comodo and icmp

Discussion in 'other firewalls' started by waters, Jan 26, 2007.

Thread Status:
Not open for further replies.
  1. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    I use utorrent and set tcp and udp correctly and download and upload ok.
    Problem is ,when download is finished and stopped utorrent sends an event stopped message to tracker to update my ratio.
    Since using comodo i see lots of icmp blocked in logs, saying error code 3 port unreachable.and ratio has stopped updating.
    So i have allowed icmp ,and maybe coincidence but now ratio is updating.
    Could icmp be needed to send ratio message to tracker and if so is it safe to allow icmp in a rule to allow all.
    If not safe ,how to create a rule for utorrent.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Waters,
    If there are connection problems then such an error message will be sent, If the software is unaware of the connection problem a timeout can happen, so you should allow ICMP 3, so that another (new) connection will be attempted.
     
  3. ejderpencesi

    ejderpencesi Registered Member

    Joined:
    Jun 20, 2006
    Posts:
    8
    i have same problem, iwanna allow icmp3 but there are 4 different icmp, net , port, host, protocol unreacheable. which ones and what direction should i allowo_O
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi ejderpencesi,
    Normally within a firewall, for use of such as P2P/Torrent, I would allow ICMP3 code any. But I see Comodo as split these up to names rathers than codes.

    I would add in/out for:-
    Host_Unreachable
    port_Unreachable
     
  5. ejderpencesi

    ejderpencesi Registered Member

    Joined:
    Jun 20, 2006
    Posts:
    8
    will there be any problem if i allow other icmp3 codeso_O and on the other hand at another forum i got this suggestion:
    * Port Unreachable in and out (but separete rules)
    * Host Unreachable in
    * Net Unreachable in
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    No, as I mentioned, I normally allow all ICMP when using such software.
    I see no need to seperate in/out for ICMP.
    As for "Net Unreachable", I have personally only seen a need for this when there is a private network within another, and error message is needed for any routing problems.
     
  7. ejderpencesi

    ejderpencesi Registered Member

    Joined:
    Jun 20, 2006
    Posts:
    8
    thanks too much...
     
  8. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Hi Stem,I have tried to allow icmp for pc tools firewall.
    I have selected icmp type and code equel to code 3 allow.
    Will this be ok for utorrent to send event stoped for tracker.
    When i used sygate it allowed icmp for utorrent by default.
    Thanks
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi waters,
    ICMP type3 code3 is "Port Unreachable" so yes

    You may also want to add ICMP type3 code1 "Host Unreachable"

    For ref, the rest of the codes for ICMP type3 below.

    ICMP Type 3 Destination Unreachable

    Codes
    0 Net Unreachable
    1 Host Unreachable
    2 Protocol Unreachable
    3 Port Unreachable
    4 Fragmentation Needed and Don't Fragment was Set
    5 Source Route Failed
    6 Destination Network Unknown
    7 Destination Host Unknown
    8 Source Host Isolated
    9 Communication with Destination Network is Administratively Prohibited
    10 Communication with Destination Host is Administratively Prohibited
    11 Destination Network Unreachable for Type of Service
    12 Destination Host Unreachable for Type of Service
    13 Communication Administratively Prohibited
    15 Precedence cutoff in effect
     
  10. waters

    waters Registered Member

    Joined:
    Nov 8, 2004
    Posts:
    934
    Thanks for advice again ,gone back to pc tools cause its light and they are going to add advanced rules ,like look n stop.
     
  11. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    pc tool firewall makes me lose internet connection. i liked it but comodo doesn't do this.
     
Loading...
Thread Status:
Not open for further replies.