Belkin Network USB hub blocked by firewall

I am using the Belkin Network USB hub to share my printer and external disk drive in my wlan network. But in the last weeks the connection is blocked by the comodo firewall. With disabled firewall it works still properly. I ve tried to reinstall the firewall but after some days the problem came up again.

The hub (ip 192.168.178.21) is connected to a wlan router (192.168.178.1) that also provides internet by nat service (firitz box) to the wlan.

I’ ve made global rules for the wlan zone:

  • Allow All Outgoing Requests If The Target Is In [WLAN]
  • Allow All Incoming Requests If The Sender Is In [WLAN]
    and rules in Application rules under System:
  • Allow System To Send Requests If The Target Is In [WLAN]
  • Allow System To Receive Requests If The Sender Is In [WLAN]

[WLAN] Zone:
IP Address Mask 192.168.178.19 255.255.255.0

If i turn the alert settings to medium it shows the following event:
Windows Operating System Blocked Source IP 192.168.178.21:19540 Destination IP 192.168.178.19: 19540 Protocol UDP

I got no idea which rule is responsible for the blocks . It worked fine over month with these settings so I hope someone can help.

Can you tell me what device is on IP address 192.168.178.19?

Do you have in Global Rules a rule “Allow IP out from IP Any to IP any where protocol is Any”? It not make it and make sure it above the basic block rule (red icon) at the bottom.

Thats the IP of the computer that should access the devices connected to the hub. In order to block Incoming and outgoing request of a further virtual System I added a new Network zone [MyIPs]:
Single Address 192.168.178.19

So the complete global rules are now:

  • Allow IP Out From In [MyIPs] To In [WLAN] Where Protocol is Any
  • Allow IP Out From In [MyIPs] from IP Any to IP any where protocol is Any
  • Block ICMP IN From IP Any to IP Any where ICMP Message Is ECHO REQUEST
  • Allow IP IN From In [WLAN] To In [MyIPs] Where Protocol is Any
  • Block IP IN/Out from IP Any to IP any where protocol is Any

By the way Internet is still working so it seems that the incoming data IP is translated by nat to the router address within the WLAN. If it is so how can ICMP Message Is ECHO REQUEST be allowed for devices in the WLAN? Perhaps changing the rule to “Block ICMP IN From IP 192.168.178.1 to IP Any where ICMP Message Is ECHO REQUEST”?

The incoming event message still appears:
“Windows Operating System Blocked Source IP 192.168.178.21:19540 Destination IP 192.168.178.19: 19540 Protocol UDP”
So I’m still not able to connect the printer to my computer. If i ping 192.168.178.21 I get an aspected normal answer.

Another thing that I noticed is a incoming firewall event regarding to the child safety system of the nat router:
“Windows Operating System Blocked Source IP 192.168.178.1:4246 Destination IP 192.168.178.19: 14013 Protocol UDP”
After deactivating the router setting (I’ve no use for it) it doesn’t appear again but I even haven’t aspected the bocking.

For now I need to know what IP addresses are in the My IP zone. Can you post a screen shot of your Global Rules?

[MyIPs] Zone:
Single Address 192.168.178.19

A screen shot of the Global Rules is (hopefully) attached.

[attachment deleted by admin]

Try moving down the ICM[ Block rule one down. You should have the two block rules at the bottom. Does that help?

No, I’m sorry. It also does not work with a rule “Allow IP IN/Out from IP Any to IP Any Where Protocol is Any” (so the global rules are superfluous) at the top. The global rules does not seem to be responsible for the blocking.

In my opinion I don’t need these rules:

  • “Allow IP Out From In [MyIPs] To In [WLAN] Where Protocol is Any”
    because “Allow IP Out From In [MyIPs] From IP Any to IP Any Where Protocol is Any” match this too.
  • “Block ICMP IN From IP Any to IP Any where ICMP Message Is ECHO REQUEST”
    because Incoming request from the internet are blocked by the nat router.

My Problem is that the request to the hub is going out proper but the incoming answer is blocked by comodo firewall (after deactivation it works fine). Also defense+ should not responsible for that, cause after disabling it doesn’t work, too. So what rule throws the event “Windows Operating System Blocked Source IP 192.168.178.21:19540 Destination IP 192.168.178.19: 19540 Protocol UDP” on alert setting medium or above?

If you like to take a look at the application rules:
System:

  1. “Allow IP Out From From IP Any to IP Any Where Protocol is Any” (I don’t like that rule)
  2. “Allow System To Receive Requests If The Sender Is In [WLAN]”

connect.exe (the hub application):

  1. “Allow UPD In From IP In [192.168.178.21/255.255.255.0] To IP Any Where Source Port is Any” And Destination Port Is Any" (ports have no been automatically included)
  2. “Allow IP Out From IP Any to IP Any Where Protocol is Any” (I don’t like that rule, too)
    Replacing these rules by “Allow IP IN/Out from IP Any to IP Any Where Protocol is Any” also doesn’t work.

I agree you don’t need the “Allow IP Out From In [MyIPs] To In [WLAN] Where Protocol is Any” rule. It gets overtaken by the second rule.

You do need “Block ICMP IN From IP Any to IP Any where ICMP Message Is ECHO REQUEST”. This is the basic block rule. Without it the firewall function is non existent.

The rule for System is fine. Don’t touch it

What is the function of the connect.exe application? Try making it trusted for now and see what hppens.

“Block IP IN/Out from IP Any to IP Any where Protocol Is Any” at the button should also match but I’ll leave it.

That is the Hub control center where i can connect the usb devices via LAN to the computer. The program documentation for Windows Live OneCare, Mcafee Security Center 2007, Norton Internet Security 2007, Trend Micro PC-cillin Internet Security 2007 and Zone Alarm says NUHCC (Out): TCP should be enabled outgoing for ports 19540 to 19540 and NUHCC(IN): UDP should be enabled incoming for port 19540 to 19540.

“Allow All Requests” is now added at top of the trusted application connect.exe but the problem unfortunately remains.

After adding a new Application rule for “Windows Operating System” (selected from running processes) it works proper again:
“Allow UPP In From IP 192,168.178.21 To In [MyIPs] Where Source Port Is 19540 And Destination Port Is 19540”

So the problem seems to be resolved and further Windows Operating System events can be handled similarly :slight_smile:

In order to restore the firewall defaults I’m just thinking about the need to ad a bottom block rule for “Windows Operating System” cause there may be a reason that it haven’t been detected as application automatically.

Thanks for your interest and help.

Windows Operating System doesn’t need a block rule. Global Rules do need the block rule.

Just for my curiosity. Usually the rules for system mirror the Global Rules. Since you added a rule for System I am wondering whether that got mirrored to Global Rules as well. Could you take a look and see?

“Windows Operating System” is the root process to “System” (There the Stealth Port Wizard adds rules in “Application Rules”) in the process list. So the rule i added to the application “Windows Operating System” minors the global rules regarding the application.
So an incoming request is affected i just take a look at the incoming rules now.

zone [MyIPs]:
Single Address 192.168.178.19 (the static computer IP address in the private network)

[WLAN] Zone:
IP Address Mask 192.168.178.19 255.255.255.0

“Global”:

  1. Allow IP IN From In [WLAN] To In [MyIPs] Where Protocol is Any
  2. Block ICMP IN From IP Any to IP Any where ICMP Message Is ECHO REQUEST
  3. Block IP IN/Out from IP Any to IP any where protocol is Any (removing this has no effect to the former problem)

“Windows Operating System”:

  1. Allow UDP In From IP 192,168.178.21 To In Any Where Source Port Is 19540 And Destination Port Is 19540

“System”:

  1. Allow System To Receive Requests If The Sender Is In [WLAN] <=> Allow IP IN From In [WLAN] To In Any Where Protocol is Any

“connect.exe”:

  1. Allow UPD In From IP 192.168.178.21 To IP Any Where Source Port is Any

Does the “Windows Operating System” rule minor “System” cause of the process hierarchy?