Xbox 360 Live tutorial

[Guest]

[Little Mac]

I have installed version 2.4 and set up the rule as stated in the first post and I still can't connect my Xbox 360 to Xbox Live, it fails during the test connection at the IP Address.

How do I allow IGMP on the 'network'?

Aspie,

Do you remember setting up your "trusted zone" prior to creating the rules for XBox?  That "trusted zone" is your "network".

You'll need to add another two rules  (one In, one Out) to your Network Monitor, virtually identical to those two trusted zone rules.  Here's where they will vary:

The "Protocol" on both will be "IP."

Under the "IP Details" tab, you will select "IGMP."

That will allow IGMP between those connection points; ie, your "network."

LM

PS:  If you need more specifics for those rules, just ask, and I will provide... 

[Little Mac]

I sincerely apologize for bringing this post back out, as I see it has not been active for around a month or so...

I've been trying to figure this out for awhile now and I just came across this post.

I am quite unfamiliar with firewalls and networking, so I apologize for my ignorance...But what exactly do I need to do to define a new trusted network zone..I mean what IP Addresses do I need to use?

Thanks for any input, and once again I apologize for my late joining of this thread...

It's not too difficult, and we can help you with that.  First, can you explain a little about your situation?

How many computers do you have connected together? 

Do you use a router, etc?

Are you on dial-up, or a high-speed connection (DSL, cable, etc)?

What operating systems are used on the computer(s)?

And lastly, what version of CPF do you have?

There may be some more questions, but that will get us started.  That way we can walk you through the process, step by step, in a way that doesn't confuse...

LM

[Aspie]

So the two new rules should read?:

ALLOW IP IN FROM IP Zone: [Xbox] - 0.0.0.0/255.255.255.255 to IP [Any] WHERE IPPROTO is IGMP

ALLOW IP OUT FROM IP Zone: [Xbox] - 0.0.0.0/255.255.255.255 to IP [Any] WHERE IPPROTO is IGMP

[Little Mac]

So the two new rules should read?:

ALLOW IP IN FROM IP Zone: [Xbox] - 0.0.0.0/255.255.255.255 to IP [Any] WHERE IPPROTO is IGMP

ALLOW IP OUT FROM IP Zone: [Xbox] - 0.0.0.0/255.255.255.255 to IP [Any] WHERE IPPROTO is IGMP

Aspie, the Source/Destination positions need to switch, dependent on whether the traffic is In or Out.

Thus, your rule for In is fine; the Out rule needs to change to the following:

Action:  Allow
Protocol:  IP
Direction:  Out
Source:  Any (or your computer's IP address)
Destination:  Zone: [Xbox]
IP Details:  IGMP

OK.  Reboot.

Also, if your two rules to allow traffic on the network are in the same order as the two you posted above, that may be your problem...  I'll explain about the Source/Destination thing.

When traffic is going Out from your computer, your computer is the Source (local), and where the traffic is going is the Destination (remote).

When unsolicited traffic is coming In to your computer, the location it is coming from is the Source (remote), and your computer is the Destination (local).

I recommend m0ng0d's excellent tutorial on how to understand Network Control Rules.  It was written for an earlier version of CPF, so some of the wording is different; but the concept is the same.

Hope that helps,

LM

[Aspie]

I set up the rule like you said. First time I tried Xbox Live and it connected fine. Second time I tried it again failed at the IP Address test. I tried switching the rule around and put the OUT rule before the In rule and it still won't connect.

I think I may have to just give it up as a bad job and just resort to turning off the firewall while I connect to Xbox Live and then turning it back on again.

[Little Mac]

I set up the rule like you said. First time I tried Xbox Live and it connected fine. Second time I tried it again failed at the IP Address test. I tried switching the rule around and put the OUT rule before the In rule and it still won't connect.

I think I may have to just give it up as a bad job and just resort to turning off the firewall while I connect to Xbox Live and then turning it back on again.

Aspie,

Will you capture a full-screen screenshot of your Network Monitor, and post it here?  That will help a lot, to see exactly what rules you have (you can mask out IP addresses & other personal info that may be there; just leave enough of IP addresses to show a match where needed).

Also, will you go to CPF's Activity/Logs (with XBox running, and trying to connect); right-click and select Export to HTML.  Then you can copy/paste text from that (showing XBox's connection being blocked) into your post.  Again, you can mask out IP addresses, etc.

TNX,

LM

[RKCole]

Hello and thanks for the response.

I am using only one computer which is connected directly to my cable modem (high-speed Internet) via USB.  The Xbox 360 is connected to my computer via an Ethernet connection.  My computer is running Windows XP Pro SP2 and I am running CPF Version 2.4.16.174.

I am quite ignorant when it comes to firewalls and networking, but I'm slowly learning.
Thanks for any help in advance.

[Aspie]

Just tried connecting to Xbox Live and it worked fine this time. Here is my network monitor



I have three log entries as my Xbox connected.

Log 1


Log 2


Log 3


Are these because I have it set up to stream music from my PC?

Thanks.

[Little Mac]

Aspie,

Everything looks in order with your Network Rules; nothing is obviously out of whack.

On the Log entries, those are related to WMP running.  OLE is a legitimate operation, and relates to applications/services sharing resources and communicating with each other. 

A real-life example is if you link a chart from Excel into a Word document, so that the Word doc updates to the latest information in the Excel chart every time the doc is opened.  This is an OLE operation.

However, it can also be used by malware to hijack your system.  What CPF monitors is if that sort of activity happens with a program that has internet access.  Doesn't mean it's malware, just that it is an unknown activity and you need to approve or deny it.  If you deny, you will lose your internet connection (most likely until a reboot).  If you approve, it will only last for that session.  If you select "Remember" with either, obviously you will create a Rule in the App Monitor.

Generally svchost & services are safe to allow; in fact, if you block svchost, you won't be able to update your internet connection.  You might check to make sure you don't have "Block" rules in place for these in your App Monitor.

LM

[Little Mac]

Hello and thanks for the response.

I am using only one computer which is connected directly to my cable modem (high-speed Internet) via USB.  The Xbox 360 is connected to my computer via an Ethernet connection.  My computer is running Windows XP Pro SP2 and I am running CPF Version 2.4.16.174.

I am quite ignorant when it comes to firewalls and networking, but I'm slowly learning.
Thanks for any help in advance.

Okay, should be easy enough. 

Pandlouk's first post in this topic explains how to run the Network Wizard in CPF, to set up your XBox as a trusted Zone.  This should enable/allow all traffic between XBox and your computer, for the purpose of internet connectivity.  Presuming, of course, that you've gone through XBox's instruction to set up your computer for using it as a Gateway for the connection, Internet Connection Sharing, etc (which is what you're doing).

Then after setting up the trusted zone/network for XBox, you will add the two Network Monitor rules that Pandlouk posted; this will set up the ability in CPF for the communication from the Zone to take place both In and Out from the internet.

Be sure to reboot following these things.

Any questions after doing that, just post back.

LM

[RKCole]

I'm going to attach a screenshot of my Network Monitor configuration.  I think I have it set up correctly, but the Xbox 360 fails the IP Address test.

It all works when the firewall is off, but I typically do not like to have the firewall down.

Thanks for all of your help.  I am very appreciative.

Take care.

[RKCole]

Sorry...got so ahead of myself that I forgot to post the screenshot.

[Little Mac]

RKCole,

Thanks for the network screenshot.  That helps; in some ways, at least... 

You've got a couple rules in there (IDs 5 & 6) that I'm not sure how they got there, and would appear to be loose from a security standpoint.  Also, at this point, your Zone rules for XBox should be IP Any rather than IGMP; we only want to add IGMP explicitly if it doesn't seem to be working otherwise (it should be encompassed implicitly by the IP Any rule).

So, here's what I'd like to propose, since you said you're new to this stuff, and trying to learn.  It'll take a little bit of your time, but in the long run I think will make things easier for you. 

One of the Mods, AOwl, has made a very good video tutorial on how to install and configure CPF.  It is located here:  http://forums.comodo.com/index.php/topic,4766.0.html  That will take you through, step by step, with screenshots and detailed instructions, for installation, setting up a zone/network, trusted applications, etc.

My recommendation is to watch the video, then uninstall CPF, reboot, and reinstall, following the video guide.  I know that sounds like a pain, but CPF's install is so quick and simple, the most time-consuming part about it is the reboot.    That way, you start completely fresh, and are walked through step by step.  Using the Wizards automates the process, and takes some (most, if not all) of the headache/hassle out of it. 

If you absolutely prefer not to reinstall CPF at this point, well obviously I can't force you to  , and we can take on the details of getting everything fixed.  I really think it will be quicker to do a quick "do-over" and follow AOwl's video.

LM

[RKCole]

No, I don't see a problem in reinstalling.  I know some would think it is too time-consuming and so forth, but I always find that the best way to learn is through repetition and hands-on experience.  It will be a good learning experience as I am one who has a fondness for personal education.

I don't know exactly when I will be able to do this yet as my wife has some things she needs to do online, but is it alright if I post back when I get the chance?  Hopefully it will not be too far off from now.

Thanks for the help.  I am definitely very glad that I switched to Comodo.

Thanks again.

[Little Mac]

No problem, RKCole,

Just post back when you're able.  It'll pop up in my list of topics, that you've responded, and I'll get to it asap.

LM

[Tags:]