WiFi network problems

[Guest]

[Fred H.]

I have Internet Connection Sharing set up on my desktop, and it is connected to a WiFi router that shares out my internet connection. Essentially, I have made my own Security Enabled WiFi hot spot  (WEP/WPA key encoded). I then connect to the WiFi network with two laptops in my house.

I have set up a trusted network zone on the desktop and have added a rule to allow ICMP IN/OUT with this Zone as the destination and source.

Sometimes my laptops will connect and work fine.  Sometimes only one of them will connect, and sometime neither will connect. If I shut off the Network Monitor in Comodo, both will start working again and can connect fine. I can usually then turn Network monitor back on, and they will continue to work.  But it seems like if I reboot the desktop, then it stops working again. I have also tried shutting off Comodo altogether, and that will also allow them to connect again.

What am I doing wrong?  Do I need to add another rule and if so what should it be?

Also, since the WiFi router is physically turned off when I am not using it, do I even really need the Network monitor turned on the desktop, since it is not networked with any other computers? Would it be safe to just leave Network Monitoring off?

Any and all help would be most appreciated.

[panic]

I have Internet Connection Sharing set up on my desktop, and it is connected to a WiFi router that shares out my internet connection. Essentially, I have made my own Security Enabled WiFi hot spot  (WEP/WPA key encoded). I then connect to the WiFi network with two laptops in my house.

I have set up a trusted network zone on the desktop and have added a rule to allow ICMP IN/OUT with this Zone as the destination and source.

Sometimes my laptops will connect and work fine.  Sometimes only one of them will connect, and sometime neither will connect. If I shut off the Network Monitor in Comodo, both will start working again and can connect fine. I can usually then turn Network monitor back on, and they will continue to work.  But it seems like if I reboot the desktop, then it stops working again. I have also tried shutting off Comodo altogether, and that will also allow them to connect again.

What am I doing wrong?  Do I need to add another rule and if so what should it be?

Also, since the WiFi router is physically turned off when I am not using it, do I even really need the Network monitor turned on the desktop, since it is not networked with any other computers? Would it be safe to just leave Network Monitoring off?

Any and all help would be most appreciated.

Hey Fred,

There is one missing bit of info in your post. Is your router a router/modem or do you have a separate modem attached to your desktop?

Q1.
If your router is a modem/router combo unit, why are you running Internet Connection Sharing on your desktop. The two laptops should be able to access the internet directly through the routers wifi.

Q2.
If you have a separate modem, do you have it connected directly to your PC or directly to the router?

Q3.
If the separate modem is attached to your router, why are you running Internet Connection Sharing on your ......  see question above.

Q4.
If the separate modem is attached to your desktop, wouldn't it be better to attach it to the WAN port of your router (providing it has one, of course). This would eliminate the need for Internet Connection Sharing to be run on your desktop.

Cheers,
Ewen :-)

[Fred H.]

The modem is internal to the Desktop, which is why I am using Internet Connection Sharing. I have no other choice but to do it this way due to my physical hardware.

What I need to know is how to make internet connection sharing play well with Comodo.

[panic]

The modem is internal to the Desktop, which is why I am using Internet Connection Sharing. I have no other choice but to do it this way due to my physical hardware.

What I need to know is how to make internet connection sharing play well with Comodo.

Hey Fred,

Sorry, I was assuming an ADSL connection, not dial up.

To get ICS to work, you need to set up a zone and set that zone as trusted.

STEP 1
To set up a zone, click SECURITY - TASKS - ADD/REMOVE/MODIFY A ZONE. You will have to give the zone a meaningful name (like "Home LAN") and enter a start and end address for the zone. Typically this will be 192.168.1.1 - 192.168.1.255. Whatever the address range is, make sure that the address range includes  the address of your router. Click OK and you're done.

STEP 2
Cick SECURITY - TASKS - DEFINE A NEW TRUSTED NETWORK. Select the zone name we defined in step 1 and follow the bouncing ball.

At the end of the process, we will have create two additional rules in the NetworkMonitor that allow all traffic to and from devices with IP addresses that fall within the range we used to define the zone.

Let us know how this goes.

Hope this helps,
Ewen :-)

[Fred H.]

Thanks for the reply.  I had already done these two steps, and it seems to work, but only sometimes.

I took a look at the logs to see if I could make any sense of them. I see a bunch of UDP incoming violations when I try to connect the laptop to the WiFi net.

[Fred H.]

You know whats strange, is I can turn the Network Monitor off and then the laptop will connect, and then I can turn the Network monitor back on, and the laptop stays connected and works.

I was looking at the activity and there are a bunch of svchost processes that look like they are from the laptop connecting.

[panic]

You know whats strange, is I can turn the Network Monitor off and then the laptop will connect, and then I can turn the Network monitor back on, and the laptop stays connected and works.

I was looking at the activity and there are a bunch of svchost processes that look like they are from the laptop connecting.

double check your application monitor rules and make sure you dont have any rules that could block svchost.exe or services.exe. You could also turn on logging on the ZONE rules and see what traffic gets in and what traffic gets blocked.

Ewen :-)

[Fred H.]

Still can't get it to work.  If I add a trusted network, it will be able to connect fine until I reboot the desktop, then I have problems again.

Can I email you my log files to look at?  I really am out of ideas at this point and don't know what to try.

Thanks for your help,
Fred

[panic]

Still can't get it to work.  If I add a trusted network, it will be able to connect fine until I reboot the desktop, then I have problems again.

Can I email you my log files to look at?  I really am out of ideas at this point and don't know what to try.

Thanks for your help,
Fred

Hey Fred,

Open CPF, click on ACTIVITY - LOGS, do a right click somewhere in the logs windowand select "Export to HTML". ZIP the resulting file and post it back here for us to have a look at.

Before you do this, doa right click and clear the logs, and then change the network monitor rules so they are all logging. Then, go through the steps that you know cause the problem. After the problem has occured, do the export and then turn logging off for all rules except your BLOCK rules. This way we should trap whatever is stoping your laptops connecting.

Cheers,
Ewen :-)

[Fred H.]

Ok, I completly uninstalled Comodo, rebooted, turned off my virus program (AVG) and reinstalled version 2.4

I then made a new Trusted Network and ran the application wizard and rebooted again. Then I turned on alerts for ALL rules and tried to connect the laptop via WiFi.

Here are the resulting logs, (assuming I can figure out how to attach the html file to this post)

You will notice that the bottom three are GRANTED and the rest are policy violations.

<html>
COMODO Firewall Pro Logs
Date Created: 17:58:22 20-01-2007</h4></table>
Log Scope:: Today
Date/Time :2007-01-20 17:58:12
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.xx.xxx, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 169.254.xx.xxx:nbdgram(138)
Destination: 169.254.255.255:nbdgram(138)
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:07
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.xx.xxx, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 169.254.xx.xxx:nbdgram(138) 
Destination: 169.254.255.255:nbdgram(138) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:07
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.xx.xxx, Port = nbname(137))
Protocol: UDP Incoming
Source: 169.254.xx.xxx:nbname(137) 
Destination: 169.254.255.255:nbname(137) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:02
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.xx.xxx, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 169.254.xx.xxx:1065 
Destination: 239.255.255.250:upnp-mcast(1900) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:02
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.xx.xxx, Port = nbname(137))
Protocol: UDP Incoming
Source: 169.254.xx.xxx:nbname(137) 
Destination: 169.254.255.255:nbname(137) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:57:57
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.xx.xxx, Port = nbname(137))
Protocol: UDP Incoming
Source: 169.254.xx.xxx:nbname(137) 
Destination: 169.254.255.255:nbname(137) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:57:57
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.xx.xxx, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 169.254.xx.xxx:1065 
Destination: 239.255.255.250:upnp-mcast(1900) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:57:17
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = 192.168.0.255, Port = nbdgram(138))
Protocol: UDP Outgoing
Source: 192.168.0.1:nbdgram(138) 
Destination: 192.168.0.255:nbdgram(138) 
Reason: Network Control Rule ID = 0

Date/Time :2007-01-20 17:56:32
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = 64.233.xxx.xxx, Port = pop3-ssl(995))
Protocol: TCP Outgoing
Source: 70.196.xxx.xxx.xxx:1085 
Destination: 64.233.xxx.xxx:pop3-ssl(995) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 2

Date/Time :2007-01-20 17:56:32
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = 64.136.xx.xxx, Port = pop-3(110))
Protocol: TCP Outgoing
Source: 70.196.xxx.xxx:1086 
Destination: 64.136.xx.xxx:pop-3(110) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 2

[panic]

Ok, I completly uninstalled Comodo, rebooted, turned off my virus program (AVG) and reinstalled version 2.4

I then made a new Trusted Network and ran the application wizard and rebooted again. Then I turned on alerts for ALL rules and tried to connect the laptop via WiFi.

Here are the resulting logs, (assuming I can figure out how to attach the html file to this post)

You will notice that the bottom three are GRANTED and the rest are policy violations.

<html>
<head><META HTTP-EQUIV="Content-Type" content="text/html; ch****t=Windows-1200"></head>
<body>

<table width=100%% bgcolor=#CFCFE5><tr> <td> <font face=arial size=+2>COMODO Firewall Pro Logs</font></table>
<table width=* cellspacing=0 cellpadding=0><tr><td width=0 bgcolor=#EDEDF5>&nbsp;</td><td width=0 bgcolor=#FFFFFF>&nbsp;</td><td width=*>
<h4>Date Created: 17:58:22 20-01-2007</h4>
</table>
<table width=100%% bgcolor=#DFDFE5><tr><td><font face=arial size=+1>Log Scope:: Today
</font></table><table width=* cellspacing=0 cellpadding=0><tr><td width=0 bgcolor=#EDEDF5>&nbsp;</td><td width=0 bgcolor=#FFFFFF>&nbsp;</td><td width=*>
Date/Time :2007-01-20 17:58:12
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.46.176, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 169.254.46.176:nbdgram(138) 
Destination: 169.254.255.255:nbdgram(138) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:07
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.46.176, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 169.254.46.176:nbdgram(138) 
Destination: 169.254.255.255:nbdgram(138) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:07
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.46.176, Port = nbname(137))
Protocol: UDP Incoming
Source: 169.254.46.176:nbname(137) 
Destination: 169.254.255.255:nbname(137) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:02
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.46.176, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 169.254.46.176:1065 
Destination: 239.255.255.250:upnp-mcast(1900) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:58:02
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.46.176, Port = nbname(137))
Protocol: UDP Incoming
Source: 169.254.46.176:nbname(137) 
Destination: 169.254.255.255:nbname(137) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:57:57
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.46.176, Port = nbname(137))
Protocol: UDP Incoming
Source: 169.254.46.176:nbname(137) 
Destination: 169.254.255.255:nbname(137) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:57:57
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.46.176, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 169.254.46.176:1065 
Destination: Z.Y.X.250:upnp-mcast(1900) 
Reason: Network Control Rule ID = 7

Date/Time :2007-01-20 17:57:17
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = 192.168.0.255, Port = nbdgram(138))
Protocol: UDP Outgoing
Source: 192.168.0.1:nbdgram(138) 
Destination: 192.168.0.255:nbdgram(138) 
Reason: Network Control Rule ID = 0

Date/Time :2007-01-20 17:56:32
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = Z.Y.X.109, Port = pop3-ssl(995))
Protocol: TCP Outgoing
Source: X.Y.Z.243:1085 
Destination: X.Y.Z.109:pop3-ssl(995) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 2

Date/Time :2007-01-20 17:56:32
Severity :Low
Reporter :Network Monitor
Description: Information (Access Granted, IP = Z.Y.X.166, Port = pop-3(110))
Protocol: TCP Outgoing
Source: X.Y.Z.243:1086 
Destination: 64.136.28.166:pop-3(110) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 2

</td>
</table>
<table width=100% height=20 bgcolor=#CFCFE5><tr><td><font face=arial size=+1>End of The Report</font></table></body></html>
[

/quote]

Hi Fred,

I think I can see what the problem is, but I don't know why it's a problem.

The IP address that's mentioned (169.254.X.X) is the address range Windows uses to acknowledge NICs before their address is either assigned from the static info or assigned by DHCP. Ports 137 and 138 are use in setting up a local Windows peer based network. In combination, these two things indicate thatyour laptops get their IP address by DHCP.

As a test, can you try manually assigning an IP address on the laptops, ensuring that the assigned address is in the range you allocated to the zone.

Let us know how this goes.

Cheers,
Ewen :-)

[Fred H.]

Hi Fred,

I think I can see what the problem is, but I don't know why it's a problem.

The IP address that's mentioned (169.254.X.X) is the address range Windows uses to acknowledge NICs before their address is either assigned from the static info or assigned by DHCP. Ports 137 and 138 are use in setting up a local Windows peer based network. In combination, these two things indicate thatyour laptops get their IP address by DHCP.

As a test, can you try manually assigning an IP address on the laptops, ensuring that the assigned address is in the range you allocated to the zone.

Let us know how this goes.

Cheers,
Ewen :-)

I would, if I knew how to assign an IP address to my laptop, but you are over my head. How do I do that?

[panic]

I would, if I knew how to assign an IP address to my laptop, but you are over my head. How do I do that?

OK.
First thing is to establish what address range your desktop  PC is using, as your router and laptops will be in the same range.

1. On the desktop PC, click RUN and type in CMD in the run box. This will open a DOS-like window.

2. In the DOS window, type "ipconfig /all". This will show all IP details for that PC. We're looking for the section that deals with the network card that connects to the router.

3. In the section that deals with the NIC, it will show the currently assigned IP address. It will probably be something like 192.168.X.X or 172.16.X.X or 10.1.X.X). Write this address down.

4. It will also show a default gateway address and DNS server addresses. Write these details down.

5.In the DOS window, type "EXIT" and press ENTER to close the DOS window.

6. Post the IP addresses and gateway details back here.

I'm going to do this in chunks. Sorry for doing it this way, which will take longer, but I want to make sure we don't get ahead of ourselves at any point, and that you gain some understanding of each step in the process.

Cheers,
Ewen :-)

[Fred H.]

IP address is 192.168.0.1
Dhcp is DISABLED (I had to disable this to make the WiFi network function)
Default gateway is blank

[Fred H.]

By the way, this address is within the range of the trusted network I have set up.

[Tags:]