I just wanted to ask this questuon again, because since the last update, I get strange rules out of “act as server” popups. (I asked about this in an other post today)
So, is it true, that dest. ip (and dest. port of course) are meaning ALLWAYS the “OTHER” PC (e.g. NOT mine), no matter if direction is IN or OUT or BOTH ?
(In network monitor, destination ip means MY PC in case of direction IN and the “outside” PC in case of direction IN)
Can anyone proof this ?
THX
Outbound rules: The destination is the remote computer.
Inbound rules: The destination is the local computer
I also found this confusing at first (still do ???). A future version of CF will correct this confusion.
Are you sure this is true for APP rules ?? (not only for network mon. rules )
Because in app rules, if it was like you say, the most important thing would be missing, that is the IP of the “OTHER” computer on an INBOUND rule.
I understood it like this, what you said, is true for network mon. rules. But for app rules, destination is allways the “other” (= outside) computer. (And this would make sense, because the app runs on my machine, so I dont need to state the “home” IP.) BTW: In app rules, there is only ONE ip and port that one can specify, the DESTINATION. (I think it would make NO SENSE to state the own IP for an inbound connection and dont spec. the “outside” (=source) IP.
I only asked, because since the last update I get the local ip from an “act as server” popup in the rule as the destination ip !!! This rule is worth nothing, because my ip changes. Must be a bug…
I’m sure this applied for application rules as well (so I read). I’ll have a look for the link that explained this and post back.
Hi poser,
this is something I still have not really figured out, at least why it is necessary. However, local and destination ips can be the ip of the local machine. Just check the text from TCPView on my machine when I had firefox launched. You can see many instances where the local and remote ip’s are my machines ip, assigned to it by my NAT router. IP 0.0.0.0, the default route, seems to be for listening while ip 192.168.0.3 is for Established or Time_Wait connections. The numbers to the right of the ip’s are ports.
firefox.exe:2648 TCP 192.168.0.3:1774 192.168.0.3:1103 ESTABLISHED
firefox.exe:2648 TCP 192.168.0.3:1779 192.168.0.3:1102 ESTABLISHED
firefox.exe:2648 TCP 192.168.0.3:1795 192.168.0.3:1101 ESTABLISHED
DkService.exe:1264 TCP 0.0.0.0:31058 0.0.0.0:0 LISTENING
alg.exe:1808 TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
AdMunch.exe:2508 TCP 0.0.0.0:1101 0.0.0.0:0 LISTENING
AdMunch.exe:2508 TCP 0.0.0.0:1102 0.0.0.0:0 LISTENING
AdMunch.exe:2508 TCP 0.0.0.0:1103 0.0.0.0:0 LISTENING
AdMunch.exe:2508 TCP 192.168.0.3:1101 192.168.0.3:1795 ESTABLISHED
AdMunch.exe:2508 TCP 192.168.0.3:1102 192.168.0.3:1779 ESTABLISHED
AdMunch.exe:2508 TCP 192.168.0.3:1103 192.168.0.3:1774 ESTABLISHED
AdMunch.exe:2508 TCP 192.168.0.3:1777 72.246.53.19:80 ESTABLISHED
AdMunch.exe:2508 TCP 192.168.0.3:1781 209.116.69.74:80 ESTABLISHED
AdMunch.exe:2508 TCP 192.168.0.3:1797 139.133.210.30:80 ESTABLISHED
[System Process]:0 TCP 192.168.0.3:1746 4.79.142.202:80 TIME_WAIT
[System Process]:0 TCP 192.168.0.3:1745 192.168.0.3:1101 TIME_WAIT
[System Process]:0 TCP 192.168.0.3:1744 4.79.142.192:80 TIME_WAIT
[System Process]:0 TCP 192.168.0.3:1743 4.79.142.202:80 TIME_WAIT
[System Process]:0 TCP 192.168.0.3:1741 192.168.0.3:1103 TIME_WAIT
[System Process]:0 TCP 192.168.0.3:1740 192.168.0.3:1102 TIME_WAIT
[System Process]:0 TCP 192.168.0.3:1101 192.168.0.3:1827 TIME_WAIT
[System Process]:0 TCP 192.168.0.3:1101 192.168.0.3:1831 TIME_WAIT