I’ve been scanning the forums for an answer to this question with no success. My config is as follows:
Cable Modem to PC which uses Second Ethernet Port on PC for ICS to Wireless Router
Host PC is running Vista x64 Business w/SP1
The problem is any computer or device connected to the router via wired or wireless is unable to browse. When Comodo is disabled, no problems. If the router is bypassed entirely, this makes no difference, so the router can be eliminated as the issue for now. A test PC, when directly connected to the second port on the PC via ICS, sees the Internet Gateway. The test PC can both ping and traceroute to any site using either the domain name or IP. Using either Firefox of IE, the test PC cannot surf to any site via domain or IP.
Comodo has automatically detected the private network and I have set up a zone in the trusted zones area checking “I would like to be fully accessible to the other PCs in this network…”
I have tried several guides that mention similar circumstances in an attempt to resolve this “challenge”. Any input would be greatly appreciated. If there is any questions regarding the setup or information provided, please ask! Thanks to anyone that responds.
Is CIS set to be ICS server? Go to: Firewall → Advanced → Firewall Behaviour Settings → Alert settings → now make sure to check " This computer is an internet connection gateway (i.e. and ICS server).
I have a slightly different setup using the same equipment. Cable modem connected to wireless router (router firewall configured - an extra layer of security). All computers connect via the wireless router so no ICS is required. I was wondering if a router firewall/CIS firewall conflict might not be allowing the connections as configured?
The idea behind my using the type of configuration I am using is to give the host PC maximum bandwidth from the cable modem without having to worry about how the router is managing traffic. Regardless, I believe my problem is that one of the firewall rules is blocking connections from the routers IP. From looking at the logs, any incoming connections from the routers IP to C:\Windows\System32\svchost.exe is being blocked. It is easy enough to write a rule to allow all traffic through from the IP or network zone the router is in, however, this would be quite insecure.
I’ve tried using some of combination’s of rules listed in other posts relating to connections from a client PC to svchost.exe being blocked where the host PC is running ICS. I don’t find the rules to be confusing really as it is similar to programming Cisco ACLs (Access Control Lists) which I have done in the past. If anyone has a specific rule set for CIS which regards to ICS, I’d be happy to give them a try.
I would be guessing, but the other computers on your LAN would be connecting to your router and the router software would then have to negotiate with your ICS. The problem may be the permissions for the router software, or there may be an intermediate process that sends the connection request. I would try the router software first - install rules that log allowed requests as well as blocked ones to test your rules. If that does not work, try installing log rules for common processes like svchost.exe and System and “Windows Operating System” and Isass.exe (found on the Network Security Policy>Add>Select>Running Processes window.
Alrighty. To simply, I’ve removed the router entirely. The host PC now shares the connection to a PC directly connected to the second port on the host PC. The test PC is seeing the host PC as an Internet Gateway and is able to pick up an IP. Is there a specific set of rules you can recommend. I have previously tried this rule set:
It is however unclear what “placeholder” refers to. I would assume this means a blank rule?
The “placeholder” entries are for other rules you may need for some types of setup. If you don’t do Virtual Private Networks or have any special sites or protocols that you want to block, you can just omit them. It took a couple of seconds for me to realize that these are all rules for the Global tab of “Network Security Policy”. The only thing that looks like it might not be clear is the [Netbios] reference. That refers to ports 135, 137-139, and 445. The author probably created a port set with those ports in it and called it “Netbios”. Also there is a reference to Multicasting which includes IP’s in the ranges 224.0.0.0 - 224.0.0.255 and 239.0.0.0 - 239.255.255.255. This set of IP’s could be listed under “My Network Zones” and given the name “Multicasting” for cleaner rule making. You would then use that Zone when writing rules under the Global tab of “Network Security Policy” (select “zone” under the target tab and then click the drop-down - no zones appear until you click the drop-down).
I have this very similar problem ever since I upgraded my Comodo Firewall to CIS. Tried the solutions above - nothing.
I have 2 laptops, one connected directly to a router(ADSL) and using Vista Basic and the other one connected with the first one using wireless ad-hoc connection and using XP SP3. The second laptop has internet connection using ICS from the first one.
Ever since I installed CIS the second laptop is unable to connect to the Internet, the browser always stuck at “Connecting to…” for like 1 min. and nothing. When I disable the firewall I have internet, no problem whatsoever. Apparently the firewall is blocking ICS only because I can use the shared files from the first PC and my external hard drive connected to the first PC. I checked and can confirm that this happens with CIS only. Anyone has any ideas? I don’t want to dump Comodo, I’m a happy user for years this is actually my first problem with Comodo product.
Nice to know someone else is having the same problem. I don’t know what changed between the old stand-alone Comodo Firewall VS CIS and the way it deals with ICS. I might try downgrading and see what rules it creates automatically VS the ones that currently exist in CIS.
If anyone else has any ideas on how best to solve this challenge, please post a reply.
I wanted to downgrade to the previous version myself and try to compare the setting but I’m unable to find one. Can you point me to a download location?
I think this is a bug or some kind of incompatibility though, so I doubt playing with the settings will solve the problem.
I did a clean Vista install and installed CIS 3.5 again, just in case it is a Vista’s fault. It didn’t work, got the same problem so I downgraded to the latest Firewall Pro and everything works just fine. So I guess is CIS fault, probably some incompatibility bug or something as I said in one of my previous posts. I hope the Comodo guys will eventually see this and will fix it in some future updates, I’d really like to have CIS instead of a Firewall only.
This is my last update, sorry for the bumping/multiposting.
Apparently the problem occures when CIS has the AntiVirus installed!
Yesterday I installed the latest version of CFP and today I was told by the updater there are updates available. So I let it update and what do you know, after the restart I have CIS 3.5.57 WITHOUT Antivirus…and the problem doesn’t show up, I have connectivity! It’s unlikely a network problem to be caused by the antivirus but apparently it can…
Thanks for your reply ATG. I think I’ve been able to determine the necessary firewall rules that CIS did not appear to be creating when my ICS network was first detected. I would imagine those rules are preserved when CFP updates to CIS via the automatic updated. I am currently running the latest version on CFP with ICS. I will likely attempt to replicate your success in the near future.
I am very appreciative for your efforts in testing this out as I am sure others faced with the same challenge are as well. For anyone running a configuration similar to myself or ATG. I’d recommend creating a couple additional firewall rules to secure the host PC.
Create a NetBIOS Port Set (Ports: 135, 137-139, 445)
Create a Global Rule to Block and LogTCP or UDP In/Out from Any IP to Any IP where the Source Port is Any and the Destination Port is the NetBIOS Port Set
In Application Rules, create a new rule for C:\Windows\System32\svchost.exe to Allow and LogUDP In/Out where the Source Port is Any and the Destination Port is Port 53
After running a complete port scan, I found that ports 135 and 445 where open on the host machine. After closing these ports, all DNS translation stopped working until I discovered in the Firewall logs that all requests destined for Port 53 (DNS) from the ICS machines were being blocked, hence the last third firewall rule.
If there is anyone out there that can see a flaw in my logic, I would be happy to entertain suggestions for making this setup more secure. Thank you again to all that responded.
I had the same problem.
That’s a rules problem.
This is the solution:
Create a new zone, call it, for example, “Local” (in My Network Zones) whit the follow “IP address mask”:
192.160.0.0 / 255.255.0.0
10.0.0.0 / 255.0.0.0
169.254.0.0 / 255.255.0.0
255.255.255.255 (as single ip)
afterwards in Predefined Firewall policies:
Add
Add → ALLOW, TCP or UDP, In & OuT,
Source Addresses: clik on “zone” and select “Local” (or other name chosen previously).
Destination Addresses: clik on “zone” and select “Local”
Add → ALLOW, IP, In & OuT,
Source Addresses: clik on “zone” and select “Local”
Destination Addresses: clik on “zone” and select “Local”
Add → ALLOW, ICMP, In & OuT,
Source Addresses: clik on “zone” and select “Local”
Destination Addresses: clik on “zone” and select “Local”
afterwards in Network Security Policy delete all old svchost and system rules so Comodo will ask you to re-create the rules. So, when Comodo displays on the usual pop-up for scvhost and system processes, select “Treat ths application”: “Local” for scvhost and system processes.
Remember for XP users: in “Firewall Behavior Setting” → “Alert Setting”, enable option “This computer is an Internet connetion gateway” (but if you are a Windows Vista user this option is not necessary).
