Comodo firewall & gns3/dynamips/winpcap

dannybt · March 6, 2012, 2:08pm

I’m having strange intermittent connectivty to any virtual devices when I run GNS3. Wireshark capturing on real NIC of PC shows a few ICMP echo packets then eventually a reply.

What I have found is if I go to Local Area Connection Properties of my NIC and untick COMODO Internet Security Firewall Driver. Disable the NIC and then re-enable it. Start GNS3. It works OK.

I cant find anything on Google about Comodo Firewall having compatibility issues with GNS3, Dynamips or WinPcap.

If I try and just set Firewall security level to disable, it still doesn’t work. Only by disabling the driver on the NIC will it work.

I have asked a similar question on the GNS3 site. Is there some advanced settings in Comodo that will allow me to have the firewall running but give me connectivity to GNS3?

Thanks for any help.

Radaghast · March 6, 2012, 7:34pm

Any chance you can provide some more specific details to reproduce. I’ve used GNS3 with CIS in the past without issue.

dannybt · March 6, 2012, 9:05pm

Thanks for the reply.

This is near enough what I posted on GNS3.

Running 0.8.2-Beta2.

I’m experiencing a similar problem to GNS3 • Login

If I connect a cloud (bound to my NIC) and link to a router, everything works fine.

If I create a virtual switch between my router and cloud then I get intermittent pings. Some pings will time out, some will reply.

I have had the same intermittent ping when I connect a loopback to a virtual switch. Also I have tried connecting a Linksys wireless NIC to a virtual switch and get the same issues.

However, if I connect direct to the virtual router from cloud wireless or cloud loopback or cloud Realtek NIC it works OK.

Running Windows 7 64bit. Realtek PCIe GBE RTL8167.

I couldn’t even get any traffic through until I found the fixes from various threads about disabling:

IPv4 Checksum Offload (disabled)
Large Send Offload (disabled)
TCP Checksum Offload (disabled)
UDP Checksum Offload (disabled)

As Wireshark was showing incorrect checksums.

Show mac on the switch displays the correct MAC for router and NIC. Also arp table on router shows correct MAC for NIC.

Wireshark capturing on real NIC of PC shows ICMP echo then eventually a reply.

Its strange that it works using a cloud connection direct to router but not direct to switch.

I need to keep my firewall running. I have tried allowing all on the firewall but to no avail. This is the REAL world connection for my virtual routers so I need to use this NIC.

Created a loopback adapter in Windows (no IP address - IP assigned via DHCP). Bridged this with my LAN adapter. The bridged connection STILL has Comodo driver enabled. BUT it now works… 1 way.

I can ping from PC to virtual router but not the other way round.

My only option seems to be to disabled the Comodo driver on the NIC to get traffic flowing properly.

Radaghast · March 6, 2012, 9:10pm

Thanks for the info, I’ll try and recreate that later today and see what happens.

Radaghast · March 8, 2012, 2:17am

I haven’t forgotten you, I just haven’t had time to create a project.

One thing, you mentioned

I can ping from PC to virtual router but not the other way round.

Can you post a screenshot of your firewall Global rules.

dannybt · March 8, 2012, 9:35am

Here you go. Network Zone LAN is my NIC. The 1 way ping only works when I bridge the loopback to the NIC. If there is no loopback and I connect the NIC direct to GNS3 it gets nothing (unless I connect direct to a device and not to a virtual switch). Thanks.

[attachment deleted by admin]