Skype

Comodo Internet Security - CIS Firewall Help - CIS
1

More than a year ago Pan Janek posted this advice below for a Skype connection…

[b]Enter the tab (Skype) Port Connection (free from Trojan ) for example 54937 and uncheck possibility of connecting to ports 80 and 443

Rule:
1.Allow-UDP-In
any, any, Privileged Ports (check Exclude), single port (54937)

2.Allow-TCP-Out
any, any, Privileged Ports (check Exclude), single port (443)

3.Block-IP-In/Out
any, any, any[/b]

Unfortunately because I do not understand networks much, I cannot effectively translate these instructions to Comodos latest firewall design. For eample there is nowhere that I can find refering to Priveledged Ports. I can however find under network security policy the following 4 areas -

  • source address
  • destination address
  • source port
  • destination port

My bigest issue is, I think, understanding what should be the port settings, what are the source or destination ports for each example. I have tried all permutations I can think of but Skype will still not connect. I do not want to revert to the defualt Skype config as rcommended by Skype, it is too wide open.

If anyone can kindly update Pan Janek’s step by step instructions but in the new firewall format, that would be much appreciated please.

If a moderator can please delete my earlier post because this clearer version now supercedes it. Thanks.

By the way, tried to PM Pan Jenek but he has not answered and he is not showing frequent acivity.

2

HI Guys, this post together with a previous version of it has been out since last weekend. Not a single answer :frowning:

There must me someone out there with some excellent firewall knowledge to help with these settings?

If not, can you suggest any other boards?

Fingers crossed :-\

3

Hi cavehomme

I haven’t used skype in a while but the following should work:

Open Skype and go to Tools/Options/Advanced/Connection

  1. Make a note of the ‘Use Port for Incoming Connections’
  2. Uncheck the box for use port 80 and 443

In Application Rules, create the following for Skype.exe

Allow = TCP OUT
From = ANY
To = ANY
Source Port = 1025 -65535
Destination Port = ANY

Allow = UDP OUT
From = ANY
To = ANY
Source Port = 1025 -65535
Destination Port = ANY

Allow = TCP OUT
From = ANY
To = ANY
Source Port = ANY
Destination Port = 80

Allow = UDP IN
From = ANY
To = ANY
Source Port = ANY
Destination Port = [enter port the number from skype]

Block and Log
IP IN or OUT
From = ANY
To = ANY
Protocol = ANY

In Global Rules create the following:

Allow = UDP IN
From = ANY
To = ANY
Source Port = ANY
Destination Port = [enter port the number from skype]

If you use SkypePM you’ll need to create rules for SkypePM.exe:

Allow = TCP Out
From = ANY
To = ANY
Source Port = ANY
Destination Port = 80

Allow = TCP Out
From = ANY
To = ANY
Source Port = ANY
Destination Port = 443

Allow = TCP Out
From = ANY
To = ANY
Source Port = ANY
Destination Port = 37

Allow = TCP Out
From = ANY
To = 127.0.0.1
Source Port = ANY
Destination Port = ANY

Block and Log
IP IN or OUT
From = ANY
To = ANY
Protocol = ANY

4

There always is the option of switching the firewall to training mode, start skype, place a call etc, then revert to previous mode. You can then check what rules have been created. This should help and you can tweak the rules is they are too loose.

Cheers

5

Quill, that’s absolutely perfect, thanks! :■■■■

It’s implemented, tested on a few scenarios and working well, especially allowing high quality speech which surprisingly was a problem on their default config. I was also being scanned by various IPs, could have been Skype, or not, I have yet to look them up them fully.

Much appreciated that you took the time to spell it out step by step. Thanks again.

Bulgroz, thanks for that suggestion also. I tried that a couple of times, but in tightening things up, I ended up blocking services, hence the need for the detailed step by step approach.

:comodo110: