help with settings please?

[Guest]

[riftforce]

I downloaded the most recent copy of Comodo's firewall and it blocks me from any internet access.  I have 2 laptops and a desktop behind a Linksys router.   One laptop uses Comodo firewall straight download, basic configuration, works fine).  The other laptop uses a different firewall for now.  The desktop unit is the problem child right now.  It runs Windows XP on a home network.

     The problem is that no matter how I configure the firewall, I have to reset the router if I want to use the internet for more than one session.  I have the DHCP rule set from the message boards as rule number one.  Otherwise, there are three zones, one for the router and local network, one for the loopback zone, and a third for a private virtual network I am a part of.

     When I try to start a net connection with the firewall running, it times out any application I start.  If I start and stop the application, sometimes I can slip in a good connection.  Otherwise, I have to reboot my router in order to give myself access.  When I do get access, I am able to use my browser or check my mail, but not both, and once I use one application, I can't use anything else.  When I close that application and start it up again, I have to reboot the router again.

     I have tried setting up the different clean PC mode, safe mode, use the same configuration that works on the laptop, as well as going through the forums trying different rules that others have suggested.  If I set up an extra program such as Network Magic, I can generally use the net for short periods of time, but eventually, it will go back to forcing me to reboot the router.

     I have tried other firewalls, and they give me no hassle with the network or the internet.  I'm thinking it might be a configuration issue, but I'm not sure.  Please help.  I get no errors in the firewall logs of any kind and no messages from anywhere other than the browsers and e-mail programs time out waiting for a connection.

[Toggie]

Welcome to the forum riftforce.

To help out, we're going to need a little more detail. Would you mind posting screen shots of your firewall, Application and Global rules. Also, if you have captured any firewall log data, that too, would be useful.

[riftforce]

I have had to un-install the firewall temporarily so that I can actually use the net.  I'll set it up again tonight, but there has been no data captured by the firewall for any length of time when it was running.  I had the logs set for 10 MB each, and save it to a data file on the desktop in case I missed anything.  Never saw any information.

     The global rules were the default settings by the firewall when I installed it.  The only rule I had tried to add (to see if the network would work better was:

Action: Allow      Protocol: UDP
Direction: IN       Description: <blank>
Source address: <IP of my DHCP server as listed from ipconfig /all>
Destination address:  255.255.255.0 (my network mask)
Source port: 67
Destination port 68

That never made a difference.

As for the application rules:

     My browser (Opera), all system files and local network were set with full access.  The browser was also set up as a trusted application (seeing if the system would work better), but that didn't help.  Otherwise, all programs were given full access for the local network as well as internet if requested for now.  I'll get screen shots later if it will help.

[EricJH]

Can you post a screenshot of your Global Rules? Sometimes a picture says more than a thousand words.

Keep us posted.

[riftforce]

I hope these screen shots came through.  The one is a screenshot of the global rules that are defaulted when I started up the firewall again.  (In order to access the net, I have to uninstall the firewall completely).  The other screenshot is what I get when I try to access anywhere on the net if the firewall is operational.

[EricJH]

Can you repost both images. They are too coarse. I can't read what is in the Global Rules.

It is possible to take a screenshot of an active screen by pushing alt+print screen. That may help with the image of the Global Rules. Can you save the image as 32 bits PNG rather than 8 bits GIF? That would help to make them readable.

[riftforce]

Hope these are a little more readable now.

[Toggie]

Hi riftforce. With those global rules you may have difficulty connecting to virtually everything. ideally, you should allow IP OUT ANY ANY ANY and make it the first Global rule. Following that you may want to take a look at your Application rules. Think about how the firewall works:

Application ---> Application Rule ---> Global Rule ---> Connection
Connection ---> Global Rule ---> Application Rule ---> Application

If there is a block point in either Application or Global rules you will not be able to connect.

Your current Global Rules specifically allow connectivity to your LAN and provide for local loopback, not for Internet connectivity. However, in theory, you don't actually require any Global rules.

[riftforce]

I will give it a try.  I ended up having to delete the rules and tried to re-install the application from scratch, but those are the same rules it gave me.  When I did manage to connect to the net, everything worked (for maybe 5 minutes).  After I shut down any application, I was no longer connected to the net.  Hope this works.

[EricJH]

Can you again show us your Global Rules and the application rules for your browser?

[riftforce]

Global rules and 3 screenshots of the app rules.  My question now is that if I start a new application that wants internet access, will it ask me for it before heading out, especially since global rule #1 now is to allow any IP with any protocol out to the net?  I do some downloading of different programs and don't want spyware or programs to data mine and phone home with it.

[Toggie]

Hi. Change the first Global Rule to IP and not TCP or UDP.

All you are doing here is creating a defined window through which communication may take place. It does not automatically allow all services and applications access. For any given service or application to access the Internet, it will also need an Application Rule.

In future, whenever a new service or application requires outbound access, you will receive an alert.

[EricJH]

Your Global Rules need the basic block rule at the bottom of the list. Make a new rule with the following:
Action: Block
Protocol: IP
Direction: IN
Descrption:

Source Address: Any
Destination Address: Any
Source Port: Any
Destination Port: Any
Apply. Now drag the rule to the bottom of the list. This may not help with your problem but needs to be set straight as you firewall needs to block unsolicited incoming traffic at one point.

You have used different firewalls and other security programs in the past I understand. May be there are left overs from uninstalling them.

We are gonna take a look to see if there are some old drivers of your previous security program still around. Go to Device Manager --> View --> show hidden devices --> now look under Non Plug and Play drivers --> when you see a driver that belongs to your previous security programs click right --> uninstall ---> do this for all drivers --> reboot your computer.

When the problem persists make sure there are noauto starts from your previous security programs download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

[riftforce]

     Ok, I added the bottom rule as suggested.  I also ran the device manager settings and the auto-run program.  My computer is surprisingly clean from any past firewalls and security programs I was trying at different times.  There were no traces of any program.

     I missed the previous message that explained the change needed for the first global rule, so I will change that the next time I am on that computer.  So with the change to the first global rule, adding the last global rule (blocking inbound IP), then leaving the remaining rules alone, that should fix most of my communication issues?

[EricJH]

Adding the basic block rule will most likely not solve your problem but it is needed in general. Keep us posted.

[Tags:]