Hi, I’m a Comodo newbie so I’m hoping someone on the board has experience with this.
What I want to do is to block all incoming and outgoing traffic/connections/etc. from Azureus on my network interface but allow traffic through a VPN tunnel.
I’m not certain if Azureus makes use of any secondary executables/applications that need rules as well, such as Java itself or the jar file, etc.
I set up a rule for Azureus.exe: “Block IP In/Out From MAC Any to MAC Any Where Protocol Is Any”… And Comodo placed that rule at the top of the list. I assume that while Azureus is sending packets through the VPN tunnel, it shouldn’t get blocked?
When I run Azureus both with the VPN connected and disconnected, I receive the following error from Azureus:
ERROR: socket Selector.open() failed 10 times in a row, aborting.
Azureus / Java is likely being firewalled!
What kind of vpn are you using? If you’re using and openvpn based vpn service, you’ll need to change the rules for Azureus so that it sends and receives only from the range allowed by the vpn adapter and blocks everything else. If you’re using a pptp vpn - no so good - you should be able to block connections to and from your ‘real’ IP address and allow everything else.
I’m currently using an OpenVPN based service. I tried screwing around with the rules for Azureus.exe, but I kept getting that socketSelector error from Azureus, so I didn’t know what additional rules I needed to put in place. I tried adding exceptions to allow in/out traffic on the VPN’s IP range, but I must not be understanding something…
The general approach you’re using should work, at least it does for utorrent. However, you should make thr rules consistent with the IP address range of you vpn adapter for both in and out. It would also be better if the rules are created to do one thing only, i.e.
Allow TCP or UDP Out To [VPN range]
Allow TCP or UDP In From [VPN range] to torrent port.
Block everything else.
Don’t forget you also need equivalent Global rules if you have a Block IP in rule listed.
The best thing to do, is get the client working without the vpn first. Do this by following the instructions that Eric posted or for a graphical version see here. (Although these are for utorrent, the principle works for all p2p applications) Then once working, substitute the In/Out rules for the vpn range.
I tried to set it up using my normal IP address and it still fails using the rules on that guide. I get “Scrape OK” “Scrape Error: Connection refused: connect (IO)” “Connection Error (No data received from tracker)” and connection timed out errors. The client supposedly sees seeds and peers, but connecting to the torrents results in a connection that just sits there. I wonder if there’s something else in the firewall settings that might be blocking a connection to the client…
Provided you’ve created the appropriate rules and there are no rules above those you’ve created that would cause conflict, it should be ok. I’ve not used Azureus for a long time, so I’ll download it and see what happens. Which version are you using?
Just checked Azureus, the rules mentioned above work just as well for downloading torrents, I can’t say anything about all the added features, as I didn’t test them (images) As I suggested earlier, get this part working first.
I know I posted it because I clicked on your link and i agree. Trust . On the other hand i don’t share you enthusiasm for ipV6. I think it’s a security nightmare on the rise. Look at the address string. where can i query that to resolve a domain name. I like to maintain my flow of traffic. I have ipv6 disabled other than the loop back interface. Maybe you can inform me of any advantage to the protocol. Other than the sky is falling and were running out of IP addresses.
