Author Topic: Firewall blocks ssh connection to VMware bridged guest over WiFi  (Read 178 times)

Offline qwerty9437

  • Newbie
  • *
  • Posts: 8
Please help with subject.
VMware Host is Windows 10, guest Ubuntu connected over bridged network. Host connected to network over WiFi. I can access guest from host in explorer and copy/paste files over samba, but SSH communication timed out if Comodo firewall is enabled.   
It is working with wired connection.

Is it issue with firewall or with WiFi (Intel AC-9560) ?
« Last Edit: July 06, 2019, 03:35:27 AM by qwerty9437 »

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11719
  • Linux is free only if your time is worthless.;-)
Re: Firewall blocks ssh connection to VMware bridged guest over WiFi
« Reply #1 on: July 06, 2019, 07:49:49 AM »
Check the logs and see how and why it was blocked.

Post the results back here.

Cheers,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline qwerty9437

  • Newbie
  • *
  • Posts: 8
Re: Firewall blocks ssh connection to VMware bridged guest over WiFi
« Reply #2 on: July 06, 2019, 09:01:59 AM »
Log is empty. I have cleared log, then try ssh and see timeout, then refresh log and nothing. Is there any other logging besides "view logs" ?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4285
Re: Firewall blocks ssh connection to VMware bridged guest over WiFi
« Reply #3 on: July 06, 2019, 11:22:04 AM »
A known bug that probably will never be fixed, due note it only affects TCP connections outside the MS file sharing ports and I think some of the netbios ports 135-139. And as you have noticed only occurs when using a WiFi adapter, no issues using a wired NIC.
 
https://forums.comodo.com/format-verified-issue-reports-cis/tcp-connection-to-guest-from-host-via-vmware-bridge-networking-blocked-m1727-t113467.0.html

Btw which version of VMWare workstation are you using? I can't use any thing newer than the 12.x version series, so I wonder if the bug still applies to the newer major versions.

Offline qwerty9437

  • Newbie
  • *
  • Posts: 8
Re: Firewall blocks ssh connection to VMware bridged guest over WiFi
« Reply #4 on: July 07, 2019, 08:38:44 AM »
VMware 15.1.
Thanks for info. But it is kind of strange because I am connecting perfectly with Ubuntu guest samba server (SMBv2) from explorer.
It is interesting to see if someone with non-Intel Wifi have this problem.

PS It seems there is no hope to have it fixed or get workaround, as it exists so long time :(
« Last Edit: July 07, 2019, 08:59:07 AM by qwerty9437 »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4285
Re: Firewall blocks ssh connection to VMware bridged guest over WiFi
« Reply #5 on: July 07, 2019, 09:05:22 AM »
VMware 15.1.
Thanks for info. But it is kind of strange because I am connecting perfectly with Ubuntu guest samba server (SMBv2) from explorer.
It is interesting to see if someone with non-Intel Wifi have this problem.

PS It seems there is no hope to have it fixed or get workaround, as it exists so long time :(
Yes only TCP ports 135-139 and 445 work, but all others are blocked. There is a workaround which I forgot to mention, you need to add an application rule for Windows Operating System and add an allow out rule or set it as an outgoing only ruleset. In order to add WOS you need to use running process option at the new firewall application rule window.

Offline qwerty9437

  • Newbie
  • *
  • Posts: 8
Re: Firewall blocks ssh connection to VMware bridged guest over WiFi
« Reply #6 on: July 07, 2019, 09:24:53 AM »
Thank you very much. It is working after applying this rule (even IP output to single address and single port).

Special thanks for mentioning how to find "Windows Operation System", I saw many references to it in forum, but never figure out how to get it. :)

Ooops single address/port does not work (just forget to press Ok :)). Only narrow rule is IP output with destination set to network zone. Neither IP to address nor to mac address rules are working. Very confusing.

Also logging for this rule does not work.
« Last Edit: July 07, 2019, 10:04:09 AM by qwerty9437 »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek