Hello, I have a computer running windows xp sp2, which runs a freeSSHd server and a tightVNC server.
My problem is that CFP seems to block incoming connections and I can’t connect to my SSH server or my VNC server from the lan (or wan).
How can I solve this?
Thanks in advance
Try to read the help file from your server programs, or check its website for specs. It should tell you what is needed (port). Or there should be some settings.
Then you must use that for a new rule in NetMon, above the last “block all” rule, to allow IN for that port, for that protocol.
I’ll see if i can find that out, but it should be easier for you, the program is in front of you
I can help you building the rule, if i know what is needed (never used ssh).
SSH typically runs on port 22/tcp, and a fast eyeball check of the tightvnc.com FAQ shows it should run using ports 5800 and 5900 (tcp??). You can use “netstat -an” from a command prompt to see what ports have Listening servers running. The CFP Activity monitors for Connections and Logging can be informative to see what’s coming and going.
I noticed the tightvnc FAQ suggests running the VNC thru an SSH tunnel for security. If you’re going to run this exposed to the Internet, I strongly suggest you configure your SSH server to use some port other than 22/tcp (pick one, 61022/tcp for example). Port 22/tcp is heavily scanned by attackers. On the dshield.org top-10 list of scanned ports, port 22 is number 4. And the VNC port 5900, is number 3. Expect CFP to get seriously exercised.
SSH can be a bit awkward to configure, as there are several versions, and protocol versions within those versions. Both server and incoming client have to be compatible versions, and speaking the same protocol. Turn on as many debugging trace options as are available, and work only on a protected LAN until you get it working. If you can, use SSL certificates (even self-signed ones), rather than passwords. Attackers try to brute force passwords, by the thousands.
Then move to using tightVNC over the SSH tunnel. The tightvnc FAQ looks to give good guidance on setting things up.
Be sure to subscribe to any security mailing lists these products have. They may well be the only heads-up notice you’ll get without getting your box taken over.
So you know the ports, now build a Network Monitor rule.
Click Add in NetMon, then choose Allow, TCP, IN, destination port (place here the ports). Then you can restrict further by IP, etc. , but having a strong password in SSH could be enough (like i said, i’m not familiar with this), provided it’s the only app listening on these ports (as soon as Comodo allows the packets through, now security relies on the program listening, something like that).
thanks, it was the network rules missing
all working fine.
I was actually sertting up an ssh tunnel so I can use VNC from work in a secure way.
thanks all who helped
Had to work, glad it did.
You see, the “out of the box” rules in Network Monitor allows everything out (wait!), and the corresponding replies (it’s a stateful firewall, that’s why they all showed OUT). The Application Monitor is what restricts outbound.
If you plan on receiving unsolicited packets (perspective from the computer with Comodo FW), such as a server, you need to tell Network Monitor what to allow IN, and restrict it as much as possible (default deny).
Last note is the order of the rules in Network Monitor: if the 1st rule matches, it’s applied, and the rest are ignored. If it doesn’t, the next rule (immediately below) is checked- if it matches it’s applied … and so on.
Network Monitor is king, whatever it does not allow, does not go through (assuming the last Block All rule is still present).
If it allows, Application Monitor is next.