CFP kills my network speed.[CLOSED]

I have Verizon FiOS, 15mb/s down, 2mb/s up with static IP address. CFP makes my internet connection seem more like a dial-up modem.

It’s slow resolving IP addresses, downloading graphics is almost a painful wait compared to what I am used to. If I turn the firewall off, they load up instantly.

[attachment deleted by admin]

Hi nelgin.

I can’t see anything obvious in the images you posted, although you do seem to have two zones defined?

It would be helpful if you could post some more details about your environment. Please see this post for details on what information to post.

Important - Please read before posting

Toggie

The version of Comodo Firewall Pro Installed
2.4.18.184

  • Your Internet connection type (dial-up/cable/Direct connection/LAN etc)
    Verizon FiOS 15mb/s down, 2mb/s up

  • Operating system and Service Pack Level
    Windows XP SP2 fully patched

  • How you are logging in to the OS (Admin, User)
    User with admin privs

  • Other Security applications installed (AV, AS, HIPS etc)
    Comodo Antivirus

  • Security related applications which have been removed/disabled before installing CFP.
    Active Virus Shield
    Windows Firewall

  • Security related application which have been removed/disabled after installing CFP.
    none

  • Detail the problem, such as which applications are running when you have the problem.
    Firefox, WLM, YIM, Skype

  • Please inform us if you have created any custom rules.
    Nope

Thanks nelgin, that’s part of the information, could you post the logs too please :slight_smile:

When I follow the instructions, there is no option to save the logs once I clear them and restart. I’ll send you what is in there now, however.

[attachment deleted by admin]

Hi nelgin.

As you probably noticed, your getting a lot of access denied entries in your logs. The ICMP seem to be the most prevalent, all of which are outbound. You are also receiving quite a few blocked inbound requests.

I noticed you have Limewire installed, do you use any other P2P apps?

I’ll ask again about the two zones. Is there are reason you have two separate zones defined in Network Monitor?

Didn’t realise the comment about the zones was a question.

Yes, I have two zones. I have a static IP behind the router, however I needed to configure another router which had a clashing IP address so I let it assign me one since DHCP was enabled on it. I can remove one of the zones but that isn’t the problem. It was doing that before now.

I use utorrent and those requests are on the port that it listens on when running. I’ve not run it since installing the firewall hence haven’t bothered to do anything with the packets.

So, you’re saying if I get a lot of incoming packets, it’s doing to make things run to a crawl? If I block them at the router, it doesn’t affect my internet performance. I can’t imagine my system should even blink running at 3ghz with 1.25gb ram.

Hi nelgin.

Being honest, I’m clutching at straws here. I looking at the information you gave me and trying to see where problems may lie. The only thing I see is, as mentioned above, which is not much.

The configuration of your hardware will have little to do with this problem.

I’ll ask one of my colleagues to take a look at the information, a fresh pair of eyes and all that…

It’s probably a software issue. I can be somewhat of a power user as you can see by the number of connections.

Have you tried disabling logging, I know this normally only affects system performance rather then internet speed but I suppose it is possible that it may have some affect if there is a lot of logging occurring. Apologies if you have tried this already. May seem like clutching at straws but I cant think of anything else yet,

:SMLR

Adding in my two centi-quatloos here, for whatever it might be worth at current exchange rates.

I’ll suggest adding this rule fairly early in your Network rule set:

allow out protocol ICMP from myZone to anydestination for any icmp message type

ICMP has a number of traffic control throttling settings. ICMP types 4, 11 and 12 can speed up or slow down traffic as flow conditions need. Allowing all ICMP outbound packets takes that question out of consideration.

Your log is showing traffic connnections for both TCP and UDP to two different ports: 11880 and 24545 (maybe typo on that 24xxx port, I didn’t save the download). UDP as a protocol is very time oriented, as it doesn’t have a builtin error detection ability like that of TCP. So, if there is any kind of UDP traffic problem, then things have to time out, and then retry again and again, and the apparent throughput drops thru the floor. Which is what you’re describing.

So, I’ll make this suggestion: to add a rule to allow inbound TCP and UDP to those two active ports.
It’d probably be a good idea to verify the port numbers from a “netstat -an” command.

Like this?

[attachment deleted by admin]

Almost. Your rule 2 is overriding the later port rules, and is effectively turning your firewall off. Need to tweak rule 2 just a bit

Just to keep in mind that all rules are written in the context of your machine: what’s coming into your machine from the outside, and what your machine is sending out to others. You may have some source and destinations reversed.

Your rules should look something like this.

rule 0 allow out protocol IP from zone[Intel Pro] to any
rule 1 allow in protocol ICMP from any to zone[Intel Pro] where icmp message is fragmentation needed
rule 2 allow in protocol ICMP from any to zone[Intel Pro] where icmp is time exceeded
rule 3 allow in protocol ICMP from any to zone[Intel Pro] where icmp is host unreachable
rule 4 allow in protocol ICMP from any to zone[Intel Pro] where icmp is port unreachable
rule 5 allow in protocol TCP/UDP from any to zone[Intel Pro] where destination port is 11880
rule 6 allow in protocol TCP/UDP from any to zone[Intel Pro] where destination port is 26454
rule 7 block&log in&out protocol IP from any to any

This new rule 0 is way too permissive, as it will let your machine send anything to anybody at any port. That’s not good security. But to get things working, it’ll do, and then tidy up the rules later.

A terminology note: saying “protocol IP” is the same as saying “protocol any”, as TCP, UDP, and ICMP are all IP protocols. So the new rule 0 is letting the ICMP traffic out. Letting the ICMP traffic out was missing from the rules you just posted.

Rule 1 to 4 will allow the most common ICMP traffic flow problem warnings come into your machine from where-ever. Rule 5 and 6 will let the traffic come in to whatever you have running that needs to have traffic on those ports, as evidenced by your earlier log. Rule 7 is the catch-all to block anything else.

That should get CFP out of the way for the most part of being a block on throughput. If things speed up, then it’s time to tighten up that new rule 0. So, put these new rules in place, watch your CFP logs, and see how things are running. If it’s not improved, or at least different somehow, then post your logs, and we’ll go from there.

I’m basically using the defaults that come with the software. If it is too loose, then I suggest CFP tighten up its default rules somewhat. I’ll look into it. However, it shouldn’t matter what the rules are, it shouldn’t be killing my internet connection, especially since I only have a few rules. If I had a page full, then maybe.

I agree. The default rules shouldn’t affect internet speed, at least not by this much. I personally know that allowing ICMP does speed it up, but only a tiny bit when I p2p.

Out of curiousity, how do you measure your internet speeds, via IE 7?

How do I measure my internet speed.

I got to www.msn.com and once the page had loaded, it takes 3 seconds from clicking “Reload” to getting the “Done” message…with the firewall turned off.

I turn it on and click refresh…it takes 15 seconds.

Turn it off again and click refresh…3 seconds

turn it on again, took 12 seconds this time.

Not very scientific but it proves my point. It takes 4-5 times longer to load www.msn.com with the CFP turned on.

When you say “turn it on” and “turn it off” do you mean your changing the security from the tray icon from custom to allow all? If, that’s not what your doing, it would be interesting to see what happens when you do.

Yes, that’s exactly what I do.

I’ve just upgraded to 3.0 so we’ll see how that goes.

I’ll mark this as closed. If you need to reopen this PM me or another MOD. Please post all V3 related queries in the V3 board.

Thank you.