Trying to understand what all this means

bxf · July 17, 2008, 10:55pm

I just got an ADSL connection. All my previous connections had been through dial-up or broadband USB modems, so this is my first exposure to this type of hardware, and my knowledge is seriously lacking in this area. I’m not even sure I can formulate an intelligent question, but I’ll try.

Running uTorrent, Comodo FW was showing me Blocked events, both TCP and UDP, with a Source IP being that of my router, various Destination IPs and various Source and Destination ports. Only SOME of the Source Port entries refer to the port I’ve designated as the “Port used for incoming connections” in uTorrent. Also, uTorrent was showing me a red exclamation mark in the Status Bar where we should have a check mark in a green circle.

I added a rule to the uTorrent Predefined Firewall Policy which says Allow TCP/UDP OUT, Source Address=my router’s IP address, Destination Address=ANY, Source Port=my uTorrent port for incoming connections, Destination Port=1025-65535. uTorrent is “running green”, but I still get the occasional alert, and some Blocked entries in Firewall Events.

Firstly, I don’t see why the rule I added should have any effect, given that there are already rules that say Allow TCP or UDP OUT, Source IP=ANY, Dest IP=ANY (in accordance with the published recommendations for uTorrent rules). ANY should include my router’s IP address, no? So why would my adding a similar rule, but designating a specific Source IP instead of ANY make any difference?

Secondly, what do these Blocked entries actually mean? I’m interpreting the fact that the Source IP is my router’s IP to mean that these are Outgoing connections. Why would uTorrent be trying to connect to ports other than the one I designated for it to use for incoming connections?

I’m aware of the concept of Port Forwarding, which is not to say that I understand it’s purpose. But given that uTorrent is apparently happy, is Port Forwarding something I should be looking into? Am I partly answering my own first question here?

My apologies if I’m sounding dumb - this is all new to me. I’m not quite sure that the above are the only things that confuse me, but it’s a start.

Thanks for any input.

system · July 17, 2008, 10:58pm

Follow this thread.

https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/tutorial_for_utorrent_with_comodo_firewall_3-t15677.0.html

system · July 17, 2008, 11:02pm

Comodo is software and not hardware. Do you have a hardware firewall on your modem or router?

bxf · July 17, 2008, 11:21pm

Thanks for the reply.

I already have all the indicated rules for uTorrent, so the only info in the provided link that I need to pay attention to is the stuff about Port Forwarding. In fact, I already had a look at similar info before posting. But if this is necessary, why does uTorrent appear to be happy as it is, without me having done so?

But I still don’t understand how adding a rule that is a subset of an existing rule makes any difference.

bxf · July 17, 2008, 11:28pm

I have no English documentation, but I did come across something that, in what I think is a reference to my device (Thomson ST516v6), says “…Security Level to allow all outgoing connections and block all incoming traffic. Game and Application sharing is allowed by the firewall”.

system · July 17, 2008, 11:36pm

You need to post this in the uTorrent thread.

bxf · July 18, 2008, 12:07am

I would have thought that the question of “how adding a rule that is a subset of an existing rule makes any difference” is a CPF question, no? But thanks anyway.

gibran · July 18, 2008, 5:22pm

Hallo bxf,
The only likely answer would be no difference at all
The amount of info you provided is not enough to answer all your questions.

Anyway since you get few alerts the first thing to do would be to check your ruleset.
The topic mentioned by Vettetech could serve that purpose.
If an initial troubleshooting with the help of users of that topic confirms that your ruleset is OK then additional troubleshooting can be carried in this topic to find out if this is caused by a software conflict or it is a bug.

bxf · July 23, 2008, 1:39pm

Sorry, I thought there were no more replies to this post.

It appears that uTorrent itself had a couple of hiccups, which resulted in it “showing green”. This happened once again while I was investigating the situation. In other words, the fact that it turned green was not due to the rule I added. This is gratifying, as it would have been “difficult” to explain the situation from a firewall perspective.

Thanks for all the input.