Can't connect to the internet

When CFP is not in ‘allow all’ mode, I can’t connect to the internet. The dialler for my cable connection is an exe called FWPortal.exe, and it has a rule saying it allows all TCP/UDP In/Out, yet the log shows it’s being blocked on a DNS attempt using UDP.

How can I make sure it can access the net, so I don’t have to disable the firewall to connect?

Thanks!

I haven’t been able to connect to the internet, but mine is a bit of a different probablem. It happens when there is not enough internet activity and the OS (WinXP Prof) has to poll the DNS server. When this happens Comodo automaticly blocks this and I get a limited connectivity warning. I’m read the logs when I repair the connection and all attempts by Svchost to reestablish a connection IP with the server are blocked. I cannot even change the setting to allow it. The only way that I can reconnect is to turn off comodo or turn off the application monitor.

I’m sorry if my post is not on topic with this thread. You can move it to a new topic thread if you want. I’m just not able to connect the internet sometimes when I’m reading something or what have you. Thank you for reading.

I’m not sure if I should be posting in a different forum. Did I post something that is easilible answerible? No one even bothered posting something in response to what I posted. I need help with this… Does anyone know maybe of somewhere else I can get help or another place to post in these forums?

What has really confused me is that no one posted anything.

Hi TehRockinR and ET3D
I’ll try and keep you amused until one of the experts come in. Maybe an edited post of your block logs might help.
I know zip about cable connections but I found this thread.
https://forums.comodo.com/index.php/topic,7733.0.html

When I first started using comodo I was getting limited errors all the time
I added 3 svchost rules to network monitor and seems to have fixed my problem.
https://forums.comodo.com/index.php/topic,7907.msg57573.html#msg57573

:■■■■

Can you post a maximized screenshot of your network monitor rules?

Ewen :slight_smile:

Can you post a maximized screenshot of your network monitor rules?

Ewen :slight_smile:


That’s the screenshot of my network rules. Ty, for the response.

Your network monitor rules look OKk. Can you clear your logs, get the problem to re-occur and then export the logs and post them here, so we can see exactly what is being blocked and why.

Cheers,
Ewen :slight_smile:

For some reason, I can’t seem to replicate the problem. I haven’t changed anything on the computer at all. I have this thread on my favorites. Would it be wise to just post my log when and if the problem returns?


The problem started occuring again. I had to exit the firewall so that I could connect back to the internet, by renewing my IP. Thanks for the help. :slight_smile:

Is that pic too small? It’s kinda hard for me to see it. It’s the host. Lemme know if I need to re post it somehow. :slight_smile:

The key would appear to be lines 3-12 and 24-25 in the logs - APPLICATION ACCESS DENIED (SVCHOST.EXE) and INBOUND POLICY VIOLATION from 192.168.1.15 (which I assume is your router).

The DHCP calls aren’t being blocked just by a network monitor rule, it looks like you have accidentally blocked access to “svchost.exe”, which is the executable that manages many things, including DHCP calls.

Check your application monitor for a BLOCK entry for “svchost.exe”. If there’s one there, change it to ALLOW.

ALso, make an explicit network monitor rule to allow inbound traffic from 192.168.1.15 to port 67 and move it to position ZERO in the network monitor.

Let us know how this goes.

Ewen :slight_smile:

There are no blocked programs in my application monitor. There are two exceptions for svchost with the parent “services.exe”. Both are exactly the same.

192.168.1.15 is another computer that is on the network.
192.168.2.40 is my ip address on the network at the moment.

This is a re-list of the other violations. (the ones not coming from the other computer)

Inbound Policy Violation (Access Denied, IP=192.168.2.1, Port = upnp-mcast(1900))
Application Access Denied (svchost.exe:255.255.255.255: :bootp(67))
Application Access Denied (svchost.exe:192.168.2.40: :dhcp(68))

BTW, wasn’t 192.168.1.15 trying to send packets to ports 137 and 138?
Why do you suppose the other computer keeps sending me those packets?

I am still not able to renew my IP address.

I need a bit more info, please.

Can you please describe how your lan is laid out.

Example 1 :
internet → modem → PC (acting as ICS host) → rest of lan
Example 2 :
internet → router → lan

If you have a router, what is its internal address (I’m guessing 192.168.2.1)?

What are the IP addresses of the PCs on your LAN?

Was the screen shot you posted from the PC you can’t renew the IP lease on (trying to figure out what you mean by “It’s the host”)?

Cheers,
Ewen :slight_smile:

“Host” was refering to the webhost for the image that I had linked in my previous post. I was wondering if it was too small for you to read.

Those are the only two pcs. IP addresses: 192.168.2.40 and 192.168.2.15

And yes 192.168.2.1 is the IP address for the router.

That was a screenshot from the computer that was having the problem.

My Computer
internet->modem->router->hub->PC

The other computer
internet->modem->router->PC

Was there any other information that you needed?

No, only more time is required. :smiley:

The reason you’re getting the alerts and blocks is because you haven’t setup a trusted zone to allow communications between the devices that make up your network.

To set up a trusted zone, do the following;

  1. Open CFP and click on SECURITY - TASKS - ADD.REMOVE/MODIFY A ZONE
  2. Click ADD
  3. Give the zone a meaningful name
  4. Enter 192.168.2.1 and 192.168.2.255 as the start and end addresses respectively and click OK
  5. Click OK to close the zones window
  6. Still in SECURITY - TASKS, click ADD A TRUSTED NETWORK
  7. Click NEXT and select the meaningful name we defined in step 3
  8. Click FINISH.

These steps will add two rules to the network monitor that allow LAN based communications.

Please note that you will still get uPNP Mcast warnings on port 1900 until this is disabled on your router or until you create rule to explicitly allow it.

If you run CFP on both PCs, then these steps should be done identically on both.

Hope this helps,
Ewen :slight_smile:

OKay, it worked. I was able to repair my IP. :BNC Thanks for being patient. How will this affect the security of the network? Should I establish a VPN or NAT?

VPNs are designed to provide secured access between remote locations. Not really needed for a local LAN. NAT is a router function to mask internal LAN addresses.

Ewen :slight_smile: