comodo and routers

helpmepleasesomeone · March 6, 2007, 5:08pm

I have been using comodo for a few weeks with little or no problems. last couple of nights though i’ve had prob getting connected to net. My router is connected to pc via ethernet connection and recently has been slow in showing in task bar after startup and shows as having limited or no connection. to resolve this and connect to net i have to unlock comodo and then select to repair my LAN connection, which then re-establishes LAN connection and i am able to connect. on reading this while typing i realise it isn’t that big a deal, other than the fact that a few days ago everything worked as i would expect but now it doesn’t???

Little_Mac · March 6, 2007, 5:50pm

Within the timeframe you mentioned, have there been any changes to your setup?

Updated drivers (such as for your NIC)?
Updated firmware or application interface to your router?
Changes to the Network Rules in CFP?
Changes to the Application Rules in CFP?
(on these last two, what I’m looking for is if you either blocked anything via popup, or tried to “tighten” up your existing rules)
Turned off/disabled any Windows Services, or used any application designed to do so?

LM

helpmepleasesomeone · March 7, 2007, 7:11am

i did change settings on comodo. i opted to stop incoming and outgoing internet traffic while my computer boots up. though did change this again yesterday and still have to unblock traffic on comodo and the repair LAN connection before i can go online.

Little_Mac · March 7, 2007, 7:56pm

If you’re on a high-speed connection, blocking Outbound traffic on boot would likely interfere with your connection updating properly.

Since you changed that back (will you check to make sure the change back to default allow outbound on boot was accepted), have you rebooted?

LM

panic · March 8, 2007, 5:19am

If your router is also your DHCP server, blocking all inbound and outbound on bootup will stop this occuring and leave your NIC with the default 169.254.X.X IP address and generally unable to connect to anything.

ewen

helpmepleasesomeone · March 11, 2007, 6:33am

I did reboot and checking comodo settings confirm that settings have been changed back to allow traffic during boot. Don’t know about DHCP server, though trying to connect to one or 2 sites has returned error of invalid ip address which has been a problem since i started using a router, but before the date i started using comodo.

Little_Mac · March 12, 2007, 2:21pm

So with the traffic being allowed during boot, does the problem still exist?

LM

helpmepleasesomeone · March 14, 2007, 10:10am

still the same. i have allowed traffic during boot and still my LAN connection shows as having limited or no connection. My main concern is as this worked ok initially with comodo, why isn’t it now, do i have something on my computer causing this???

Little_Mac · March 14, 2007, 12:26pm

With your scenario, when you find the connection is gone and have to repair, I think you indicated you have to turn Comodo off, or something? Are you setting to Allow All in order to repair the connection, or are you able to repair it with Comodo in Custom?

LM

helpmepleasesomeone · March 14, 2007, 3:15pm

i am able to repair the connection in custom. it is only during boot up or reset that i’ll have to repair connection. once i’ve repaired the connection it doesn’t need to be done again until my computer is switched off again or reset.

Little_Mac · March 14, 2007, 3:47pm

Will you do this (as I don’t think you’re going to have log entries created for the block during bootup…) ~ Once you’ve repaired your connection, leave the computer on until the DHCP Lease expires (generally 24 hours). I want to see if the lease renewal gets blocked, and if so, what log entries CFP has. When you set up to do this, the last thing you might do before leaving the computer for the night (or whatever time frame) is to empy out CFP’s logs (open the Logs, right-click an entry and select “Clear all Logs”); that way they’ll be fresh to the lease renewal.

I’m not sure if this will work exactly the same way as the automatic lease renewal (to get the same results), but you can try it for immediate results… go to Start/Run, type “cmd”. At the DOS prompt, type “ipconfig /release” It will take a few seconds, then it will return some 0.0.0.0 IP addresses, and your connectivity will be gone. Then type “ipconfig /renew”. It will take a few seconds, and the connection should return, showing your Gateway, DNS Server, etc. Then check CFP’s logs (so if you clear the logs b4 trying this, that’ll help…).

I had this problem once, but it came from network rules that were blocking it; I had to set it to Allow All in order to repair the connect. Thus, if you can repair it in Custom, there may be something else.

LM

helpmepleasesomeone · March 14, 2007, 6:44pm

tried the short cut first. everything went as planned, however after reseting my pc to check, i had to repair connection still. will consider trying the 24hr thing though a little unsure about leaving my computer with an idle live internet connection overnight. cheers very much for help so far though. (:CLP) :BNC

Little_Mac · March 14, 2007, 7:04pm

When you had to repair after the manual release & renew, since you had to repair again anyway, were there any entries in CFP logs?

That will be a key thing; if it did that way, it will probably do it with the normal/automatic process as well.

You can export the logs as follows:

Go to Activity/Logs. Right-click an entry, and select “Export to HTML.” Save and reopen the file (opens in browser window). Copy the entries at that time period, and Paste them into your post here. You can then edit your personal IP address, if it shows.

If there are no log entries, then either you’ve got logging turned off (you should know if you’ve done this, because it’s on by default), or it’s not a Comodo issue.

LM

helpmepleasesomeone · March 14, 2007, 7:15pm

is this what you are after???

Date/Time :2007-03-14 18:27:59Severity :MediumReporter :Application MonitorDescription: Application Access Denied (System:192...: :nbdgram(138))Application: SystemParent: SystemProtocol: UDP OutDestination: 192...**::nbdgram(138)

Date/Time :2007-03-14 18:27:20Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 192..., Port = 1861)Protocol: UDP IncomingSource: 192...:3074 Destination: 192.*..:1861 Reason: Network Control Rule ID = 5

Date/Time :2007-03-14 18:27:15Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 192..., Port = 1857)Protocol: UDP IncomingSource: 192...:3074 Destination: 192.*..:1857 Reason: Network Control Rule ID = 5

Date/Time :2007-03-14 18:27:15Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 192..., Port = 1861)Protocol: UDP IncomingSource: 192...:3074 Destination: 192.**..:1861 Reason: Network Control Rule ID = 5

Date/Time :2007-03-14 18:27:10Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 192..., Port = 1852)Protocol: UDP IncomingSource: 192...:3074 Destination: 192.*..:1852 Reason: Network Control Rule ID = 5

Date/Time :2007-03-14 18:27:10Severity :MediumReporter :Network MonitorDescription: Outbound Policy Violation (Access Denied, Protocol = IGMP)Protocol:IGMP OutgoingSource: 192.*.. Destination: 224.0.0.22 Reason: Network Control Rule ID = 5

Date/Time :2007-03-14 18:27:10Severity :MediumReporter :Network MonitorDescription: Inbound Policy Violation (Access Denied, IP = 192..., Port = 1857)Protocol: UDP IncomingSource: 192...:3074 Destination: 192.*..:1857 Reason: Network Control Rule ID = 5

Little_Mac · March 14, 2007, 7:32pm

That’s more what we’re looking for. Whether or not it’s applicable is yet to be determined…

Will you go to Start/Run, type in “cmd”

At the DOS prompt, type “ipconfig /all”

This will give your Default Gateway, DNS Server, DHCP Server, perhaps some other info.

Here’s what you’re looking for: A matching IP address to any of the blocked incoming connections. The port numbers there don’t match up to any common connection items that I’m aware of, but it doesn’t hurt to check.

Also, in CFP will you open your Network Monitor to full screen, capture a save a screenshot as an image file (jpg, gif, png). Then attach that file to your post under Additional Options.

TNX,

LM

helpmepleasesomeone · March 14, 2007, 9:00pm

the addresses do match for both the blocked ip and source. i have attached the requested screen shot

[attachment deleted by admin]

Little_Mac · March 14, 2007, 9:33pm

Okay, so if the Source on the Inbound connections matches up with info from ipconfig /all, given that they’re all 192.x.x.x addresses behind the router, for what aspect did it match - Gateway, DHCP Server? I’m guessing your DNS Server was an IP belonging to your ISP, although the router might’ve been there as well…

You may want to try the following (although the ports listed are kind of odd)…

Let’s say that (for example), ipconfig gave you the following:
Default Gateway 192.168.1.1
DCHP Server 192.168.1.2
DNC Server 192.168.1.1
And your IP 192.168.1.3

In CFP, go to Security/Tasks/Add a Zone. Name the Zone (for instance) “Router.” Define the range as 192.168.1.1 thru 192.168.1.2.
Now go to Security/Tasks/Define a New Trusted Network. Use your Zone “Router” to set as the Network.

This will create two rules at the top of your Network Monitor; one will Allow IP Out from Any (your computer) to the Zone, the other will Allow IP In from the Zone to Any (your computer). These will be in positions Rule ID 0 & 1. Reboot.

Now clear the logs again.

Go back to start/run, “cmd” then “ipconfig /release”. Wait until it finishes, then “ipconfig /renew.” See if the connection is re-established, without having to click “repair.”

LM