CIS and Fallout 3 running GFWL

Hey All,

First thank you for making such a good and free Firewall program. I love it. But now I am having a problem with Games For Windows LIVE in Fallout 3. This only happened recently where Comodo’s Firewall is blocking access for Fallout 3 to connect to GFWL. I have set Fallout 3 as a trusted application and it is still blocking it. Also I have set both ports 88 and 3074 to allow in the Global rules for both TCP and UDP.

Any suggestions would be great. As for right now disabling the firewall completely fixes the problem, but I don’t want to keep disabling it each time I go to play Fallout 3.

Can anybody give me a hand with this it’s really annoying to disable the firewall every time I want to play Fallout 3. I’ve tried the susgestions I’ve found on this board and the GFWL board too.

You stated you listed the game as Trusted, was this in the firewall or Defense+?

The Firewall. I have Defense+ set to inactive. Would it make a difference if it was in Defense+ if its inactive?

Can you show us your Global Rules? Make sure the rules for the open ports have the source address and source port set to Any.

Yep the global rules are set to source any with a range. Here’s my global rules and Application Rules too for you. Thanks for the help.

Oh and I have tried to put the firewall in Training Mode to see if that works and it doesn’t. I must have a rule in here that’s blocking it. Also I normally run the firewall in Safe Mode.

EDIT: Just to add to this. I noticed this today in the firewall logs. Looks like Comodo is blocking port 3074 that is used for GFWL. Attaching a screenshot of the logs too. I’ve highlighted what I think are the ports Comodo is blocking for GFWL.

[attachment deleted by admin]

I looked at the logs and saw a lot of traffic for TCP port 445. I looked it up with Service Name and Transport Protocol Port Number Registry and it is related to Microsoft-DS:

Microsoft-DS is a port used ever since Windows 2000 was introduced. It is used for file sharing. Before Windows 2000, SMB used port 137-139. Windows 2000 added the possibility to use SMB directly over TCP/IP on port 445. If this port is opened, it is used instead of the NBT ports. See Microsoft article : http://support.microsoft.com/support/kb/articles/Q204/2/79.ASP. See also at : The use of TCP ports 139 and 445 in Windows

Now open TCP port 445 for incoming traffic:
Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port VPM

Source address: Any
Destination Address: Choose MAC or Single IP address (only when it is fixed) or Host Name
Source Port: Any
Destination Port: 445

Then push Apply → Ok.

Make sure the rule is above the basic block rule (red icon) in Global Rules).

Does this help?

Thank you for the reply.

I will try that later but I suspect that is from my work VPN as it connects me to an IP of 10.200.255.169 usually.

I’ve attached another screenshot of my logs which may be of help too. I’ll make the change you suggested above and reply later tonight. Whats weird about this screenshot is that some requests come from Fallout 3 itself and some from Windows Operating System. Whats the difference?

[attachment deleted by admin]

I just tried out this rule you suggested Eric. It is still blocking GFWL. Can you figure out anything from the screenshot I attached in my previous post?

I was looking again at your firewall logs and noticed that part of the time the destination address changed from 10.x.y.x to 169.254.1.100. Do you have a set top box or something similar in your network set up?

If not then yopur network adapter could not make a connection. When Windows doesn’t see a network to connect with it will hand out an IP address to your network adapter in the 169 range. Certain NVIDIA motherboard chipset come or came with a firewall option. Enabling that firewall is a known trouble maker. Disable it when you use it.

When you can’t connect to the GFWL server again check the firewall logs for the used IP address. Also check the status of your network adapter and see what IP address is used.

I do have an Nvidia motherboard but its older and doesn’t have the Nivida firewall. Also my routers gateway is set to 169.254.0.1. It’s normal for me to get a 169 IP. Infact my PC that’s running Fallout 3 has a static IP of 169.254.1.100. Again completely normal. The IP 10.x.x.x is for my work’s VPN. The VPN modifies my LAN IP to a work IP through the Cisco VPN Client, much in the same way Hamachi works.

Anything else you want think of Eric? It works fine when I disable Comodo Firewall.

You said you made D+ inactive. Did you permanently disabled it? You can permanently disable under D+ → Adavnced → Defense + Settings. Or did you install CIS without D+ (there is no D+ button in the main screen)?

I followed your directions to completely disable Defense+ and the firewall is still blocking it. If I turn the firewall off it works just fine.

Thanks for testing. We now know it is definitively a Firewall problem.

Wrapping my head around it. Can you confirm that the rule for port 445 TCp is in your Global rules and that it is somewhere above the basic block rule?

Is this installation an upgrade or a clean install? When you did a clean install did you import a previous configuration?

Yep the 445 TCP rule is in there screenshot attached. It is an upgrade install. In fact I’ve been upgrading it since 2.x on this computer. I also imported settings from my 2.x install. Are you thinking what I’m thinking Eric? Do a complete fresh install, put the firewall in Training Mode and run the game?

[attachment deleted by admin]

That’s what I was thinking: do a clean install without importing your old configuration. That will more than likely solve the problem for you. Sorry to be such a pain up the bum with this advice.

Hey Eric I solved it but now I’m a little worried. Here’s how I fixed it:

  1. Uninstalled CIS completely from Add/Remove Programs
  2. Rebooted
  3. Ran the CIS clean up tool I found on these fourms
  4. Rebooted
  5. Installed CIS newest version without Defense+
  6. Rebooted
  7. Started creating rules for my most used programs and Fallout 3 (Set Fallout 3 to a Trusted Application) Along with the XBox Live ports needed. See attachments below for rules I made.
  8. Gave Fallout a try still didn’t work unless I turned the Firewall off to disable.
  9. Poked around in the settings for CIS Firewall
  10. Took off the “Block Fragmented IP Datagrams” option under attack settings. See third attachment.
  11. Fallout 3 works with the firewall on

What I’m worried about is that it says to disable this only if absolutely necessary. Is it okay to have this option disabled? Also is it better to create rules using the predefined policy’s?

Thanks for your help with this Eric!

[attachment deleted by admin]

I guess this situation makes it necessary to disable the block of fragmented datagrams. Making a rule under Global Rules will do the same thing.

You can choose to disable Block of fragmented datagrams each you start up the program. That is the only solution I see right now.

The option doesn’t save Eric? Would it be easier to setup a Global Rule for it and if yes how?

The option can be saved. What I mean is you change it each time you start GFWL manually and then change it back after you stopped playing.

I was speaking too soon when I said it would be possible to make a Global Rule to allow. I took a further look and noticed it was not possible. Sorry about that.