How to configure for Messenger Live, Skype, SoulSeek, uTorrent (rules) [SOLVED]

Hi folks,

I’m not able to use Messenger video conference when Comodo Firewal is running (works with ZoneAlarm and others).

I made some network rules following infos bellow but no luck…

Any suggestion?

BTW : it works well with Skype & Camfrog.

TY

Windows and MSN Messenger Application

A related note: the Messenger Service that runs at the Windows SERVICE level is different from the Windows Messenger or MSN Messenger application. For information about the Messenger APPLICATION see
For file transfer or voice chat ports and NAT information for MSN Messenger 3 see MS Support article Q278887.
Microsoft Knowledge Base Article Q324214 - You cannot make phone calls or start voice or video conversations with Windows Messenger
Windows Messenger 5.0 in Windows XP: Working With Firewalls and Network Address Translation Devices
Microsoft Support WebCast - Microsoft Windows Messenger for Windows XP: New Features, Common Issues, and Troubleshooting July 17, 2002

Windows Messenger - voice (computer to phone)
UDP : 2001-2120, 6801, 6901
from Q324214. NOTE: 6801 is Net2Phone.

MSN Messenger - file transfers
TCP : 6891-6900
from Q278887. Allows up to 10 simultaneous transfers.

MSN Messenger - voice communications (computer to computer)
TCP & UDP : 6901
from Q278887

For Windows Messenger in a non-UPnP environment, unfortunately Microsoft requires dynamic UDP ports across a very wide range. This is a tremendous security risk. Try to establish a UPnP environment if possible. Nevertheless, here is what they say To support [audio and video] in both directions through the firewall, all UDP ports between 5004 and 65535 must be opened to allow signaling (SIP) and media streams (RTP) to traverse the firewall.

Also note: I don’t know how much information for WINDOWS Messenger applies to MSN Messenger and vice versa. I also don’t know how much information for MSN Messenger Windows version applies to MSN Messenger Mac version. And last but not least, there are multiple different versions of Messenger, which may differ in various ways.

More infos (other sources) :

Messenger Live :
UDP : 14072

The MSN Messenger port numbers below are taken from (amongst others) PortForward.com and Experts Exchange discussions Q20968914 and Q20660861.

Unfortunately, trying to block MSN Messenger ports doesn’t work because of the wide range of ports including port 80 that MSN Messenger uses:

TCP port 80 (the ‘http’ standard web port - see also Web Messenger blocking)
TCP port 1863
TCP port 6901 (possibly)
TCP ports 6891 to 6900.
UDP on ports 1503, 3389, 5004-65535

Blocking port 80 removes web browser Internet access.

Also, users will just access MSN Web Messenger and other web messengers

Further information is available from this forum (in German):

"Ports 6891-6900 enable File send,
Port 6901 is for voice communications. Allows Voice, PC to Phone, Messages, and Full File transfer capabilities.

IN TCP 6891 - 6900
IN TCP 1863
IN UDP 1863
IN UDP 5190
IN UDP 6901
IN TCP 6901"

Other information from www.cyberphaze.net (not currently online) gave:

Service: remote: 1963 and 1863 local: 1542 and 1493.
Audio: local: 13803, 1556, 11771
File transfer: remote: 6891 local: 1544
Messenger Update: remote: 80 local: 1457
Sign-In: remote: 443 local: 1484, 2400
Remote Desktop: local/remote: 389, 522, 1503, 1720, and 1731.

Welcome to the forum.
Live messenger works for me without network monitor rules. I have not tried video though. Does the other functions work for you, like file transfer? I will look in to it, and see if I find a resolution.

Have you scanned for known apps?
Do you have a router? In that case, made a trusted zone?
Do you have default rules in network monitor?
Did you install with auto or advanced?
What does the log say?

0. Others functions than video conference like files transfer are working fine.

1. Have you scanned for known apps?

i did

2. Do you have a router? In that case, made a trusted zone?

no router.

3. Do you have default rules in network monitor?

yes i have default rules

4. Did you install with auto or advanced?

i trusted Comodo auto configuration but after reboot i have still some popups for known apps like Messenger, Skype, Avant Browser, IE7, Firefox,… I don’t know if this is normal ?

5. What does the log say?

sorry i have turned off logs

More infos :

• I use latest Comodo BETA.
• The only antivirus i use is AVG Free Antivirus.
• No other firewall are activated.
• No third party security tool.
• I always do a clean install (remove/reboot/install/reboot).
• I have also trouble when I disconnected from the net and try to reconnect : i’m not able to surf with browser.
• I have some trouble using uTorrent when i reload it after an exit (I’ve to quit and reload many times before being able to have high speed).
• I have very slow transfert when I receive a file with Skype 2.xxx (default port used: 24633).
• I can’t connect to people with Skype 3.x (only few people can be reach but with Skype 2.x it works fine).
• If i block WinAMP to access the net I’m not able to surf. How can I configure WinAMP in firewall to be able to listen websites streaming music but disallow to report activity to WinAMP company?
• When I’m online I often use also : IE Privacy Keeper, WinAMP, Snag-It, PeerGuardian,…
• I use often a little batch before to reconnected with those lines :

ipconfig /flushdns
ipconfig /release
ipconfig /renew
exit

I use Messenger Live video calling all the time and it operates flawlessly without any explicit network rules. It is in the application monitor listing, but no tweaking of hte rule has been done. The ports required for the app to communicate are only opened while that app is running and are stealthed at other times.

Hope this helps,
Ewen

does it work in both mode? i mean when you make private pc call (menu) or only want watch user webcam (by clicking webcam icon)…

if i close comodo firewall it works fine so i guess this is comodo who is guilty on my system (maybe an incompatibility with an another application?)

if others users have troubles with video, let us know here…

TY

How do you “close” Comodo? Do you set it on “allow all”?
If you just turn off network monitor, and it works, you have to make some rule(s) for it in there.

for MSN : i right click on firewall icon and choose exit and then videoconf is working!

for uTorrent (when i have quit it a while and then re-open it) no needs to exit it works only by choosing “allow all” security level, but most often i have to connect again and again when the private torrent server needs an authentification even if it says “ok” the transfert is null or very slow.

for Skype : incoming file transfert are very slow!

note : i didn’t try to put network monitors rules off to test since i have tried with default 6 rules (5 allow / 1 block).

Both modes, all modes. It just works!

if i close comodo firewall it works fine so i guess this is comodo who is guilty on my system (maybe an incompatibility with an another application?)

The other way of looking at the problem, rather than thinking of a conflict with other software or a fault in CPF, is that you may need to set up explicit rules to allow the traffic from Messenger.

Have a look in your Application Monitor and remove ANY and ALL references to Messesnger. Make sure the firewall is active and then start Messenger. ALLOW all activity, and you should be right.

Hope this helps,
Ewen

You should try to turn off just network monitor to see what happens.
The default rules work for most programs, but not P2P/torrent programs and some others.
For uTorrent you must make a rule in network monitor.
I also have a rule for a port in Skype. If you set port 44444 in Skype or uTorrent, you must open that port in network monitor. I will make you an example.
Rightclick on the top (ID 0) rule in network monitor, and choose add/add before.
Action : Allow
Protocol : TCP or UDP
Direction : In
Source IP : Any
Destination IP : Any (or zone if you have one)
Source Port : Any
Destination Port : A single port : 44444

Restart the firewall.

bellow is a screenshot of my default rules installed by comodo firewall (auto install)
please tell me if something is wrong…

http://img170.imageshack.us/img170/677/comodofirewalldefaultnepk1.png

They look ok, but you have to ADD a rule for uTorrent and Skype.
Look at my previous post.
Go in to your settings in Skype and go to connection and write in a port, preferably a high number like in my example.
Do the same in uTorrent.
You can set them up in the same rule if you want. Just set Destination Port to “a set of ports” and add them like 44444,45555

bellow are my added rules

have you got also specific rules for Messenger Live (for files transferts & video) ?
some has reported that is not needed…

is it safe or risky to specify rules for all network traffic without specify an application?
if not, it will be better if we can specify for what app must those rules be applied !
since Skype & uTorrent and MSN are known applications I’m a bit suprise that we need to make specific rules… I had before uTorrent configured to auto choose a random port each time it starts but now with that network rule I have to desactive this option in preferences… why is this specific to Comodo? it works fine with others firewall like ZoneAlarm…

http://img170.imageshack.us/img170/373/addednetworkrulespg7.png

so “24633” the default port used by Skype should be remplaced?
i should put “44444” as port in skype and add a network rule in firewall?

just for my knowledge can you give me an explication why “24633” is a bad port to use and is not working fine (slow incoming file transfert)

by the way thanks a lot to all users who try to help me !!

No I don’t have rules for Messenger in network monitor.
It’s safe to set those rules. You are still stealth from the outside. The port open when your Application is starting to use it, and then nobody else can use it.
Why this is a Comodo thing? It’s because it makes you safer. It’s a kind of “layered” defense. Don’t ever remove the last block rule. it’s protecting you from everything you don’t want… You can check the log if that rule is stopping something, and if it’s a legit program, you have to make a rule for it.

I always use high port numbers, since it’s a small chance that it is used by any other app.
Skype usually have slow file transfers, since it put all bandwidth to the voice transmission. You can try it when you talk to someone and start a file transfer, and hang up while still transferring. Then it goes fast!
So it’s possible that it’s not the firewalls fault.

Don’t forget to restart your programs and the firewall when you have set the rules. If it still doesn’t work, you should try to reboot the PC.

thanks for having clarify the situation with understandable facts!

Quote : It’s safe to set those rules. You are still stealth from the outside. The port open when your Application is starting to use it, and then nobody else can use it.

is this why we have to choose only “in” as direction and not “in & out” ?

but how comes the port open only when i’m using the application (like Skype) since this is not specified that it must be only related to that one? i thought that without specify an application in a network rule then it will be valid for all traffic! (:NRD) so if someone like a hacker scan my open ports it will not find it right even if Skype is off?

You only have to have IN, since there is a default rule for TCP/UDP Out Any/Any/Any/Any
That’s where you can specify some in the application monitor, but that’s hard sometimes, and take a lot of work. If you really want to set things up “tight”, you should go to security/advanced/misc and uncheck “do not show popups for applications certified by Comodo” and also raise the “alert frequency level” slider to the top. You can also check the "skip loopback … TCP while you are there, because it can interfere with some programs. It’s unchecked by default for those who are behind a proxy. It’s nothing that goes out to internet.
You can use the log and see if your program like uTorrent needs more ICMP protocols allowed, by setting up a new rule in network monitor just above the default block rule. You can set it like, Block & log, ICMP, In/Out, Any/Any/Any
There are some ICMP protocols allowed default, but some programs need some more. Just check the log while you use the programs, and look carefully what is getting blocked.

No a port scan wont find it.

Some more news about MSN Live Video Conference trouble…
It seems that I’ve got trouble to make a video conference with one user in particular.
With others it works fine every time so this is very curious.
BUT this is not the other user fault since if I exit Comodo Firewall or if I turn off rules it works perfect each time with ALL people without any exception!! How comes?

I’ve spied activity when I was trying to see this “special bad” user webcam and I have infos bellow. Any suggestion is welcome!

Network Monitor Inbound Policy Violation (Access Denied, IP=74.57.xxx.xx, Port = 80
Network Monitor Inbound Policy Violation (Access Denied, IP=74.57.xxx.xx, Port = 1052
Network Monitor Inbound Policy Violation (Access Denied, IP=74.57.xxx.xx, Port = 3948
Network Monitor Inbound Policy Violation (Access Denied, IP=74.57.xxx.xx, Port = 4053
Network Monitor Inbound Policy Violation (Access Denied, IP=74.57.xxx.xx, Port = 4404
Network Monitor Inbound Policy Violation (Access Denied, IP=74.57.xxx.xx, Port = 4413
Network Monitor Inbound Policy Violation (Access Denied, IP=74.57.xxx.xx, Port = 24633

Note : 80 TCP In accepted when popup

*Messenger activity before log in (one port different each time) :

10214 Listening UDP In
10367 Listening UDP In
10835 Listening UPP In
13709 Listening UPP In
…

• Messenger activity after log in (+/- same range each time) :

127.0.0.1 1101-3841 tcp in/out
127.0.0.1 1101-3843 tcp in/out
127.0.0.1 1101-3847 tcp in/out
127.0.0.1 1101-3854 tcp in/out
127.0.0.1 1101-4319 tcp in/out
127.0.0.1 1101-4344 tcp in/out

• Messenger reccurent activity after log in :

127.0.0.1 443-4330 tcp in/out
3625 UPD in/out
4298 UDP in/out
12388 UDP in

• Other info maybe related :

Outbound Policy Violation (Access Denied, Protocol = IGMP)

• From uTorrent FAQ :

Why are my torrents going so slow?
Most likely, the port you set for µTorrent is not forwarded. If µTorrent is displaying , then this is the case. There is also the possibility that the torrent is simply slow, especially those with small swarms (low numbers of seeders/peers). It is also possible that your firewall is blocking connections for µTorrent. Make sure you set an exception for incoming and outgoing connections for µTorrent in your firewall’s configuration! If you block ICMPs with your firewall (Windows Firewall blocks them by default), you should allow “Destination Unreachable” to aid the proper functioning of DHT (it works anyway though).
If everything is set up fine, you will see in the status bar (to the left of DHT:) after you start a torrent and get an incoming connection. If it stays yellow, try a torrent with many peers to make sure there’s enough peers in the swarm to guarantee you getting an incoming connection.

• User comment in a forum :

Allow all outgoing ports for TCP and UDP incoming on the port you specified.
The only ICMP you need to allow is Outgoing destination unreachable.

But there is several options available as unreachable… Which one to choose? Is this port unreachable or Net / Host / Protocol unreachable?

Check the latest screenshot from my network configuration and correct me please! TY

http://img139.imageshack.us/img139/9653/comodoconfig061125cy4.png

I don’t use uTorrent, but I’ve heard that turning OFF UPnP in uTorrent solves some issues.
The first rule about port 80 shouldn’t be necessary, since it’s the common web port.
You should set them to just IN, because you have rule 8 that allow all out.
Add a rule before 9 that allow all ICMP. Just to see if it works better.
IGMP is multicast. If you stream audio/video on your network.

In application monitor, have you tried to “allow all activites” for Skype/uTorrent, and checked the boxes “skip advanced sec…” and “allow invisible …”?