comodo for wlan protection on laptop as router with mobile internet

Help for v2
#1

hi community,

a friend of mine and i are having a problem.
he bought a mobile internet for his notebook and shares his internet over wlan with me (both winXP SP2 me professional his is home).

Ips are static,

he: 192.168.0.1
255.255.255.0
host name: gonzo

me: IP: 192.168.0.100
Subnet: 255.255.255.0
gateway: 192.168.0.1
DNS : 192.168.0.1
host name: markus

Internet works on both notebooks and still with comodo without rules.

we would like to secure the wlan against uninvited users over comodo because we didn’t manage it over a password in windows (we spent the whole evening but i don’t know why it still doesn’ work)
not only our computers should be secured, but also the access to the internet.

we have problems with the rules.
what exactly shoud we set; we tried a lot of different combinations (ip-zone, ip-adress, host name, …) but it doesn’t work

I read also a lot in the forum but its gettig bigger and bigger.

so please help us and post us the rules wh have to fix
thnx a lot

(:SAD)

#2

hi,

can you describe closer how both are connected?

1 wlan wireless router, you plug in with cable

hes on wireless to same?

or do you just plug in your notebook in his notebook via ethernet? :slight_smile:

that would be cool

then deinstall and reinstall on both lappys comodo. reinstall ya have all rules back.

then go in each comodo and make a trusted network via the wizard for the ethercards bound both lappys.

this is then most security by design of comodo

Mike

#3

Some clarification needed, “mobile internet” is often a term used to describe telecom mobile/cellphone data service, which is a very very different creature from 802.11 wi-fi wireless networking. Your posting doesn’t make clear whether you have one, the other, both, or something else entirely.

Comodo Firewall works on packet traffic, without really making a distinction of how or where that traffic is coming from. There is nothing particular in CFP about configuring a wired connection or a wireless connection.

Wireless 802.11 has its own security settings, typically set thru an interface that is functioning as an access point. Telecom data services undoubtedly have their own settings also, but I have no background for guidance on how to proceed.

#4

there is no router.

he has a mobile internet as an express card, his notebook is used as router, and i connect me via wlan to his notebook (i think it is called Ad-Hoc network)

greetings

#5

re,

yes of course youre right with mobile and local wireless.

but its very uncommon have a mobile lappy via ethernet to another lappy :slight_smile:

and yes youre right, mobile security is just through its setup options,
i assume they did check.

but i think they meant comodo security

Mike

PS: but tnx grue, so if others read this are informed well. good work

#6

we are not via ethernet connected, just wlan.

and the mobile interet comes with a sim card over the cell-phone’s net.

do you know the rules which i have t o set, with the security from wlan we didn’t manage.

#7

re,

yes we did understand your mobile :slight_smile:

wlan? in both lappys must be a adaptor connects ya together, in the search wizard select that adaptor.

Mike

PS: sorry, wlan term did change the last 5 years, before it didnt mean wireless, then just ethernet

at least go into setup software of mobile and use most possible security items,

also go into the w…lan setup software and check there most possible security items.

#8

Now I understand how you are connected. Thank you.

Two levels of security settings are needed.

First, is the wireless connection between the two laptops. This will keep the neighbors from surfing the Internet thru your mobile express card.

Since you’re using an ad-hoc network, the best you will be able to use is wireless WEP encryption. Assuming you are using Windows to manage your wireless connection, this is Control Panel → Network Connections, right click Wireless Connections, select Properties, and then click on the Wireless tab. Select Add to create a connection profile. Here you enter a SSID and the WEP keys that you will be using. Both laptops need the same settings.

Second, is the CFP rules to keep your laptops safe from the Internet.

Since one machine is running as a router, the rules will be slightly different. But in general, the rules will be something like this:

allow in&out protocol IP from 192.168.0.0 netmask 255.255.255.0 to 192.168.0.0 netmask 255.255.255.0
allow out protocol TCP from 192.168.0.0 netmask 255.255.255.0 to any
allow out protocol UDP from 192.168.0.0 netmask 255.255.255.0 to any
allow out protocol ICMP from 192.168.0.0 netmask 255.255.255.0 to any icmptype 3,4,8,11,12
allow in protocol ICMP from any to 192.168.0.0 netmask 255.255.255.0 icmptype 0,3
block&log out protocol IP from any to any

Watch the CFP logs for things that are blocked, and adjust the rules accordingly.

The first rule will let the two laptops talk to each other. The next 3 rules will allow outbound connections of any kind, which you will probably want to limit. The next rule, ICMP inbound, will allow ping replies (you ping them, this is the answer back) and any kind of error message (icmptype 3). Then finally, block everything. That’s a fairly basic set of rules.

#9

but thats exactly the probleml, without any security eq. WEP , SSID the wireless LAN workes well but as I enter a password on the other notebook, I am not able no connect wo the wireless LAN. so we decided to sty withaout security and therfore we use a firewall.

i am not afraid of the bad things fro the internet, but we live in a residene and if the other inhabitants realize that there is an aunsecured wlan I think you know what will happen…

#10

re,

ya tell, if uninstall comodo, use all security features, ya even get no access each nor inet?

there must be software been with use to setup with.

Mike

PS: say how ya configured “router”? with share connection or other software?

#11

Yep, it’ll happen. But unless you can get the wireless secured, a firewall won’t help you. A wireless sniffer like WireShark with AirPCap can allow an attacker to forge and hijack any machine identifier that a firewall would use.

Both machines, gonzo and markus, need to have the same SSID and WEP key settings before they will be able to securely communicate over a wireless connection. If need be, just to get things working, try in this sequence:

On gonzo, set CFP to allow all traffic. Set the wireless SSID and WEP key.
Because gonzo is now using encrypted wireless, markus cannot talk to gonzo.
On markus, set CFP to allow all traffic. Set the wireless SSID and WEP key to be identical to what was set on gonzo.
Gonzo and markus should now be able to talk to each other. CFP isn’t doing anything, but the wireless link is secure.
Change the CFP settings on markus. It should still be able to talk to gonzo if that first rule is as I wrote in the earlier posting.
Change the CFP settings on gonzo. Markus and gonzo should be able to talk to each other.

If all that works, then you’ll have a secured wireless, and a firewall. If nothing else, get the secured wireless working, even if it means having to spend EUR or USD 40 or 50 to get an access point.
Otherwise, as you suspect, your neighbors will surf the Internet on your mobile.

Added sometime later: secure wireless can take time to make a connection. It’s not instant. Give it a minute, up to 5 minutes in a noisy wireless environment, before concluding the wireless connection isn’t working.

#12

re,

what does the manual say for this wllan?

if that fails,

install comodo on mobile lappy,

make a trusted network wizard setup to the mobile card.

if have inet access make this:

make a trusted connection to the wllan adaptor.

make sure 1. rule set in network is mobile

  1. rule set is then wllan

if that works, go your wllan pc, install comodo and make a trusted network wizard to its wllan adaptor.

that would be some safe, …

Mike

PS: ya might post what exact wllan hardware ya have, so might one here can help for basic setup