Hello, I have following situation: I have small LAN (two pc and ASDL router). “server” pc (lets call it A) has ICS turned on, so other pc ( B ) can use internet too. There is also COMODO3 installed on pc A. Internet connection sharing works fine.
However, when internet connection in on, COMODO is blocking FTP passive connections from B. So, pc B can connect and login, but when it comes to establishing passive connections - pc A blocks it. In logs I see that its blocked by “Windows Operating System”. When internet connection is off - everything is fine.
Global rules allow all traffic in the LAN zone.
Also, PC A is allowing connections from the internet on specified port (for uTorrent). And it works, however sometimes, it just stop allowing connections for few minutes (again WOS). Please help to understand what a hell is going on ?
EDIT:
Ok, I guess the first problem (with passive FTP) source - is that ICS blocks port range used for passive FTP connections. But I still cant tell whats with the uTorrent port thing.
Usually a WOS Block from Utorrent is due to a connection attempt outside the rules assigned to Utorrent. Also, do you have any Global rules that might be causing the disruption (are you logging your blocks?)?
Rules are pretty plain.
Global - allow all in/out for LAN; allow TCP/UDP INCOMING on [utorrent port]; block&log all other INCOMING.
And in applications rules - utorrent is trusted application.
And this is working, however, when I checked my logs, I got this 5 min of blocking utorrent connections, once in few days. What possibly could cause this ?
Does that rule exist in the Utorrent application rules as well? If not, go to Network Security Policy > Application Rules > Utorrent and make sure that the same rule is applied to Utor above any blocking rules.
The sporadic blocking is quite strange indeed - sorry 'bout missing the line regarding Utor being trusted (allowing all incoming) this particular block is often caused by Global/App not lining up, so thought I’d ask. That incoming traffic to Utor would flow fine and then be suddenly blocked for 5 minutes or so…then start up again? Is the “do protocol analysis” box unchecked?
Well… I think my rules are correct. I mean what would wizard do other than this ?
My log is 4 days long, this “thing” happened 3 times during this period. From several minutes to hour. Sometimes it was just UDP, sometimes TCP packets that were blocked. After that everything returns to normal.
The only option I have checked is “Block fragmented IP datagrams”. Could it be that ICS somehow affects this ? Or maybe something could be wrong with “System” or “agl.exe” application rules settings ?
I would ditch the fragmented ip datagrams rule. It is not uncommon for these sensitive miscellaneous settings to have an impact on some folks torrenting abilities, and it does appear that your blocks are very address and port specific (rather than every or any add/port) If you have suspicions about WOS application settings it’s worth checking these rules as well.
Ps. the Stealth Ports wizard might goof up those custom Global rules you seem to rely on, use with this information.
I think I resolved this issue. I did some tests and i belive that these incoming connection were rejected because utorrent was not running at that time, but tracker(or DHT) still wasnt updated, so I had these incoming requests.