First, understand I am very new at this Comodo Firewall. I am trying to free a port so that I can allow others to connect to me when I’m running a Minecraft server.
First,
OS: Win 8 NOT 8.1
Free Firewall Version: 7.0.317799.4142
I have configured global settings to allow the single port it requires, TCP and UDP.
I have configured application settings to allow both the execution file, and the file that shows up in the task manager when it’s running.
I have reviewed the log, but it won’t show me any blocked incoming items, only blocked outgoing items as far as I can tell, and none of them are the application I’m trying to use as far as I can tell.
It would be nice to get some incoming blocked messages to show you.
I know definitively that it is the Comodo firewall blocking it because when I disable the firewall, even a simple online port checker like canyouseme.com can see the port is open.
I’ve looked at this several times. I must be missing something.
Perhaps you can tell me how to make the logs appear when the connection is blocked when I us an online port checker.
How do we post images? I could do screen-shots of everything, but I can’t see any link to post screen shots in the message.
EDIT:
Okay, I got it working for a moment. All I had to do this whole time was to simply put an “Allow TCP in” rule for the rule “Windows Operating System” under application rules and then create another single rule in Global rules for the port itself. That’s it!!! That was all I had to do!!! Just those 2 rules, that was it. I did NOT need to create an application rule for the program or the javaw file in taskmanager, I only needed to create that rule within the rule “Windows Operating System.”
Then I clicked “stealth ports,” and suddenly it’s blocking the connection again. How do we reverse the “stealth ports” and “unstealth” the ports.
Okay, I found Hide PC Ports using Stealth Ports Wizard | Internet Security v6.3 | COMODO
It tells me here that stealthing ports only creates a global rule. I removed that rule, and now I can connect again, but I would like to have all of my ports hidden just like stealth ports, but simply not have it block, the ports I need open.
How can I modify that stealth ports rule so that it skips over the port I need, and stealths the rest.
In the log, where it shows blocked when the stealth ports rule is present, it shows under Application, “Windows Operating System,” and that is where I have the rule for the ports I need opened under Application Rules. So, the global rule Comodo created to stealth ports, maybe it’s not affecting my created global port rule, but is affecting my “Windows Operating System” application rule. Oh, and under the “target” column, it says “in.”
Is there a rule that I can add somewhere that will bypass the stealth ports global rule.
If necessary, maybe I can make a rule similar to stealth ports that merely skips the one port I need somehow?
Extreme frustration with this product:
It’s taken me literally days of trial and error, but I finally figured out something, not what I need exactly, but something. (The shear lack of information that causes one to have to go through days of reading posts and trial and error just to open a freaking port, is probably a significant factor in scaring people away from this product.) For crying out loud, a youtube video, even just a tutorial scrolling webpage would NOT be that hard to accomplish for basic stuff like running a basic server or openning a freaking port!!!
I can not say for sure whether it will work but you could try setting up the application rule as you already had, then stealth the ports again and then create the global allow rule for the TCP port and make sure it is positioned at the top of the list (Order determines priority, the higher the rule the higher the priority) This should, if I’m thinking correctly, keep all ports stealthed but the open port will of course be seen as open.
Generally opening ports is fairly easy, you first need to make an allow rule for the specific application in question and then also make a global rule and position it above any rules that would block it, now that becomes more difficult when the firewall can’t see what application is actually getting the traffic at which point it will be said to go to Windows Operating System and hence you need to create an allow rule for that application as well.
Edit: I would agree that CIS may be difficult to learn at first, certain things that may seem simple could require silly amounts of configuring etc.
I don’t know what I was doing wrong, but now the firewall is working correctly. As long as my global rule is above the stealthed ports rule, then my port opens up. If I want to block the port, I simply move stealthed port rule over it.
I did that at first, and it wasn’t helping me at all, I still couldn’t see my ports. However, after trying a few things, and then setting everything back to what it was, suddenly it works properly.
I’m guessing there was something wrong that I simply was not noticing. I don’t know what it was, a glitch in the program, a small setting that maybe I wasn’t noticing such as the source IP, but it seemed to work when I deleted the stealth ports rule, so whatever it was, seemed like the problem was with the stealth ports rule. I don’t know what it was because I can swear I put everything back to how it was, and suddenly, it’s working properly now.
As for the opening ports problem, no that was overly deceptive. It doesn’t work when you create an application rule for the server file or for the file that runs in the taskmanager, which is actually javaw.exe for a minecraft server.
You create one rule within the rule “Windows Operating System” that is "tcp, in, and destination port 25565, or whatever port you’re going to use, I assume.
Then you create the global rule for TCP, destination: 25565
If you create any other rules, you risk screwing something up.
You don’t even create a separate rule for the actual server application’s .jar file nor for the javaw.exe that shows in taskmanager when the .jar server file is running.
There is nothing that would have allowed me to know that except that Netguy said to do that.
The main thing that attracted me to Comodo is that people seem to think that they’re one of the best for the prevention of infection, and I very much like that they have created such a customizable program, but there desperately needs to be some step-by-step tutorials for at least the simple things like setting up a server or opening a port.
Whether they be a forum post with screen shots along the way or a youtube video, something should be provided that explains the basic stuff.
I mean, how in the world would anyone know that under application rules, we have to use a rule “Windows Operating System” that we put another rule inside to open the appropriate port for inbound traffic? I mean why “Windows Operating System?” Why not “System” or why doesn’t making an application rule for the server’s .jar file work?
Thanks all for your help. Next project I’m going to work on is blocking every single port except the few I need for the internet and my server.
Perhaps, if I can find out how, or someone can tell me, even find a way to block all internet traffic except my server to sort of make it a real challenge for any hacker to hack my server pc.
Which is why I said generally, this was an exception case. Generally you should only have to create an application rule for the application in question and if you have stealthed/closed ports you also need to add a global rule to allow the traffic, the issue in this case was that CIS wasn’t able to detect that the traffic was meant for javaw.exe, it saw the traffic in but not which application it was meant for and hence it groups all that traffic into “Windows Operating System”
Generally logs is how one would detect that, for example you set up an application rule for the application and a global rule, but it still isn’t connecting, you ask yourself why and go to the logs and look at the firewall logs where you will see “Windows Operating System” has been blocked with inbound traffic on the specified port, that tells you that for some reason CIS doesn’t see the intended application for the traffic and hence uses the “catch all” pseudo-group “Windows Operating System” and at that point you have to create an application rule for that specific “application”.
No, I don’t expect a new user to be able to do all that, it takes learning the product and how it works and such, which is why we have the forums where we can seek help from others in case we need it.
I believe “System” is already a pseudo-group for something else.
Because for some reason the firewall can’t detect that the traffic is meant for that application, I can’t remember why this is though.
This may require some complex rules in order to work correctly, I don’t know the rules to do such a thing though. E.g simply blocking everything not from the server application would mean your system wouldn’t be able to communicate with your router to for example get an IP address etc, things like theses must be taken into account and it’s not always easy to know what is and what is not needed to get something to even work at all.
Java applications are executed by the Java virtual machine that’s why the rules have to made for javaw.exe which runs java applications that have GUI’s.
As for why the Windows Operating System rule, its most likely because Windows gets connection attempts before the Java virtual machine, so for the packet to be accepted a port has to be forward through windows to the JVM.
