Comodo & Hamachi

somethingnew · June 28, 2007, 12:53am

Hi there,

can anybody please add a tutorial for setting up Hamachi on Comodo Firewall (RULES ETC.)

I am new to Comodo, but it is simple. I tried yesterday, with my friend also using Hamachi. All we were trying to do was ping each other.

All routers were forwarding ports of Hamachi i.e. 12975.
Last thing left was Comodo to set it up.

I tried it in simple way. I turned off Hamachi & turned back on, and got alert from Comodo, & then I allowed it “Allow” to communicate. This action added “Hamachi.exe” into application monitor list. sorry I cannot provide screenshots now, as I am away from my pc. I edited the setting of hamachi.exe in application monitor to be a trusted application, and allow any traffic by this application. and even invible connections also.
my friend did same thing.
but still after that we were not able to ping each other.
only way we could ping each other was, if we tun of firewall, like going to summary page and selecting “allow all” from lefft bottom corner.
then we dicovered network rules.
the last rule i.e. “block” seemed to us unfair, and i got rid of it, & now the ping was working. but it made a sense that anybody can enter my network.
so, i applied again by asking settings of this rule from my friend. it added as last rule as it was before, but after adding this time, Comodo behaved differently. It wasnot letting me even logon to hamachi, pinging was also lost.

fidling around, didn’t solved my problem. so i uninstalled comodo, and did reinstalled to get all default rules.
and now Hamachi can log into the server., but haven’t tried yet to ping my friend’s pc.

so you can see i am pretty new to these rules, it would be good if you can put a tutorial.

please consider the following:
system os :winxp sp2 pro
user: administrators
net: at my end adsl & my friend’s cable
requirement: Comodo to provide all access on Hamachi virtual connection between me & my friend’s ip only, and on all ports, both tcp & udp.

& most important : after everything is done, I need to communicate my friend via Hamachi (i.e. VPN) on port 7788, so this port should be forwarded in both directions to my friend only.

version: Comodo latest & Hamachi also latest (infact downloaded them yesterday)

thanks heaps.

Little_Mac · June 28, 2007, 1:53pm

welcome to the forums, somethingnew!

I responded to your PM, and will post here as well.

Try this post:

https://forums.comodo.com/help/hamachi_fails_after_installing_cpf-t788.0.html;msg5711#msg5711

These will go in Network Monitor; they need to be at the top of the list (positions Rule ID 0 & 1). As Trench notes, Hamachi is sort of its own “virtual” network; and it needs to be defined as such within CFP’s network rules. These two rules will allow all traffic to & from Hamachi’s interface.

Once that’s working, you can try changing the “Any” IP to your friend’s IP (and your friend changing it to yours) on the “In” rule to limit the access.

Your Application Rules should be fine for that part of it. Once you have the Network rules in place, you might not even need to have Hamachi defined as a “trusted” application; you could always try it and see, but I’d get the Network Rules working first.

And yes, you need that Block & Log All rule in place; that is your safety net. However, it MUST be the last rule (the bottom position), as the rules filter from the top downward. If it’s not at the bottom, it will be blocking anything that comes below it; you can click on that rule and then use the Move button to get to the bottom.

LM

gordon · June 28, 2007, 2:02pm

note that the default Comodo Network Monitor rules do not allow ECHO_REPLY
therefore you will never return a ping with a pong EVEN if the nodes
are in fact connectible (over other protocol(s)) …

Little_Mac · June 28, 2007, 2:20pm

It will with those two network rules (as in the linked post) which make the Hamachi interface a Zone & then define that as a Trusted Network. Since the rules Allow IP (rather than limiting to TCP/UDP/etc), they allow the various subsets to occur as well. Pinging should not be an issue with that type of setup.

LM

bokkibear · June 30, 2007, 3:50pm

I’m having some odd problems with Hamachi too - I’ve set it up as a trusted zone, so the network monitor is happy, but the application monitor is blocking DHCP requests from svchost.exe when Hamachi tries to start up. The weird thing is that I have the following rule in the application monitor:

Allow all activities for svchost.exe, including invisible connections.

Yet still the logs show the following block:

Date Created: 16:44:41 30-06-2007
Date/Time :2007-06-30 16:44:32
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (svchost.exe:5.0.0.1:  :dhcp(68))
Application: C:\WINDOWS\system32\svchost.exe
Parent: C:\WINDOWS\system32\services.exe
Protocol: UDP In
Destination: 5.0.0.1::dhcp(68)

When I turn off the application monitor, everything works fine. Can anyone explain why this might be happening?

Little_Mac · July 2, 2007, 2:50pm

bokkibear,

Is the application monitor rule for svchost.exe set as In/Out, or just Out? It will need to be both.

Also, you might try a reboot, if you haven’t already done so.

If you’ve done these and it’s still blocked, remove that rule from appmon, and reboot. Any alerts you get for svchost.exe, Allow with Remember, to reset the rule.

LM

bokkibear · July 2, 2007, 11:29pm

Thanks for replying. I think I’ve got it to work OK now, probably thanks to the reboot.

Little_Mac · July 3, 2007, 1:56pm

No problem; hopefully the reboot did the trick. If not, just let us know…

LM