Utorrent,VPN,and ports

Hi

Some backround

I have a D-link Router.Model #DIR615.I have 2 devices on this router.My main pc,which is running Windows XP Pro Service pack 3,and is hardwired to the router.I also have a Laptop running on a wireless connection through this router using Windows 7.No problems everything is working fine.The main difference between my 2 computers is the main pc is running on a open vpn connection.The laptop is using my standard isp connection.

My Isp service is 10 megabits down,1 megabit up.I average between 1MB/S - 1.1MB/S download,and up speed averages 100KB/S

I started using Comodo Firewall about a year ago.I had very little knowlege of configuring firewalls,but found some great tutorials.I was a member of Hide My ■■■ Vpn,and used these tutorials to configure comodo.On a side note I found a much better vpn service,but thats another story.The first tutorial I used to control my vpn connection through a mac address,and the second tutorial I found some good tips.

http://forum.hidemyass.com/thread-3147.html

http://forum.hidemyass.com/thread-1416.html

I have seen many tutorials on how to configure utorrent for CIS 3 and 4,but none on CIS 5.There are many different tutorials concerning Comodo,and its confusing.I was able to configure Utorrent using CIS 5,

First,The port checker in utorrent sucks! It shows my port closed,when I use there port checker.The weird part is I am getting my full line speed on my vpn service(1MB/S) through utorrent,and icon is green even though the port checker in utorrent says closed.You can see in picture (1) that my download speed is 1.1MB/S.I am getting over and above my line speed running a vpn connection.In picture (2) I am still getting my full line speed ,but you can see utorrent is saying my port is closed…

Before making any rules in Comodo I forwared the port on the router for utorrent.

Picture(3) are application rules I made a rule for utorrent and firefox using this tutorial http://forum.hidemyass.com/thread-3147.html
The rules i made here apply to my vpn connection.Utorrent and FF will only run under a vpn connection

Picture (4) shows my global rules.You can see the rule I added for utorrent to accept TCP and UDP for the port I forwarded to utorrent.Picture(5) shows Comodo firewall accepting utorrent connections.

I mentioned the port checker in utorrent sucks,and it does I used a 3rd party port checker,and checked the port # I assigned in utorrent,and it says its opened.You can also see in pictures 4 that Comodo Firewall is set up to receive TCP and UDP connections for the port I selected.Picture 5 shows those connections.I am also getting my full line speed,so if the port was closed,that would not be the case.Hopefully this will help people configuring utorrent with Comodo.

Here is my question;

I used Shields Up and it indicated that I had a few open ports.I made a few rules to Comodo to close those ports.I think shields up was reading open ports on the router and that why some were open .I used the port stealth wizard in comodo ,and selected the 3rd option “block all incoming connections and steath my ports to everyone” You can see in picture 4 the rules it added.There are 4 rules.They are below the utorrent rule I made.

Are my ports stealthed? :P0l

[attachment deleted by admin]

Howdy

I can honestly tell you, If you do not have DMZ / or any other bypass method enabled on your router. Than Shields Up is not testing Comodo’s Firewalll but Testing your Routers Firewall.
Again, Shields Up tests your routers firewall, unless you don’t have one than it’s testing Comodo’s Firewall.

Hope I’ve answered your question

Thanks

Jake

Two things:

1. If the firewall is seeing the scans from GRC, you’ve either placed the PC in the DMZ or your router firewall is disabled.

2. You asked “Are my ports stealthed?” It’s impossible to tell from the screen shots, as they only show port activity. What did the Shields-up scan result say?

DMZ is disabled in firewall

GRC Port Authority Report created on UTC: 2011-11-28 at 11:17:59

Results from scan of ports: 0-1055

2 Ports Open

207 Ports Closed
847 Ports Stealth

1056 Ports Tested

Ports found to be OPEN were: 111, 777

Ports found to be CLOSED were: 0, 1, 9, 18, 29, 32, 46, 50,
51, 62, 63, 65, 67, 76, 87, 88,
92, 94, 95, 98, 105, 108, 115,
122, 123, 126, 135, 136, 138,
140, 145, 150, 151, 160, 162,
168, 172, 174, 177, 185, 195,
196, 197, 206, 207, 210, 218,
219, 222, 223, 226, 230, 239,
245, 248, 264, 266, 268, 270,
273, 298, 300, 302, 308, 315,
316, 318, 319, 329, 332, 334,
337, 343, 344, 346, 347, 350,
351, 357, 364, 365, 366, 370,
375, 383, 387, 407, 412, 413,
415, 419, 429, 435, 440, 446,
450, 455, 456, 467, 489, 500,
501, 502, 505, 506, 508, 514,
520, 534, 537, 540, 541, 544,
563, 580, 585, 591, 597, 601,
603, 608, 610, 624, 639, 647,
655, 656, 660, 661, 664, 667,
673, 678, 698, 700, 705, 708,
724, 726, 728, 730, 734, 750,
765, 766, 773, 774, 781, 785,
788, 794, 801, 803, 807, 808,
814, 816, 824, 825, 827, 831,
843, 844, 847, 849, 852, 854,
861, 864, 867, 875, 885, 887,
892, 893, 895, 897, 911, 925,
926, 927, 932, 934, 939, 940,
943, 945, 950, 953, 963, 966,
967, 974, 978, 979, 980, 984,
1006, 1013, 1022, 1027, 1030,
1031, 1032, 1035, 1039, 1052

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Apologies, I misread part of your earlier post and I mistook the rather strange collection of blocked ports you have in your Global rules to be associated with the GRC scan.

With regard to the scan results, they’re not terribly good. The two open ports are port 111 SunRPC and 777 (most recently) Moria update protocol, which was part of project Athena. Neither of these should be open unless you have done so manually. The 207 closed ports aren’t necessarily a bad thing - a closed port is not an automatic security risk - but most people feel, rightly or wrongly, more comfortable having their ports ‘stealthed’.

In your Global rules, if you enable logging on the ‘Block IP In ANY’ rule and run the test again are there any entries in the firewall log file?

Unfortunately, I’ve not used a D-Link router for a long time and I’ve forgotten most of the configuration options, but something sounds amiss with the set-up somewhere.

On the subject or uTorrent, if your configuration is correct, the port should not be seen as closed, have you tried running a test without the VPN and maybe even without the router? as you’re using a VPN you might be interested in checking if the configuration is correct with http://checkmytorrentip.com/

I turned off comodo firewall,and used my vpn connection with the router.Utorrrent port checker said port was open.When I turn on comodo firewall back on and ckeck the port its blocked.

These are the rules I made(below) under “application rules” These rules work and were tested.If I close my vpn connection I am disconeccted ffrom the internet.

I forwared the port from my router,but I’m at a loss why Comodo blocks the port for utorrent.

This will configure Comodo Firewall to allow specific applications, to access to the internet,only when HMA VPN is active.
With Comodo firewall (100% free version), you can set a network zone based on an adapters MAC, make a pre-defined rule for that zone, and apply that rule to certain applications.

A. Create a network zone, Get the MAC for the TAP-Win adapter

1. (XP) Start / Run and type CMD, press enter.
   (Win7) Start and type CMD, press enter.
2. You should see a black box called a DOS box with a blinking cursor.
3. Type IPCONFIG /ALL
4. Look in the mess of junk for the section that says TAP-Win32.
5. You need the part that says Physical Address . . . . . . 00-??-??-??-??-??
6. Leave this window open for now.

B. Create network zone, Add in Comodo

1. In Comodo, go to Firewall / Advanced / Network Security Policy / My Network Zones
2. Add / New Network Zone
3. Name it HMA MAC (press apply)
4. Select HMA MAC
5. Add / New Address
6. Choose “A MAC Address” and enter the Physical Address from earlier.
7. You should see your new Zone with the New rule.
8. Press OK.

C. Make a Pre-Defined Rule

1. Open Firewall / Advanced / Predefined Firewall Policies

2. Click ADD

3. Enter a Name, HMA Only

4. Add…
   Action: Allow
   Protocol: IP
   Direction: In
   Source Address: Any
   Destination Address: Zone / HMA MAC
   Apply

5. Add…
   Action: Allow
   Protocol: IP
   Direction: Out
   Source Address: Zone / HMA MAC
   Destination Address: Any
   Apply

6. Add…
   Action: Block
   Protocol: IP
   Direction: In/Out
   Source Address: Any
   Destination Address: Any
   Apply
   Apply
   Apply

7. You should now have 2 green rules and then a Red one.

D: Apply rule to Applications

1. Open Firewall / Advanced / Network Security Policy / Application Rules
2. Choose the application that should only work with HMA active, or add an new one.
3. It will open to “Application Network Access Control”
4. Here choose the Predefined Policy “HMA Only”
5. If there are other rules already, they will be removed.To keep any existing settings, you’ll have to improvise here.
6. Apply
7. OK.

Do this to all apps that should only access through the HMA VPN Connection

E. Testing…

1. In the above example, I made a rule for Google Chrome.
2. Disconnect from HMA
3. Open Chrome - it is unable to load the home page.
4. Enable HMA
5. Refresh Chrome - it works

Disable logging on the utorrent Global rule and enable logging on the Application rule. Also change the block to ask.

Edit: Having thought about this a little more, I wonder if the VPN provider obfuscates the port as well as the IP address. If they do, it could be the reason the set-up guide fails…