Port Forwarding and Rules

So when I was originally trying to ‘port forward’ in Comodo Firewall, I would set rules to the individual programs, in my case; Javaw.exe, Minecraft_Server.exe and srcds.exe [for source dedicated server]. I would test port checking websites such as yougetsignal and checking in-game with friends. To no avail, could they connect. So, I do the obvious and disable it, hey presto it works!

So I want my firewall on, remove the application rules [as they aren’t working] and set up generic global rules instead, unfortunately not the specific programs but for the ports. It works. What I want to know is, why aren’t my application rules working and I am forced to set the exceptions on the ports in Global Rules?

~Charlie

Welcome.

If you’re creating rules to allow inbound connections, in addition to the individual Application rules, which cater for a specific process, you’ll probably, depending on other settings, need to create one or more Global rules that allow the protocol and port required by the inbound application. For example, if you had a web server running your rules would look something like:

Global rule:
Action - Allow
Protocol - TCP
Direction = In
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 80, 443

Application Rule
Application Name - mywebserver.exe
Action - Allow
Protocol - TCP
Direction = In
Source Address - Any
Destination Address - Any
Source Port - Any
Destination Port - 80, 443

As far as I remember, the default protocol/port for Minecraft is TCP/25565. You’ll need to find information on the ports used for the source server.

That’s the weird thing, there is no point in the application rules for me as it doesn’t work. Just having the global rule on it’s own is working.

Inbound Global rules, in isolation, won’t do anything, there has to be a process listening on the appropriate protocol/port. If there’s no valid process available to receive the inbound connections, the packets will be discarded. Perhaps you’ve used ‘trusted’ rules for your applications?

Within application rules, I tried using trusted and even a custom policy to allow connection through, in Minecraft’s case, the port 25565 TCP but it didn’t work. It’s just I thought it’s much safer to have application rules as I thought global rules can be used by an program, yet I have to use a global rule.

You may need to use both, depending upon your settings. Post screenshots of your application and global rules.