Hello everybody. I’ve been trying to solve my problem for a few days but had finaly given up and came here for help.
My configuration is the following:
Windows 2008 Server R2 with routing and remote access enabled and CIS installed on it. Windows firewall is disabled. Comodo firewall is working in the “Safe mode”
VirtualBox on this server with a CentOS running on it.
Transmission daemon running on CentOS, with ports 9091 and 51414 that need to be accessible from outside.
RRAS is configured in NAT mode for VirtualBox network, and there are rules for port mapping (external ip : 9091 → internal ip 9091, and same for 51414).
Now the tricky part:
Using canyouseemee.org I’m checking accessibility of my ports from outside. If comodo firewall is turned off, ports are visible and can be accessed. If comodo firewall is turned on, no matter what rules I add, access to these ports is blocked. Firewall journal shows events like this:
Application: windows operating system
Source IP: some IP from canyouseemeorg
Source port: some port
Destination IP: my external IP
Destination port: 9091
I’ve read about similar problem on that forum (russian), but solution from the final post doesn’t work for me:
What I tried:
Adding allow TCP In where destination port is 9091 to both global rules and system rules on application tab - no success.
Adding allow TCP or UDP In/Out where destination port is 9091 to both global ruses and system rules on application tab - no success.
Adding allow IP In/Out to both global rules and system rules on application tab - no success (this looks crazy for me, didn’t I whitelist everything?).
I also tried solution from here http://otvety.google.ru/otvety/thread?tid=0da40103b1963221 (also in russian). The idea is to attempt to start RRAS service before Comodo in some way. The author suggests adding a service dependency to Comodo Helper service. Well, Comodo didn’t like it. Helper service couldn’t start by itself, so I decided not to use this solution.
So, can anybody explain the situation and provide some suggestion on how to fix that? I still want to use Comodo firewall + RRAS and turning it off each time access to this ports is needed is not a solution. If youneed any additional info, like some screenshots or logs, feel free to ask.
UPD: well, I found a workaround. If I use portproxy interface instead of RRAS, COMODO doesn’t hinder portmapping. Still, it would be nice to see how to correctly do it in RRAS. Because such a solution makes ability of torrent client to block ips uselss or even dangerous (it only sees connections from server machine, not from real peers).