Troubleshooting port forwarding

Hi there!

I am troubleshooting a port forwarding problem with opening incoming port 19750 for Murmur (Mumble server). I created a rule in Global Rules allowing TCP or UDP both in and out from any source address to my computer’s local IP 192.168.1.128 , but when I specify 19750 as a single port, the port testing websites find it unreachable. On the other hand, if I choose “any port” or set a wide range of ports, I get a green light for that port on canyouseeme.org but still get a “Connection refused” error on Mumble.

I can connect to the server from the same machine using 127.0.0.1 without any issues, presumably because of the general Allow rule on my Home Network Zone.

My main question is why is setting a single port giving me an unreachable status on the port checking websites? Any other help with why Mumble won’t connect is appreciated too.

Are you behind a router as well? If so you’ll need to port forward there as well.

Yes, the port is open on the router. I guess I would not get a green light on canyouseeme.org under any scenario if the router is blocking the port, right?

I believe the issue is in using the local IP address 192.168.1.128, You probably already know how it works but just in case, Your computer will have a local IP address that is only valid on your local network, then your whole local network will (depending on configuration) have one external IP address that isn’t a private IP address. When a port scan website tries to connect to your computer, it will try to connect to your external IP address (since it doesn’t know your local IP address and even if it did it wouldn’t be able to send it to this IP address since it’s a private IP address and can’t be used on “the internet”) and that means the Firewall in Comodo will see the packets going from the website to your external IP address at port 19750 and not your local IP address.

So you can’t use a local IP address if you want to be able to connect to the computer outside of the local network, but if you have dynamic IP addresses from your ISP then that could be a problem, luckily you have another option, you could use MAC address of your NIC as the destination.

Thanks for the detailed explanation. My setup is exactly as you describe, with a dynamic public IP. At the moment I am trying to connect by figuring out my public IP manually and using that to connect while I test the setup. I plan to use a dynamic DNS service once I get it to work.

192.168.1.128 is reserved on the router’s DHCP server and always assigned based on my computer’s MAC address. My understanding is that the NAT on the router will set my local 192.168… address as the destination address of the packets it forwards, and so I should be able to create a rule in Comodo based on that destination address. In any case, I have tried to use the MAC address as the destination in the Comodo rule (which is what I think you are suggesting) and have the same results. I’m quite stumped as to why it’s not working.

Is there a way to set up Comodo to detect the incoming connection, ask me if I want to allow it and save that preference? I’m starting to run out of things to try.

Your global rule should be as follows Action=Allow, Direction=IN, Protocol=TCP or UDP, Source Address=Any,Destination Address=Any,Source Port=Any,Destination Port=19750. This rule should be above any other global rules, then you need to do the same rule applied to the mumble server executable (murmur.exe) under application rules.