opening ports to "share media with other devices"

hi everyone, it seems my firewall is blocking my TV wireless lan from accessing my pc media files.

i’ve allowed sharing through windows and windows recognizes the device, but i need to change port settings in the firewall manually to allow the connection.

how can i open specific ports to local subnet only?

please help!

If you simply want to make sure there are no restrictions in LAN traffic, you can use the method described at Define a new trusted network and make my ports stealth for everyone else

Alternatively, you could specify which IP Addresses and ports you wish to allow, by creating outbound rules for a given application under Application rules and inbound rules under Global rules.

Which version of windows are you using and what is the device you wish to share with?

oh man, i was hoping to hear from you on this!

i’m running XP (v5.1), sp3. and trying to allow access to a sony bravia tv (KDL-40EX710)

specifically, windows suggests: “The following table shows the firewall ports that must be opened if you want to share media to other devices.”

1900- UDP,
2869- TCP,
10243- TCP,
10280-10284- UDP

i tried the first option you mentioned and the only zone in the dropbox is my loopback zone… if i select that would it limit restrictions to my LAN traffic?

thanks again, i’m pretty lost here…

Usually, CIS detects networks it’s attached to, unless the feature has been disabled. However, creating a zone manually is quite simple. In this example I’ll assume you’re behind a router and the IP address range being used by the devices on your LAN are something like 192.168.1.1 - 255.255.255.0

  1. Open the Comodo control panel from the system tray
  2. Select Network Security Policy/Network Zones
  3. Select Add/New Network Zone - Give the Zone a name (anything you wish)
  4. Select the new zone, right click and select Add
  5. Select IPv4 Subnet Mask
  6. In the IP box add 192.168.1.1. In the Mask box add 255.255.255.0
  7. Select apply

Now you can use the method described above, by selecting you new zone.

Whilst performing the aforementioned operation provides general connectivity, it’s likely you’ll still need to allow Media Player/Centre to operate through the firewall. You could try manually opening the ports, but it’s easy to miss something. Your options:

  1. You could apply the pre-defined outgoing rule, but that may prevent discovery by the TV
  2. If you trust Media Player/Centre, you could make it a trusted application.
  3. You could create rules that allow full connectivity on your LAN and selectively to the Internet

If number 3 is of interest, take a look at the rules that were added when we created a Network Zone, there will be two, one for outbound traffic and one for inbound. You will find them on the system process and in Global rules. Simply copy the detail in those rules to your Media Player application. If you want, also allow the application to connect to the Internet for content, by creating rules that allow TCP out on ports 80 and 443.

See how that goes. If problems persist, we’ll take a look at the firewall logs and the rules created thus far.

Woo! ;D :o THANK YOU.

ok, so i’ve followed your directions and have achieved connectivity between my pc and TV.

to do so i also had to allow svchost.exe to do it’s thing as well - when i was prompted by comodo. i took a chance and clicked “allow”… and it worked.

now my question is this:

how do i continue to allow svchost.exe to move freely in my lan, but not open it up to internet attacks? i can’t tell if i’ve just made my pc vulnerable…

You can do one of two things, either allow svchost.exe to communicate explicitly with the IP address of the other device, or more generally, apply the LAN zone rules to svchost as well. The latter is something I do, as svchost need to communicate (I have a Windows 7 Homegroup) on my LAN but I also like to control the Internet access it has.

Thus, the first two rules for svchost would be:

Action - Allow
Protocol - IP
Direction - IN
Source Address - Network Zone (what ever you called yours)
Destination Address - ANY
IP - Details - ANY

Action - Allow
Protocol - IP
Direction - OUT
Source Address - ANY
Destination Address - Network Zone (what ever you called yours)
IP - Details - ANY

Following these you can add any Internet rules you may need.