Conflict with Eclipse [RESOLVED]

Hi guys,

I have conflict between Eclipse and CPF 3.
I have installed module Remote Systems in my Eclipse IDE, which is used as a internal FTP client (not only as a FTp, but I use it for FTP communication).
But CPF 3 blocks any communication of this module (resp. of Eclipse) with any external server and even doesn’t log any problem or ask for a permit.
I have set Eclipse as a trusted application, but it doesn’t help.
When I disable CPF, it also doesn’t help, helps only uninstall of CPF.

So I have moved to ZoneAlarm and I have met the same problem.
But ZoneAlarm gave me a following response:

ZoneAlarm has blocked access to port 1603 on your computer ... Source IP Address - 88.86.104.10 Source Port - 20 Destination IP - 10.0.0.xxx Destination Port - 1603 TCP Flags - SYN Transport Layer Protocol - TCP Network Layer Protocol - IP Link Layer Protocol - Ethernet Program Name - eclipse.exe File Name - eclipse.exe ...

Unfortunately free version of ZoneAlarm doesn’t allow user to set specific configuration, so I moved back to CPF 3 trying to allow mentioned communication, but without any successful result.

Could please help me to set the right rules to unblock this communication?
Thanks for any help!

Lukas

Hi guys,

still no idea, how to solve my problem?

Thanks!

Lukas

Hi lukin,something you could try.
Set the Firewall to “Custom” policy.
Put Firewall/Advanced/Firewall Behaviour Settings/Alert Settings and move the slider to Very high.
Fire up Eclipse and see if you get a pop up.It may be a starting point!

Matty

Hi Matty,

thanks for you reply.

I have set the settings as you have recommended me.
But still nothing has changed and no alert has appeared yet.

Only what I can see is increasing number of intrusion attempts on the first Summary tab in the block Network Defense.
But I’m not able to find out how the communication looks like and how to permit it.

Any other idea?
Thanks!

Lukas

Have a look at Firewall/View firewall events to see what is being blocked.What do you have in Global rules.

In my View Firewall Events I’ve got nothing, it’s absolutely empty.

In my Global Rules I’ve got following:
Allow All Outgoing Requests If The Target Is In [Internet Home]
Allow All Incoming Requests If The Sender Is In [Internet Home]
Block and Log ICMP In From IP Any To IP Any Where ICMP Message Is ECHO REQUEST

So logs are empty but you can see intusion attempts in the main summary window.Check to see if logging is enabled in Miscellaneous/Settings/Logging.
Perhaps you could try manually adding eclipse.exe in Network Security/Application rules.Choose add/select find eclipse and then give it the predefined policy “ftp client”

Long shot but anything in Defence+ logs?Maybe try removing all referances to eclipse in D+ and application rules to see if anything happens.

Hopefully someone with knowledge of eclipse will stumble accross this,i`ll ask some of the other Mods.

Matty

In my logging settings I’ve got unchecked options Disable Firewall logging and Disable Defense+ logging.
And delete file if it exceeds size of 2MB and create new one.
So it should by activated, I hope.

I have also Eclipse in Application Rules and it’s set as Trusted Application.
And I have temporarily disabled Defense+.

Interesting thing is, that helps only uninstall of CPF for solving this problem, not just disabling of firewall.

Thanks again for a help!

You need to allow inbound connections from port 20 for active ftp and can use the firewall rules for ftp client for eclipse application rules. I have also seen a couple of reports that required the user to allow incoming tcp from port 20 in Windows System Applications for certain clients.

I’ve set for Eclipse built-in FTP Client profile and it also doesn’t work.
Should I set anything more?

Couldn’t be a problem in the incoming communication?
I think that Eclipse FTP module uses for incoming communication random free port, as I have described at the beginning of discussion.
But why CPF doesn’t ask me for a permit or even doesn’t log it?

What cfp3 version are you using? FTP client rules ends with a block and log, so it something else was necessary you would get a log. Also, are you using any kind of proxy program, such as an AV. Another thing to do is to allow active ftp in your Windows operating system rules and end those rules and the application ruleset with a block and log all to see if eclipse is asking for anything else to be allowed.

I’ve got COMODO Firewall Pro 3.0.25.378 .

And I don’t use any proxy SW, at least I don’t know about that :slight_smile:
I’ve got only ESET NOD32 Antivirus and Spy Sweeper, if there’s possible any conflict…

You’ve mentioned Windows rules settings, could you be please more concrete?
This setting is realized in the Application rules tab, right?
How the rules should look like?
And what application in the list are these rules concerned in? “System”?

Thanks!

Hi Lukin,

Are you using Nod v3,if so it looks like it does act as a proxy.https://forums.comodo.com/help_for_v3/nod32_proxy_issue-t17504.0.html;msg119639#msg119639This topic may be of some help.
Do you have “enable alerts for loopback connections” checked in Firewall/Advanced/Firewall behaviour settings/Alert settings.
The application rule is ekrn.exe by the look of it(sorry i don`t use nod 32) maybe as a test you could try giving it the ftp rule to see what happens.What rule do you have for it?

Matty

Hi Matty,

thanks for the link!
It’s interesting discussion and it looks like that the problem is on my NOD32 side…
But I"m not sure, if I have understood everything and what to do now…
Is this solution - https://forums.comodo.com/help_for_v3/nod32_proxy_issue-t17504.0.html;msg121390#msg121390 - what I should try? Or some another way?

According to your questions:

  • I’ve got NOD32 3.0.657.0
  • all alert settings at CPF I’ve got checked

I have assigned FTP rules to ekrn.exe, as you have mentioned, but still without any change :frowning:

Lukas

Hallo lukin,

I guess I won’t be much of help as I don’t have Eclipse and I guess that installing it would be out of question.

Anyway I would like to suggest you to confirm that disabling CFP firewall is able to workaround this issue.

This way it would be possible to know if there is a ruleset issue or there is some sort of software conflict.

Does Eclipse use FTP, Passive FTP or Extended Passive FTP?

Do you connect to the internet via a NATting router?

Plain old FTP from behind a firewall is a nightmare and plain old FTP from behind a NATting router is, AFAIK, an impossibility.

Ewen :slight_smile:

Hi guys,

I found the problem and solution, but now I feel like a absolute-newbie (:SHY)

I have come through the settings of Remote Systems component in Eclipse and I have found some additional settings for every connection.
The problem was that there was set false to passive FTP and when I activated passive FTP, everything has gone fine.

I don’t understand why active FTP couldn’t be processed though, but I’m glad, it’s OK now :slight_smile:

Thanks again all of you for your help!

Lukas

Glad you found it. Direct FTP simply isn’t possible because the server will attempt to initiate a sesion on a port number determined by the server. The client (your PC) can’t acknowledge the inbound request because the forewall has blocked it. The only way around this is to enable all ports inbound, which defeats the purpose of the firewall. :wink:

Cheers,
Ewen :slight_smile: