Yellow light, and its not port forwarding

[fuzzmonkey]

I am running two computers with Bit Comet, one that has a green light and one with a yellow light with respect to the listen port.

The one with a green light is a dell inspiron 9400 running Windows XP SP2, Bit Comet v1.06 (stable). It has a 1.6ghz cpu with 2gb ram. It is connected wirelessly to a 2wire 2701 hg-b router/modem. The listen port I use for it is 11069.

The pc with a yellow light is a custom build running Windows Vista Ultimate 64 SP2, Bit Comet v1.14 (stable) and I have set up a static IP. It has a Core 2 Quad Q9650 3.2ghz with 8gb OCZ 6400 ram. This pc is hardlined to the 2wire 2701 hg-b router/modem. The listen port I am attempting to use right now is 49152.

I have made exceptions within the 2wire firewall for both computers and used a few different websites suggested in this forum and verified that both ports are in fact open (which i was pretty sure about 11069 anyway). I have tried different ports, making the exceptions individual and combining them (tcp & udp). I have made exceptions in windows firewall as well as attempted it with windows firewall completely disabled.

The 2wire 2701 hg-b has a mode called "DMZ plus" mode, which basically turns off its firewall for one pc. With that in effect and windows firewall turned off I cannot get my yellow light to turn green on my pc.

Having read many forums, spent a lot of time at portforwading.com and much searching i do not know what else to do.

Thank you for whatever help you can be.

[greywizard]

But do you get any remote connected peers for the Vista computer? That is on the Peers panel in Bitcomet.

[fuzzmonkey]

No, i only get local Peers on the Vista Comp.

[greywizard]

...and used a few different websites suggested in this forum and verified that both ports are in fact open (which i was pretty sure about 11069 anyway).

Did you run those tests from the Vista computer?

[fuzzmonkey]

I ran them from both computers independently on both ports.

Please use the "Fast Reply" option, unless there is a specific reason for quoting the post directlly prior to your own.

Edited August 26, 2009 by cassie (see edit history)

[greywizard]

Did you get positive results on both ports on the Vista computer?

It doesn't make much sense having those sites reporting your ports as open and then not getting remote connections in Bitcomet. Since you say you use just the Windows firewall, do you have enabled "Enable NAT/Firewall configuration in ICS/ICF"?

As for the remote connections I have to ask: did you test this on a torrent with lots of peers (i.e. Open Office) and waited until have downloaded at least a few pieces before checking (in order to have something to upload)?

Because you case seems a bit weird (you say you did everything right) you must proceed by elimination, because something must be missing.

Edited August 26, 2009 by greywizard (see edit history)

[kluelos]

Since you have the XP box running properly, I must assume that you know how to forward ports in your router, and have done so correctly for the Vista box. It's no different for a wired connection than a wireless one.

This suggests that you have a software firewall running on the Vista box, possibly one you don't know about, or one you think you've configured correctly but haven't, which is still blocking the listen port.

[The UnUsual Suspect]

My guess is that you have an Nvidia product in your custom built computer and you installed their free firewall, and/or N.A.M. (network address manager) software. If so, uninstall both and the problem will be resolved.

Nvidia makes good video adapters, but other then their video drivers, their bundled software is horrible, and completely unneeded. Windows firewall and networking do a much better job.

If these products aren't present, then I suggest you look at all installed software.

[fuzzmonkey]

I do have "Enable NAT/Firewall configuration in ICS/ICF" enabled in Bit Comet. On the vista pc I recieved results that listed both ports as open (I had to remove the exception from my laptop and add it to my vista pc b/c of the way the stupid router is set up... then i put it back). I only tested port 49152 to find out whether or not i was limited to local connections. When bit comet still listed the other port blocked, when I had tested and other software had listed it as open, I didnt download anything from it and simply switched back.

And I read about the nVidia firewall problem before I posted in this forum. While i never specifically installed an nVidia firewall I removed most of the nVidia software that was on my computer before I posted here. I will try removing the rest and see if it was hiding. IS NAT hidden or obscured or should it just be in add/remove programs?

Is there any software that can detect if I am behind more than one firewall? I considered installing zone alarm or another firewall just to see if it would detect and turn off any other firewalls, but so far the descriptions i have read just included detecting windows firewall.

Here is a pic of my add/remove programs, in case anything pops up that sends a red flag.

[kluelos]

If you do have another firewall, it will be a running process. You therefore need to look at Task Manager, at the list of processes. You'll need to identify all of them, using Google, and find that other firewall. You may well discover a lot of crap that you don't really want running, this way.

I'm not familiar with Vista but I gather that this is, for some reason, much more difficult than it is under XP. It is still what needs to be done.

[Vasy]

Hi!

You need to set a total of 4 rules in your modem for bitcomet to work properly on both computers.

As far as I know you can't use dmz on multiple computers, the sole purpose of that option is for apps using dynamic ports to communicate and a really bad idea to enable if you don't know what that means..

To get you started first in hand go here then go to firewall then firewall settings, just like you said you did before.

Click on "Add a new user defined app";

APP1: In the app name box write whatever you like(I recommend "bitcomet1tcp");

Select "tcp" as protocol;

Write the same number (higher than 59000) in both port range boxes;

Write 86400 in the protocol timeout box;

Map to host port: write the same number (higher than 59000) as you wrote in the port range boxes;

App type: leave "none";

Click "add definition" then "back"

APP2: Click on add user defined app again;

Write any name or "bitcomet2udp" in the app name box;

Set protocol to UDP;

Use the same ports as before in port ranges and hosted port.

Set Protocol timeout to 600.

App type: leave "none";

Click "add definition", then "Back"

For the rules 1 and 2: Select the first computer from the "Select computer" drop-down box (there should be two)

Look for the Apps created above in the "Applications" list (bitcomet1tcp and bitcomet2udp if you flowed my steps exactly);

Click on the firstly made app (bitcomet1tcp) then click "add" (make sure it goes in the second list "hosted apps")

Click on the secondly made app (bitcomet2udp) then click "add" (make sure it goes in the second list "hosted apps")

For the rules 3 and 4: Select the second computer from the "Select computer" drop-down box

Do the same as for the rules 1 and 2.

Select "Allow individual applications" (if it is set to DMZ)

Click done on the bottom of the page and use this app to test your port on both computers and write here any error message you receive.

If the ports are forwarded successfully go to bitcomet, click "Options" then Connection and write the port used on both of the apps above, hit apply and the green light should appear instantly.

Have a nice day!

Cheers!

PS: Make a bookmark of that page because, for your own security, you need to remove those rules each time you close BitComet.

[greywizard]

Ok Vasy, now you've got me a little confused:

...For the rules 3 and 4: Select the second computer from the "Select computer" drop-down box

Do the same as for the rules 1 and 2.

By "do the same as for rules 1 and 2" you mean the whole thing, right? That is, create another two custom applications for TCP and UDP, with a different port number than the first two apps, and bind them to the second computer, right? Because otherwise it would mean to forward the same port to both computers which I guess would confuse the heck out of the router.

In fact I've been meaning to ask you fuzzmonkey, have you done something like that? That is, forward a single port to both computers or maybe both ports to both computers? Because a port in the router can be used only by one computer at a time.

PS: Make a bookmark of that page because, for your own security, you need to remove those rules each time you close BitComet.

I'd say that's a real pain to do, every time you close Bitcomet. Since he uses Windows firewall on both computers all he needs to to is check the "Remove port on NAT/Firewall when exiting (XP/Vista only)". This way at BitComet's exit its ports will be closed in the Windows' firewall so even if they stay open on the router, no incoming connection on those ports will reach any of the computers.

LE: (As a side-note I've discovered that checking the above said option doesn't remove the eMule plugin's port mapping from Win ICF at BitComet's exit, though . But if you didn't forward that in the router that shouldn't bother you.)

As a bottom-line, if all this doesn't pan out, you will still need to do what kluelos said, but for that task I would recommend downloading and using Process Explorer instead of Windows' Task Manager since it shows much more details about running processes (like hierarchical structure, description, company name, path) and it will help you pinpoint much faster all those processes which are not belonging internally to Windows.

Edited August 26, 2009 by greywizard (see edit history)

[fuzzmonkey]

I am not sure what the heck the difference is, but once I changed all my exceptions to a port above 60000 it worked fine. Thank you for your help.

On a wierd note, when i was still trying to get port 49152 to work. The online port checker would list it as open, and PF port checker would list the udp port as open, but it would list the tcp port as being blocked.

I still think I have something in the background blocking access (because after being successful i tried to revert to the old numbers and they would not work), but aparrently whatever it is stops at port 60000.

Thank you for all your help.

[Vasy]

Ok Vasy, now you've got me a little confused:

I don't see how forwarding the same app for two computers confuses the router (think of it like this: you play age of empires on both computers, age of empires has a preset port number, so you can't change it and you forward the same port for both computers) . You cannot make an application to have both udp and tcp in that router so you need to make one for each. Also both (udp and tcp) applications must be forwarded for both computers thus making 4 rules.

I'd say that's a real pain to do, every time you close Bitcomet. Sincehe uses Windows firewall on both computers all he needs to to is checkthe "Remove port on NAT/Firewall when exiting (XP/Vista only)".This way at BitComet's exit its ports will be closed in the Windows'firewall so even if they stay open on the router, no incomingconnection on those ports will reach any of the computers.

There's no better firewall than an external one so disabling or leaving holes in it makes you a bit less secure. This depends on how paranoid about security you are and it's your decision to make.

The consequences are unforeseen and can be almost invisible, devastating, or not happening to you at all.

[Vasy]

I am not sure what the heck the difference is, but once I changed all my exceptions to a port above 60000 it worked fine. Thank you for your help.

It could have been another app using that port but that is out of the question if the pfportchecker tool did not give you a warning saying that. There's also the possibility that your ISP was blocking a range of ports that included yours.

Anyway if you have the green light on both computers your problem is solved and you don't need to care about that anymore.

Cheers!