Allowed but still blocked??

This is a weird thing…

I’ve allowed all traffic inside my LAN (using IP address range 192.168.1.1 - 192.168.1.255). Yet Comodo blocks all UDP and TCP traffic between two workstations, IPs 192.168.1.125 and 192.168.1.109.

What to check next?

How did you allowed? Have you made Global Rule?

Can you show screenshots of your Global Rules and Firewall logs?


http://img205.imageshack.us/img205/72/comodoglobalrules.th.jpg


http://img825.imageshack.us/img825/72/comodoglobalrules.th.jpg


http://img839.imageshack.us/img839/596/comodonetworksecuritypo.th.jpg

This is how I’ve set the rules. Also the two applications related to NFS sharing have been marked as trusted.

The global rule “Kotiverkko 1” allows all traffic from zone Kotiverkko to zone Kotiverkko. As you can see from the last screenshot, Kotiverkko is 192.168.0.100 - 192.168.1.255 as that’s where all the IPs of my LAN are.

EricJH, you replied to my other post requesting the screenshots. Since that post I have changed my network slightly but still no luck. For some reason, I’ve got two NFS shared folders which I can access but several other that cannot be accessed. All those folders have the exact same sharing and security settings set in Windows (XP Pro SP3).

The log file screenshot shows how UDP traffic between 192.168.1.109 and 192.168.1.125 has been blocked. Yet UDP traffic from 192.168.1.109 to 192.168.1.255 has been allowed? You can also see that HTTP streaming works (llink.exe).

Try this:

[b]Firewall → Advanced → Network Security Police → Global Rules then Add

Allow
TCP or UDP
In/Out
Source Address: Ip Range 192.168.1.109 to 192.168.1.255
Destination Address: Ip Range 192.168.1.109 to 192.168.1.255
Source Port: Any
Destination Port: Any
Apply[/b]

Then Move it at the top ( you have Move Up button at the right side)!
Should be work now.

Nope, still doesn’t work.

What is the IP address of your router?

I noticed you are defining your local network using an IP address and network mask. The network mask is the problem here. Change the network to 192.168.0.100/255.255.0.0 (an IP address with network mask) or to 192.168.0.100 -192.168.1.255 (an IP range).

It seems you may have wanted to define an IP range and used IP address/network mask format.

My base network currently consists of one ADSL modem, two wireless stations forming a bridge between two corners of my house. One wireless station (LAN IP 192.168.1.1) is connected to the ADSL modem (IP 192.168.0.254) with an Ethernet cable and it shows the WAN IP as 192.168.0.100. The desktop PC (IP 192.168.1.125) is connected to the wireless station with an Ethernet cable. The other wireless station acts only as a stupid bridge with LAN IP 192.168.1.2. The Popcorn Hour A-110 connected to it has IP 192.168.1.109.

I did try setting the IP range wide enough a jovan111p suggested but it didn’t help. The funny thing is that according to the log, UDP traffic seems to be allowed but TCP is blocked. The next thing I’ll try is edit my “Block all TCP/UDP in traffic” which is at the bottom of the list. I’ll add the LAN range there as excluded for both source and destination IP.

Reading the logs, I have a feature request. It would be nice to see which global rule triggers allowing or blocking traffic. It would make debugging much easier.

I just came here with the same problem, but before posting I removed all network zones. I then disabled and renabled my network adapter via windows. Comodo instantly picked up the network zone, and I choose to be fully acessible to other pcs on the network. Now my port is open.

I tried the global rule for the port based off the setting I use for uTorrent and uTorrent Web UI. canyouseeme.org reported the port was open though, but gmote, on my android phone, refused to connect to my PC. Now I am up and running!

I have noticed time and time again comodo seems very suborn about opening ports when ports are stealthed. I notice it can take days with out tweaking anything before it finally opens up.

Please make sure that both wireless station are set to bridge and not router.

I did the trick of removing all network zones and then restarting my network card and letting Comodo add the new network as trusted. It seems to have fixed the issue with the firewall as all requests are now allowed inside my LAN.

Now I only have to figure out why some folder can be opened over the LAN and some not :stuck_out_tongue: