Can't connect to network drives

Hi,

I’m having a little problem with latest CIS on XP SP3 - I can’t connect to any mapped network drive when the firewall is enabled.
I double checked that any rule that blocks something also logs connection attempts.
However when I try to connect to the mapped network drive, Windows says “The network path was not found” , but nothing appears in the firewall log - so I can’t determine what the firewall blocks (and it surely blocks something without logging, because I can connect if I disable the firewall).

Is there some tool that can log connections for a short period to a txt file so that I can disable the firewall and see what connects to what? Or some other way to solve this?

thanks

hi there,
not sure if this is a good idea, but i made an allow global rule for 192.168.0.1-192.168.0.255 and i can connect to network drive.

allow IP in/out
from [ip range] = 192.168.0.1 - 192.168.0.255
to [ip range] = 192.168.0.1 - 192.168.0.255
any
any

hope it works on you :slight_smile:

[attachment deleted by admin]

thanks for the reply but I already have global rules (above all others) that allow both TCP/UDP and ICMP in/out from any IP/port to the network drive IP/any port.

but you don’t have the exact same rules as mine,why don’t you try it? ;D
i’ll ask some other mods to help you,hang in there :-La

Hi There,

Can you please check your Network Policy and check the application “System” this should allow outgoing traffic to TCP 139/445 for MS Sharing.

If that doesn’t work try to disable “Block fragmented packets” In Attack Detections.

thanks Ronny !
That solved the problem, I allowed TCP/UDP out to network drive IP on all ports.

BTW what the heck is “system” ? Which executable is that? There is also “Windows operating system”.
Is it possible some blocked application to use any of the above to establish a connection to something else?

System is just “below” Windows Operating System", if you go to Defense+ and select “View active processes list” you can see how it’s chained to it.

On a “default” setup there is a rule for system, not for WOS (Windows Operating System), what rules do you have for it ?

for WOS I have the following rules:
Allow UDP Out from IP any to any, source port any, dest port 389
Block and log UDP Out from IP any to any, source port any, dest port 992

As far as I remember first is for UDP and second for telnet, not sure if I created those rules or they came from some default configuration.


The problem with connecting to network drives was resolved with your advice (allowing “System” TCP/UDP out connections to drive IP) for Windows Explorer. However my preferred file manager DOpus still can’t connect although I added the same rule for it. But that’s not a big issue, I can live with Explorer.
Thanks again.

You shouldn’t need any rules for WOS as it is a non existent object. The only reason WOS is used is for situations when a request is received for which there is no corresponding application end point, at that instant WOS handles the request, generally with a block.