By allowing traffic out from port 80 in that rule you are potentially letting something use port 80 out from your PC/Server without having to have your permission(the way I see it). If you allow only traffic in then what goes back out can only be from that particular connection and back to the person that started the communication.
I only make rules either IN or OUT and not both as I don’t know what that actually is saying. Does it mean IN/OUT for just that connection on port 80 or does it mean anything IN and anything OUT thru port 80? So to be safe I just use one or the other and I know for sure what I am getting. It’s also easier to keep track of when you look at the rule list.
It’s easier to track separate IN & OUT in your alert logs as well. Seems most of the security-conscious & knowledgeable use separate rules, with logging.
To perhaps help clarify a little bit, regarding CPF’s network rules…
“In” strictly speaking, is a remote request for a local connection. If this follows the format of the “Out” rule, then the outbound response to the allowed inbound request is not an “Out” request. Yes, it can be a brain-twister…
“Out” strictly speaking, is a local request for a remote connection. This is used when you’re surfing, accessing the internet, etc. By allowing the outbound request for connection to a remote location (could even be another computer on your network), the following inbound response is not an “In” action. So when you load your browser and go to forums.comodo.com the page loading onto your computer is not classified as “In”; rather it’s a response to your “Out” request to go to the website.
I know the language causes a lot of confusion (I’ve seen it here many times, and really have to think hard about it myself). I presume that a server’s rules would be kind of opposite of your computer’s rules to some extent. Obviously, you only want to allow the inbound traffic on one port; somehow I’m thinking you need some additional security settings to limit the access. I know there are discussions here about that. I recommend doing an Advanced Search for things like “server” your brand/model of server, etc. With the Advanced Search you can click on the link to check only certain results, and eliminate everything except the Firewall-related (like Help, FAQ).
I believe port 80 is stealthed or closed automatically by most ISPs. I know this because if you close your firewall and do a port scan, port 80 would be either closed or stealthed by default.
This is done to PREVENT users from using their personal computers as web servers, which is forbidden by most ISPs and to protect against worms.
let me add that you need to allow Tcp In to make MSN Messenger Live video conferencing working for ALL users if you don’t it will work only with few… I have played with others MSN Messenger ports used and this is finaly the only one to add.
thanks, guys, I reconfigured it for ‘in’ only and skip both loopbacks and port 80 is still blocked. I need this port open so people from the outside can see our web site. our isp isn’t blocking it either. it’s open if I allow all in the rule, but then it opens other ports as well, which I don’t want.
any other ideas?
Does your log show what ports are getting blocked when you only allow port 80 in? Something else is running that evidently needs those ports open. Are the users getting email or having to log in or is there an ftp server active. If you can post the blocked port numbers they might tell what is trying to use them.
Can you create block rules for all other ports than 80? choose block all and exclude 80. Put log on it and check what they say.
Put it to the top of the list.
Restart the firewall and if it doesn’t work, reboot the PC.
