I’ve recently installed comodo to give it a try, and am having trouble figuring out where in the firewall policies I would set port forwarding up.
I’ve got a LAN set up where the internet is shared through a NAT’d gateway and not a consumer grade router. Everything works great, just need to forward some ports to specific boxes inside the LAN.
Was wondering if anybody would be able to give some advice as to how to forward ports within Comodo? I’m still having difficulty figuring out where, if at all, this capability is in the program.
Evening orcsoul
My name is Jacob Kilgore,
I’m one of the Moderators here at Comodo Forums
I would like to try to solve your Question
To Access Global Rules to Forward a Port
Firewall > Advanced > Network Security Policy > Global Rules> Add
Then Add In The Details (Allow, TCP/UDP(or Other), In or out?, Simple Description etc etc)
Once Completed Entering The Details Click Apply
Drag The Rule You Just Created To The Top of The List Then Click Apply
Did this Help You?
- Jacob Kilgore
C-O-M-O-D-O Forum Moderator
If I were to forward port 39832 for an application that only communicates on that port to address 192.168.1.3 in my LAN would the settings be as follows?
Source address: Any
Destination Address: 192.168.1.3
Source port: any
Destination port: 39832
Hello Again,
I believe you are ok but
If the application only communicates on that port then the source port would have to be the same as well unless the application/program doesn’t use a different Port
Other then I believe you would be ok
Correct me if I’m wrong You are wanting the following
Incoming
You Want To Allow 192.168.1.3 Through Port 39832 to Connect to your PC Correct?
Source address: 192.168.1.3
Destination Address: My Network
Source port: 39832 ( IF Application Only Uses This Port, If Not Need to Enter More Ports )
Destination port: 39832 ( IF Application Only Uses This Port, If Not Need to Enter More Ports )
Out Going
PC/Application > Allow “Network” Through Port 39832 to Connect to 192.168.1.3 Correct?
Source address: My Network
Destination Address: 192.168.1.3
Source port: 39832 ( IF Application Only Uses This Port, If Not Need to Enter More Ports )
Destination port: 39832 ( IF Application Only Uses This Port, If Not Need to Enter More Ports )
- Jacob Kilgore
C-O-M-O-D-O Forum Moderator
The application running on 192.168.1.3 needs to have the port forwarded from the gateway computer that is a dual NIC interface, one for WAN connectivity the other for LAN…
Gateway Computer
NIC 1 to WAN
NIC 2 192.168.1.1 to LAN
LAN has multiple computers 192.168.1.x
192.168.1.3 runs an application that requires a port to be forwarded to it to function properly. The connections are incoming via the internet. The application running on the 192.168.1.3 PC accepts connections only on the 39832 port.
Hello Orcsoul,
Just a thought, have you tested this with the Firewall Security Level set to disabled ?
The problem in this setup is that you have to do a ‘port address translation’ and that can’t be done by CIS firewall, you need to fix that in the ‘router’ setup.
PAT does the following, an incoming packet destined for your 1 single external ip address say 10.10.10.10 on port 39832 would be rewritten by the OS to destination 192.168.1.3 port 39832.
The above can’t be done by CIS because it’s not a router.
If the above is handled by the Gateway’s OS, you can allow the incoming traffic to go trough the firewall to access the host behind it. Just start with a global rule allowing Src Any, Dst Any, Src Port Any, Dst port 39832 in that case, put logging on it and if you want to tighten it down, do so based on the log results.
Hope this helps.
So CIS can’t handle port forwarding? That’s a shame… quite possibly one of the only software firewall products I’ve used that doesn’t include the capability to do that. Thanks for your help though.
No CIS is not a router, CIS is a Firewall.
You have to configure the Port Forwarding in the “router” I guess ICS in this case ?
Then you can use the Software Firewall to allow or block traffic.
ICS is not feature rich enough for port forwarding, it’s NAT ‘Lite’ the only way for me to overcome that problem would be to use Windows server which has a full NAT implementation.
I’d put a hardware router in that place, it’s build for things like that 
Hardware routers, unless I go outside of consumer grade, have insufficient memory for their routing tables and get backed up and begin dropping connections though, I’ve tried a number of them over various time frames and none of them could handle the network load.
How much traffic do you have on that link then ?
I don’t have a hard number as i don’t run any sort of QOS nor do i monitor anything except for bandwidth usage, but the last few times I used a router, within 12-16 hours I started ahving connection drops across the network, web pages giving the connection reset error, etc… it’s largely a file server though, as well as a semi permament seed for several linux distributions… and the torrents are what cause a hardware firewall/router to be impractical for me.
I don’t know the size of you internet connection but a Cisco 800/1800 series router should do the job nicely.
Small home/based/basic internet routers will fail to run a large load of NAT/PAT traffic.