Comodo CIS Firewall & VMware Player Web Page Connectivity Problems.

Hi,

I have been using Comodo CIS for quite a while now without problems, however I have now come across a problem which I cannot work out a resolution for???

I have VMware Player which runs a Suse Linux image which in turn hosts an application accessible through a web browser.

When the image loads, all is functioning well within Suse Linux and I can access the web page hosted by the Suse Linux VM from any other machine on my home network.

However, I am unable to access the Web page from my laptop which is running the VM image through VMware player. If I switch off the firewall I can access it fine so something is blocking it at the firewall level.

My laptop is Windows 7 and I have tried Google Chrome, Firefox and IE to access the web page in the Suse Linux VM. I can ping the VM’s IP address from my Windows 7 host but when it comes to accessthe Web page it just times out.

Obviously I need to add a rule somewhere but not sure where and what rule. The IPconfig for my machine is below:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Tuscan-2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #
2
Physical Address. . . . . . . . . : BC-77-37-B5-B9-6E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : BC-77-37-B5-B9-6E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 1030
Physical Address. . . . . . . . . : BC-77-37-B5-B9-6D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::483f:5318:596f:21e3%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 March 2012 14:07:25
Lease Expires . . . . . . . . . . : 12 March 2012 05:44:21
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 364672823
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-79-3C-7C-18-03-73-58-5E-DF

DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 18-03-73-58-5E-DF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : BC-77-37-B5-B9-71
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e496:8ca1:da29:8d85%23(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.19.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 838881366
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-79-3C-7C-18-03-73-58-5E-DF

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2f:5466:fe8d:da23%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.72.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 855658582
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-79-3C-7C-18-03-73-58-5E-DF

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3372995A-6E81-4FD3-871D-C16474AEDF40}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{64088DF7-B547-433B-87DE-320348636A43}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B43E60E8-BCDA-4D58-809B-138973693EC5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A9409E23-D819-4EC9-93E0-C0CB05DB4AFA}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8C0529A5-68BA-4373-9FCF-9B0BC94E4F44}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EA9EDB10-E0C2-46E2-86E6-5E402C50DC17}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

The Suse Linux server has a static IP address of 192.168.0.50 and the default gateway etc is all good as I can ping the gateway from the Suse Linux server. The Network connection within the VM settings is set to bridged.

Can anyone suggest how I diagnose the problem and hoe I resolve this?
Thanks in advance.

Welcome.

What kind of network are you using in the VM? NAT, Bridged…

The VM network is bridged. This works fine when the firewall is switched off, only problems when the firewall is switched on.

If it’s bridged - I’m assuming the firewall is running on the host? - there shouldn’t be any need for applications, running in the VM, to interact with the host firewall. I use VMWare and the only rules I have in the host firewall, are those shown in the image. The DNS and HTTP connection rules for vmware.exe are for software updates. The other rules are simple loopback requests.

[attachment deleted by admin]

Thanks for the response and I agree, there should be no need, however something is blocking this. I am not sure if it is seen as an insecure network zone or something. Any ideas how to diagnose this and find out why it is being blocked?

Are there currently any rules related to VMWare in the firewall, if so, remove them and let them be recreated. Also, have you checked the firewall logs for anything connected?

I have checked the firewall log and there is nothing listed within there which is why I was wondering if there was a debug mode for Comodo Firewall? I have attached a screen shot of the rules that are in place, there is only one for VMware player. I am sure that it is a very simple thing to get this working and I would be able to do it if there was a way to debug connections through the firewall.

[attachment deleted by admin]

Just out of curiosity, how are you accessing the web server, by name or IP address? If using name, try IP address and port. Failing that, you appear to be using safe mode in the firewall, so you could try using custom policy mode with an increased alert frequency. You can find these settings under Firewall Behaviour Settings. If you decide to try this, delete the existing VMWare rule first. By making these changes, you’re probably going to get quite a few alerts but you’ll have more detail about the connection and hence may find troubleshooting easier.