So, If you have ESET Smart Security, which has powerful firewall built in, here are the steps I completed to get Borderlands Hosting working.

The Trick with most firewalls here, is that in general, Firewalls block ALL UDP traffic and most TCP Inbound requests. As a general rule out there, the person Hosting
usually sends the request outbound and creates the established connection, so the firewall generally see's your hosting as a request outbound from your machine.
Now, with Borderlands, for some reason, they didn't quite go that route, instead, the invite is sent, but the connection isn't twoway and therefore an established connection.
Instead the remote "client"/"friend" attempts to setup their own connection to you. Therefore from YOUR PC's perspective, it's and INBOUND request, which 99% of firewalls
will drop by default - this is a good thing though. So it's not your firewalls fault, it's poor network connection design by Gearbox or whoever did their middleware.

OK, now that it's explained, let me run you through how to set it up to work. Note, I did this all with ESET Smart Security 4 running on my new Windows 7 Home Premium.
This is essentially a setup config for Borderlands to work with ESET, but if you have another firewall, there's no reason why a similar setup wouldnt work too, albeit different steps.

Let me just quicly note the ports we want to configure:

TCP & UDP:
----------
1. 7777
2. 28902
3. 27900

TCP ONLY:
---------
4. 28900
5. 28910

So the result should be 5 Port Rules as seen above.


FIRST CLICK ON THE "SYSTEM TASKS" arrow and click on the ESET Icon.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture1.png

You're then presented with the options for the running task, select OPEN WINDOW
http://i228.photobucket.com/albums/ee8/leelo0270/Capture2.png

Now that the ESET SMART SECURITY 4 Window is open, look to the bottom left and change from Standard view to Advanced, click CHANGE.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture3.png

You'll be prompted to change modes, select YES.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture4.png

From here we select the SETUP icon on the left, followed by clicking on the PERSONAL FIREWALL hyperlink.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture5.png

You're then presented with the Firewall Menu Screen, look near the bottom of that window and click CONFIGRE RULES
http://i228.photobucket.com/albums/ee8/leelo0270/Capture6.png

You now see the Advanced Zone and Rule window. We want to create a new rule, so click NEW
http://i228.photobucket.com/albums/ee8/leelo0270/Capture7.png

The New Rule window is quite simple, we want to type in a Name for our Rule - I chose BorderlandsRule1,
you can type in anything you like, BL1 if you're lazy. The important thing here is to change the ACTION.
Change the ACTION from DENY --> to ALLOW.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture8.png

FROM THERE, though not highlighted (soz), You click on the LOCAL TAB @ the Top
Followed by ADD PORT
Then type in your Port number, the important one in this case being 7777 - click OK
http://i228.photobucket.com/albums/ee8/leelo0270/Capture9.png

Change to the REMORT tab and repeat the ADD PORT for 7777, then OK and OK to accept the rule.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture10.png

You Are then returned to the Zones and Rules Window, where - if you scroll through,
you should see the rule you just creatd. The green arrows indicating that it's in AND outboud.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture11.png

REPEAT THOSE STEPS TO CREATE ALL THE TCP&UDP PORT RULES AS STATED ABOVE. THERE SHOULD BE 3
OF THOSE ONES IN TOTAL.

FOR THE REMAINING 2 RULES, THEY ARE TCP ONLY, BELOW IS HOW TO CONFIGURE TCP ONLY:


Now we're creating the TCP Only Rule, follow the same Steps of clicking New, naming the rule and
changing the Action to ALLOW. However this time round, click on the [Select protocol] BUTTON.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture12.png

Protocol Selection defaults to TCP, which is great, all we need to do is click OK.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture13.png

We Now return to the Rule we're creating and we can clearly see that it only shows TCP, rather than TCP & UDP.
FOLLOW THE SAME STEPS AS ABOVE, to create the correct LOCAL Port Number ADD and REMOTE port number.
http://i228.photobucket.com/albums/ee8/leelo0270/Capture14.png


THE LAST THING WE NEED TO DO, IS TO ALLOW BORDERLANDS.EXE TO COMMUNICATE IN AND OUT.
While this may have already been done, by you being prompted after trying to Launch an online Game host,
It's probably best to create a manual rule that specifically allows Borderlands.exe to communicate.



We follow the same steps, from Zones and Rules, we click NEW and Name Your Rule.
Mine I named BORDERLANDS EXE - so that it's easy to identify in my rules list.
Change the ACTION to ALLOW. THEN Click on LOCAL
http://i228.photobucket.com/albums/ee8/leelo0270/Capture15.png


The LAST TASK! Simple enough, in the LOCAL TAB, I look to the middle of the window to find the [browse]
BUTTON, click on that and navigate through your system to where BORDERLANDS.EXE is installed.
In My case, it's a STEAM app and i navigate through the steamapps\common folder and choose the borderlands.exe file.
Click OK to Accept the rule and you're all done!!!!
http://i228.photobucket.com/albums/ee8/leelo0270/Capture16.png



I truely hope this helps, not just with ESET, but with all firewalls out there that people have configured.
The idea is simple, you have to allow TCP & most importantly some UDP ports to stream INBOUND to your computer.
If you have a different firewall, you could probably configure the same thing just using a different set
of steps to get there.

Enjoy the game, it's absolutely awesome.
The Duck

Thanks Mr Duck.

I'd kinda figured how to create rules, but clearly didn't have all of the rules and ports enabled.

I'll have to check whether this works later, when there's someone else online.

BTW, can you not just put the application into each of the port rules?

awesomem write up lee.

i wrote off eset when their agent wouldnt help one of my customers when we redid his machine.

BTW, can you not just put the application into each of the port rules?


I wish it were that simple, but no. Setting the application to do anything network wise is all well and good, but the firewall has no idea if an inbound network packet belongs to borderlands in this case since borderlands hasn't created that network connection itself (established connection it's called).

* I could get into the long and boring explaination of TCP sequence numbers for established connections and all that, but that would leave me having a one way convo again, talking in Forun (aka nerdtalk), so I'll skip it.

Generally speaking though - besides borderlands, you would get away with simply letting the applicaiton through and it would work.

oops, actually having read your reply again Dragz, I obviously miss-read it at first and may have missed the point you were making entirely.

You can secure it even MORE by setting those port mapping rules that you've created specifically to borderlands only, by doing just that, editing the rule and browsing (or copy/paste the path) and selecting borderlands for each of the 5 TCP/UDP rules.

*This will lock down the access even further in that it will allow those ports in and out, but only if Borderlands.exe is running.
- That is certainly up to you, it certainly is even more secure that way.