Newbie questions

Great firewall so far, very impressed.

I run a test server and must admit to not knowing a lot about these things.
At the moment I have comodo set to allow all activity in/out on mysqld-nt.exe,php.exe, and apache as this was the only way I could get my page up and working.

I thought (1st mistake) that I would only have to allow apache access in/out on port 80 and that mysql and php would run behind this so they wouldnt need access.

Could anyone help me with this security.
Thanks in advance

G’day and welcome to the forums.

Firstly, apache, mysql and php are three separate applications running on your PC. Of these, apache needs to have inbound and outbound rules set to allow it to be contacted over the internet and to respond over the internet. Mysql and php only run on the local machine and don’t need internet access (AFAIK).

Where I think your problem lies is with the ports you’ve allocated for apache. Inbound on port 80 is OK, outbound is not to port 80, unless it is talking to another web server. When a client PC sends a request for a web page to a web server, its request is addressed to port 80 on the host (this is the standard web server port) and assigns a response port (typically somewhere above port 1056). This response port is not fixed and can and will change.

The rule for apache should be along these lines;

Action : ALLOW
Direction : IN
Protocol : IP
Source port : ANY (Source in this case refers to the PC making the request)
Remote port : 80 (Remote refers to your apache server, as it is remote to the origin of the request)
IP details : ANY

Try these and see how they go.

hope this helps,
Ewen :slight_smile:

How do I set the Remote Port ??
If I go into application control rules it asks for an IP address: 0 . 0 . 0 . 0

Could I use Host Name, and use Localhost ???
Or isnt localhost port 80

As you can tell, I’m learning.

Appreciate your help

I’m not at a PC with CPF installed at the moment, but I’ll answer as soon as poss. In the interim, try going into Application Monitor while apache is running, do a right click on it and select EDIT.

See how you go and I’ll get back to you ASAP.

Don’t worry about asking newbie type questions. The only really dumb ones are the ones that DON’T get asked, cause they never get answered. We’re all learning here.

Ewen :slight_smile:

This is one nice bit of software, I’m loving it already. But, it would be nice to have it set up correctly.

The rule that panic described must be added at the “Nework Monitor” panel of CPF and not at the “Application Monitor” panel

Sorry, I should have said that is where I was trying to create the rule (Network Monitor).

Gives me a bunch of options, but I dont understand any of them.
I just want to sort it out as my friends and I use my test site to have some fun. Problem is that I also have mysql-nt.exe and php.exe open, but if I block them (php.exe) then nothing works.

If I get apache sorted out first, then I can worry about the others. Its a pain learning about everything all at once. It was almost more fun just surfing.

Ok. Here is what you must do for creating a rule:

With right click on the mouse over the network monito panel select “add rule” → “add”

Then on the window that opens add the following settings (I’m not sure if they are correct, please give some description of which ports your apache server use):

Action= Allow
Protocol= TCP
Direction= In
Source IP= Any
Remote IP= your computer IP
Source port= “a set of ports”= 80,443 (these are the common ports that the browsers use)
Remote port= “a set of ports”= 80,443 (I’m not sure for these ports, please confirm if those are the ports that apache use)

then move this rule up, over the default “block” rule

ah… but at the end of this journey you’ll be able to look back at all the cool stuff you did and learned… frustrating sometimes, but worth every minute :wink:

… and if I’m not mistaken, Ewen here was one of the first (if not the first) to help me on my very first post.

While I cannot contribute to your server issue, I can assure you that you are in good hands ;D

(CLY)

Aren’t application rules carried through to the network monitor, or does the network monitor take precedence?

Ewen :slight_smile:

If a PC is trying to contact your server over the internet, it is considered the SOURCE, and it is sending a request TO port 80 on your server. Included in the header of the data packet is the return IP address and port of the requesting PC. The return port will be somewhere above 1056.

It will not be port 80, as this is the HTTP request port for inbound requests TO a server. Even if the PC attempting contact is a server, it is trying to get to port 80 on your PC and is listening on a different port for the response.

In the example rule that Pandlouk defined for you, the SOURCE PORT should be set to ANY, as the response port is set by the requesting PC and we don’t know what that would be until it shows up on our server. The REMOTE PORT is shown correctly as 80, 443 (80 for normal web traffic and 443 for secure SSL traffic).

It’d be nice if everything was done automatically, but I’m afraid you going to have to get your head around some of this stuff to really understand what’s going on and be able to control access to your server. If you’re going to expose a server to the internet, you have an obligation to yourself and to the rest of us that it won’t become a compromised server and kill us with spam, DOS and other ■■■■.

Besides, once you get the hang of it, it’s not really all that hard and kinda cool to learn. :wink:

Hope this helps,
Ewen :slight_smile:

Dude what a great post !
Thanks for that.
I’m not planning on giving up, its just that learning php, mysql, setting up apache, it must be my age or something.

I cant figure out whats going on with this firewall yet, apart from knowing I’ve had one attempt at being attacked. I’ll sort it, just means there might be a lot of questions for a while.

Appreciate the replies

No probs.

Learning’s half the fun, anyway. Apply the lemon principle - suck it and see. If you don’t know how something works, try a couple of things, see which one makes you pull the worst face and then do the oppposite. LOL

You’ll get there.

Ewen :slight_smile:

In Application control Rules I have Apache,Mysql twice !
Why I’m not sure ?
Order is : Application,Remote,Port,Protocol,Permission

Apache [Any] [Any] TCP/UDP In/Out Allow
Apache [Any] In[80,443] TCP/UDP In Allow

Mysqld-nt.exe [Any] [Any] TCP/UDP In Allow
Mysqld-nt.exe [Any] [Any] TCP/UDP Out Allow

php.exe Range:0.0.0.0-255.255.255… 0-065535 TCP/UDP In/Out Allow

When I set Apache for In[80,443], The next time I tried to bring up my web page C.O.M.O.D.O popped up ask what it should do, I was back at square one.

In Network control Rules I have ID 0-3 (so theres 4 rows)
They all strike me like they are wide open, they are :
2 of:
ALLOW IP OUT from [Any] TO IP [Any] WHERE IPPROTO IS [Any]
2 of:
ALLOW TCP OR UDP IN or OUT FROM IP [Any] TO IP [Any] WHERE SOURCE PORT IS [Any] AND REMOTE PORT IS [Any]

I have tested my security so I’m not toooo WoRRieD at this point, but I do need to close a few holes.

And before anyone suggests it, I have look at the help files.
From what I understand it is the Network Monitoring I need to worry about, and Apache should probably being the only app having access to the network, which is what my original post pointed to anyway.

Great inspiration and explanation! I like your mood and way of seing things a lot!
Keep the enthusiasm tolling!

I just down loaded comofirewall, am running xp home editon. I start out installing then I receive
error message code 03 rollback. What is this how can be corrected. E-mail me asap Please?!!!

Who defines the source ports that will an app use to make a bind?
The OS?
By what logic?