Author Topic: Current 2.4 Solutions to Firewall issues  (Read 83765 times)

comicfan2000

  • Guest
Dreamweaver FTP 0 bytes
« Reply #15 on: January 25, 2007, 05:18:22 PM »
Question

I am trying to use dreamweaver on a local net work and althought it says it is transfewring files all it does it transfer 0 bytes with the firewall on.

If I turn it off works perfecty well and does as I espect.

I am transfering across my local net works from my XP machine to a sun sparc machine.

What have I get set up wrong on the firewall?

Answer
Solved it by turning off the advance security check
« Last Edit: January 25, 2007, 05:28:52 PM by comicfan2000 »

comicfan2000

  • Guest
Local Apache Server not accessible with CPF ON
« Reply #16 on: January 25, 2007, 05:22:42 PM »
Question

Greetings everyone,

I recently switched from Norton Internet Security to Comodo's Free Firewall. It's running much smoother and is great so far.

I'm also running an Apache server (Easy PHP) but other than myself, no one can access my server from outside. When I change the security of the firewall to 'Allow All' everyone from outside can access my server no problemo.

Now I have added the apache server to the known list and allowed all connections to it, but it still wont work. With Norton I did the same and it used to work there.

Anyone have any tips as to what I can do? I don't want to uninstall this great firewall, but I do need to run my server. Every help is appreciated!

Thanks in advance,
Testerer.


Answer

If your server is acting purely as a WWW server, then you'll need to create a rule allowing port 80 TCP inbound (assuming you have configured your server software to use port 80). Until this rule is in place, the default rules created by CPF will block all unsolicited inbound traffic, which is what a good firewall should do (Sorry, Mr. Norton  Wink)

Hope this helps,
Ewen :-)

 And yes, my server is just a www server and is running on port 80. With Norton you only had to add the apache server (.exe) to the trusted list and select allow all inbound/outbound traffic and you're done. I tried to do the same with CPF but I forgot the port thing <noob> hehe
I'll give that a try when I get back home and let you guys know if it worked.

It worked, port 80 is now forwarded and working like a charm



« Last Edit: January 25, 2007, 05:29:15 PM by comicfan2000 »

comicfan2000

  • Guest
skip/ learn parent
« Reply #17 on: January 25, 2007, 05:34:44 PM »
Question


What is the best way to control a software that opens a ie window to check for updates ?

For example I´ve Ccleaner and when I click the check for a new version feature it opens a ie window.
I´ve tried the i.e. rules with skip and learn the parent but still it allows the Ccleaner to open the window without comodo firewall prompting for an answer.

Answer
Solution found.
Remove and reinstall Ccleaner.
Prompts poping up. 



comicfan2000

  • Guest
Application monitor doesn't detect all outgoing applications?
« Reply #18 on: January 25, 2007, 05:42:54 PM »
Question


I have a question about the application monitor.  I have emule and it runs fine and I can download files.  I opened up ports in the Network Monitor for emule.  However, Comodo never asked me whether or not allow this application and I don't see any mention of it in the application monitor.  It does appear in my current connections.  I'm a little worried that if Comodo just lets emule access the internet, what else could it possibly let access the internet?  Any ideas?


Answer

Welcome to the forum
Have you scanned for known applications? I think Emule is a trusted application, and thats why you don't get bothered with popups. If another app is trying to use Emule to get out, you will get a popup.
You can get more popups if you want, and even for trusted apps if you go to security/advanced/misc and uncheck the "do not show alerts for apps certified by Comodo" and if you want more you can raise the alert frequency level slider.
Comodo's trusted apps list is "secret", so that malware can't add them self to it.
Hope this helps.


That fixed it!  Thanks for the help!  I'm appreciating Comodo more and more every day!

comicfan2000

  • Guest
Network blocked
« Reply #19 on: January 25, 2007, 05:46:00 PM »
 Question

I installed CPF to test it, using the default configuration, but with XP Firewall active. After rebooting I did not have access to the network. Even giving an application (Firebird) complete access or setting a global "Allow all" did not open the network access. Also disabeling XP Firewall did not change anything.



Answer

If you have a network/router you must go to security/tasks and "define a new trusted network".
There is no point to have XP firewall at the same time as Comodo firewall. You don't get better protected, and you only increase the risk for conflicts. And if you also have a router, even the router have an inbound firewall built in to it.
If it still doesn't work after you have made a trusted zone, and if you have the default rules after choosing "auto" at install, you might have to reinstall it. Just turn off XP firewall before you install.


  I tried first on e clean XP installation (backup installation) and it worked without modifying the default settings.

On my "work" installation it worked after the 2nd try (installation)!

Thanks a lot!

comicfan2000

  • Guest
Issue with Comodo & Microsoft Update
« Reply #20 on: January 25, 2007, 05:48:42 PM »
Question

Hi, im having a problem with Comodo & Microsoft Update.  Everytime i try to scan for updates on MS Update i get the following error code: 0x8024402C.  Now i have followed the steps and numerous articles that MS have suggested, but i still cant resolve the problem.  I have also tried clearing the application and componant sections in the firewall and allowing them access to the internet again, but this has made little difference.  I have also un installed Comodo and tried with Zone Alarm (Temporarily), and the problem corrected itself, so its a problem with Comodo.

Im using IE6 for MS Update


Answer

I only had the problem with windows automatic update, with no error message, just the windows update process stopping. I solved it by granting full access to the application %SystemRoot%\system32\wupdmgr.exe. No more problem after that. Hope that can help.



  Thanks, it worked a treat 

comicfan2000

  • Guest
Firewall blocks my IIS application
« Reply #21 on: January 25, 2007, 05:53:05 PM »
 Question

I am running the free Comodo firewall 2.3.6.81 on XP professional with IIS 5.1.  I am developing in Visual Web Developer 2005 Express.

You don't need IIS to develop in this IDE and I have no trouble launching and testing my app as I build.

Also, I have no trouble when I launch the site using IIS (outside of the IDE) in IE 7:  http://localhost/demo/.

But I cannot launch my web site in IIS when I use my IP address: http://XXX.XXX.X.X/demo.  (I can if I turn off the firewall, which, of course, I don't want to do.)

How do I give permission to my web site so I can access it using my IP address?  I don't know which to use: Application, Component or Network Monitor dialogs?  How do I specify the Application name in the Application Monitor?  The "application" is just a set of aspx files, no exe or dlls.  Same with the Component monitor dialog.  Do I give permission to an aspx file?  And as for the Network Monitor dialog, why would I have to give permission to my own computer?

Thank you.


Answer

Hello Jackson, and welcome to the forums.

It's strange that CPF would be preventing that... doesn't quite sound right.  We're talking about trying to access the site from the same PC running IIS, right?

I'm grasping, but I would try running the trusted zone wizard and let it add the 2 new network rules.

Did you "bind" your webs to the PC IP?  How are your headers configured?

 m0ng0d

In summary, if you can access it from within the IDE and by referencing it as localhost, the internal comms are OK, but if you reference it by your outward facing IP you can't.

If these are correct, I would assume that CPF is blocking the inbound request because there is no network monitor rule to allow an unsolicited request TO port 80 on your PC.

To manually add this rule, go to SECURITY - NETWORK MONITOR and use the following parameters in a new rule (assuming your web server is configured to use port 80);

Action : ALLOW
Protocol : TCP
Direction : IN
Source IP : ANY
Destination IP : YOUR IP ADDRESS GOES HERE
Source Port : ANY
Destination Port : 80 (or whatever port your sever is set to listen on)

If you're behind a router, you'll need to ensure that the appropriate port is forwarded to your internal IP correctly.

You shouldn't need to do anything else to get it to work, as the APSXs will load inside the browser. As the FW is configured to allow ingress to your server, actions based upon that approved request are likewise approved, so the app loaded by the index.htm page should, all things being equal, execute without requiring any further permissions.

Hope this helps,
Ewen :-)

Thank you both m0ng0d  and panic for your responses.

Yes, I'm trying to access the site from the same pc running iis.  But also, I have another computer here at home running off the same router.  Trying to access the site using the IP address seems to give the same results no matter which computer I'm using.

I tried the instructions to set up a SECURITY - NETWORK MONITOR rule that panic gave, and it worked.

I messed around quite some time after that to see if I could reconfigure the web site's properties and do without the rule, but suffice it to say that I ran out of patience before I really learned anything.

I think this rule is necessary, but I'm not really sure.  Anyway, it works.  Thanks lots. 


Ummm.... if it doesn't work without it and does work with it, then yeah, I'd say it's pretty necessary.  Wink

If you are only trying to access it from PCs on the SAME SIDE OF YOUR ROUTER AS THE SERVER, then you could always define a zone and set it as trusted. This will allow almost total communications on this side of your router to/from any device on the subnet described in the zone setup.

Always remember, if you are referencing a computer by the OUTWARDS facing IP address, any request for that publicly accessible address will go out onto the internet and then back in to the external IP, even if they're side by side and on the same subnet. If you post a letter to your wife it still goes out to the post office before coming back home.  Wink

Mind you, defining a trusted zone will automatically create two rules anyway.

In the words of Thomas Edison, "Damn the theory if the machinery works!"

Glad its resolved. I'll mark this topic as resolved and lock it.

Cheers,
Ewen :-)


comicfan2000

  • Guest
Help with CFW please
« Reply #22 on: January 25, 2007, 05:59:44 PM »
Question



Hoping someone can help with a problem I have with CFW.

I use a program called Echolink (a little like SKYPE but for Amateur Radio), now I can get the program to open up but there is a list of operators (nodes) and when I try to connect CFW refuses to let me, although the program has been allowed.

Each of the 'nodes' do have different IP addresses, so I was wondering what settings I need to implement, so as to allow the connections.

I suffered the same problems with Kerio, which is why I moved to ZA (which worked OK) but I much prefer CFW, if I could just get the settings sorted.

Thanks
Astro

Answer

Lets see if this helps.

Go to the program in the Application monitor click the program, then click Edit, in the Window that comes up with the rule settings click the circle that says allow all activities for this application, then check the following boxes, Allow Invisible Connection Attemps, and Skip Advanced Security Checks.

Justin..................

You are the man

Everything is working fine, just wish I was a little more knowledgeable when it comes to things like this.

Thanks a MILLION 

comicfan2000

  • Guest
Extra' files in C drive?
« Reply #23 on: January 25, 2007, 06:19:53 PM »
  Question

 I have this file : boot.ini.comodofirewall in my C drive (Screenshot available). I'm not really concerned, but I would like to know if it can be deleted, or is it a nessary file for CPF. Thanks for the help in advance.

Answer


It is the old boot.ini file backed up after activating Windows DEP. CPF does not use it, neither will Windows. You can keep it in another place or delete it.

Egemen

[attachment deleted by admin]

comicfan2000

  • Guest
Adobe Updater problem
« Reply #24 on: January 25, 2007, 06:27:46 PM »
Question

I tried to use adobe updater to check for updates, the application says it's waiting for an internet connection, however I'm never prompted to let it through.

Answer
Sorry once again, please mark this as resolved.  After doing some more checking I found the real problem.  It appears that IE7 breaks Adobe Updater.  Both computers with Comodo also have IE7.

comicfan2000

  • Guest
getting disconnected, pls HELP!
« Reply #25 on: January 25, 2007, 06:30:45 PM »
Question

ever since i installed comodo firewall i get disconnected from internet. sometimes only once a day,
other times every hour or so.
When that happens windows is trying to reastablish the connection, but always fail and i get
a "limited" connection. When i press "repair" it wont fix it.

The only way to fix the problem is by shutting down the firewall completely and press repair, then
it goes online again, and then i can start the firewall.

This is really annoying and i havent had to do this with any other firewall i have tested.

I am connected directly to internet via a cable modem, no routers or stuff.
And i have a dynamic ip...though it only changes the ip if i have been offline for one hour or so.


any thoughts of how i can fix this problem?...otherwise i have to turn to another firewall, and that
would be a shame, cause i really like this one.


Answer

Hey, zant, sorry you're having this problem.  Let's see if we can't get it resolved.

Three things to try, one at a time:

First, run the Application Wizard.  Go to Security/Tasks/Scan for known applications (lower right).  follow the prompts.  Reboot.

Check it all out, see if that works.  If not:

Second, go to Security/Advanced/Miscellaneous, and uncheck the box, "Do not show alerts for applications certified by Comodo", then move the Alert Frequency up to High or Very High.  OK.  Reboot.

This will increase your alerts; I'm thinking at some point you may have blocked svchost.exe (in fact, look in your Application Monitor to see if there's a block rule for it).  You can move your alerts back down later, when you want.  If that doesn't fix it:

Third, go to Security/Advanced/Application Behavior Analsys, and uncheck the box "Monitor DNS Queries."  OK.  Reboot.

See if that doesn't fix it.

Do them one at a time, so you'll know for sure what resolved it.  If none of these work, we'll dig into the logs.

LM

you were right. one of the svchost rules was set to block...working now...thanks 

comicfan2000

  • Guest
Home Network Issue
« Reply #26 on: January 25, 2007, 06:37:17 PM »
Note: This was was a bit lengthy and had multiple issues so I just linked it.   Onwards>>

http://forums.comodo.com/index.php/topic,5174.msg37979.html#msg37979


Paul




edit:  I added the code for the link to work; hope you don't mind  - LM
« Last Edit: January 25, 2007, 06:46:01 PM by Little Mac »

comicfan2000

  • Guest
Comodo Personal Firewall (CPF) blocks Nero Home
« Reply #27 on: January 25, 2007, 06:43:01 PM »
Question

When I have CPF turned off, Nero Home can view my UPnP Media Server that is running on the network. When I have it turned on, it can't find it.

 What can I do to trouble shoot this?





 Answer

If I where you I would go to security/advanced/misc, and uncheck "do not show alerts for apps certified by comodo", and check "skip loopback... TCP", and raise the alert frequency slider to the top.
Reboot and allow and remember everything with svchost and Nero home and so on...
Let us know how it goes.



Finally, success
doing what you said, after reboot, started poping up lots of svchost and so on popups from CPF and I allowed them all, and then Nero Home started working and was able to view my network UPNP media server





comicfan2000

  • Guest
Local Proxy
« Reply #28 on: January 25, 2007, 06:54:08 PM »
Question

I installed Proxomitron. It is a perfect web filter. He works as a local proxy. All incoming and outgoing conections of my browser pass through his local proxy. Yesterday I installed Comodo Firewall. After that I tried to surf Internet and browser report an error about what the proxy doesn't response. I made the Proxomitron as a Trusted Application but this doesn't help me.  How to resolve this problem?


Answer
After restart of computer  ALL WORKS! Thank you very much! 

comicfan2000

  • Guest
Weird NIC behaviour
« Reply #29 on: January 25, 2007, 06:56:20 PM »
Question

I've installed CPF on my gf's old computer and it worked fine. In December, she got a new computer and it did work fine until she had to buy a router to share the internet connection with the rest of the household. She couldn't get the type I recommended so she had to settle for a Linksys WRT54G-UK wireless router. She has ADSL that uses PPOE (Netopia 3000 Modem). I had problems trying to get the IP passthrough to the Linksys router (worked from the Netopia modem to one of her NIC's but not to the router). What I did then was to hook up her ethernet connection to the router (works fine) and use the USB connection as the IP Passthrough whenever she needed a VPN or wanted me to troubleshoot a problem on her pc when I'm not around.

The arrangement worked fine until sometime last week. Upon a reboot, she could only get connection on the NIC that went through the router. The second NIC (USB connection) would register an IP address of 169.254.xxx.xxx. I got her to disable CPF by chosing allow all and renew the IP or disable and re-enable. That caused the IP to be renewed and workable. However, the moment CPF is set back to the normal settings, the NIC disconnects, tries to get an IP address, fails and is thrown back to the 169.254.xxx.xxx address. I've removed and reinstalled CPF to no avail.

Now, she's stuck without a VPN as getting the linksys to first register the external IP through IP passthrough hasn't proved successful. For one, it doesn't have a setting for setting static IP addresses. Any advice/help would be appreciated.


Answer
Just wanted to say that I got the problem resolved. I had to go over and check on her pc paying particular attention to the logs once I turned on the firewall after disabling and re-enabling the NIC in question. Turned out one of the SCVHOSTE.EXE files were blocked upon closer scrutiny. Once I unblocked it, everything went smoothly. What I can't figure out is  Huh why would there be two different scvhost.exe entries for the separate NICS? Gosh, Microsoft is so weird with their implementations.   

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek