After installing Comodo, it asked for private network. I checked the option for file sharing. Then it showed first ask dialog with 192.168.1.1:137. Ofc I allowed this port. Everything was ok, till… I blocked incoming connection from some random Internet IP at port 137. The rule that was added by Comodo blocked also LAN traffic. The rule was: System → block all in / out. form any MAC at port 137.
Dear Comodo users - this is ALL that causes file sharing inabilities in your LAN after firewall setup (if it worked fine before). It is natural (by human that knows what firewall is for) to block LAN scanning (NetBios) from random Internet IP. I thought it wouldn’t block all trafic on port 137. Oh, BTW the global rule for allowing all LAN traffic simply doesn’t work in this case. Block rule > allow rule.
where 192.168.1.1 is your router gateway.
The way it works is to block all traffic on ports 137 to 139 except these in LAN (192.168.1.1 - 192.168.1.255 in this case).
I don’t really get this… I can’t get sharing to work securely. All my pc’s are windows 7.
computer 1 is 192.168.0.3
computer 2 is 192.168.0.4
computer 3 is 192.168.0.5
my default gateways are 192.168.0.1 and 192.168.0.2 but i have the computers setup on 192.168.0.1
Topology wise all 3 are routing through 192.168.0.2 before they get to 192.168.0.1 since 192.168.0.1 controls dhcp and is where the internet is being hosted.
I want to share between them all without any access to them from the internet.
I can’t see any of the computers showing up from netbios nor can any of these computers communicate with eachother.
Can you tell me exactly how I need to setup comodo firewall for them all to communicate locally while blocking out all other computers and anyone on the internet?
I’m not hijacking this topic. I’m trying to do what he is explaining. What I don’t quit get is why would we want to check mark “Exclude” our default gateway from the rule?
What it sounds like is were are excluding the default gateway/ subnet from the rule which would be the same as not entering it at all but rather blocking tcp/udp on ports 137 and 139.
If you look closely at the original posters picture, you’ll see that he is setting up a BLOCK rule, not an ALLOW rule and this is why he is also using the EXCLUDE option.
His rule BLOCKS TCP inbound and outbound from all addresses EXCLUDING 192.168.1.1.
I would have built the rule slightly differently.
Firstly, define a ZONE that describes your internal IP addresses, including your gateway
Then define a rule as follows;
Action : BLOCK
Protocol : TCP
Direction : IN
Description : Whatever you want to call it
Exclude : ENABLE
Type : NETWORK ZONE
Zone : ZONE NAME AS DEFINED ABOVE
The EXCLUDE option is invaluable if you need to define a rule that allows traffic only from a range of addresses.
I love Comodo Firewall and it’s been literally a LIFE SAVER! I wasn’t dialed into my Network Administration background for years because I thought people didn’t care. I was so so wrong, people do care and they are like a persistent fly! No matter how many time you swat them away them keep coming back.
I swear now that I’ve dialed in my rules to the max I have linux box intrusions as well as other servers or local people trying to connect to my computer daily. Thousands of intrusions for instance.
Anyway yeah I setup my Network zone range for all my pc’s 192.168.0.3 - 192.168.0.5 which are my 3 computers I’m sharing with.
Globally I’m blocking IP in/out any on ICMP, ICMPv6, IGMP and that alone has increased my security a lot!
I’m also blocking TCP/UDP my destination gateways 192.168.0.1 and 192.168.0.2 ports 137 through 445. As well as those same gateways on port 0-65535. Not sure if that block ports is creating issues but so far everything works and haven’t had a single issue. I also noticed my computers seem to wanna connect to 192.168.0.255 which I’m not entirely sure what it’s doing there. So I blocked TCP/UDP in/out globally on destination 192.168.0.255 and haven’t had an issue.
There are so many variables and loop holes within networks which offers a thousand different ways a hacker can get into my systems.
Comodo Firewall has secured my network to the Pinnacle of perfection!
Assuming your router is 192.168.0.1 I would expand your network zone to include it.
I'm also blocking TCP/UDP my destination gateways 192.168.0.1 and 192.168.0.2 ports 137 through 445. As well as those same gateways on port 0-65535. Not sure if that block ports is creating issues but so far everything works and haven't had a single issue.
See above - you really should include your gateways internal addresses (192.168.0.1 and 192.169.0.2).
I also noticed my computers seem to wanna connect to 192.168.0.255 which I'm not entirely sure what it's doing there. So I blocked TCP/UDP in/out globally on destination 192.168.0.255 and haven't had an issue.
192.168.0.255 is a local LAN broadcast address. This address should be allowed.
Since 192.168.X.X addresses are private and cannot traverse the internet, I generally define my home network as a zone from 192.168.0.1 to 192.168.0.255 (inclusive). This ensures that all device on the interior of your LAN can freely communicate with all the other devices.
Comodo Firewall has secured my network to the Pinnacle of perfection!
No security is perfect. CIS will get you as close as possible, but human error will trump intelligence 5 ways to Sunday.
Thanks I don’t use Comodo Internet Security since it created more issues than it solved. I installed it and every time I restarted it would be like CIS is corrupted and had to completely uninstall. So I said ■■■■■ CIS and went back to the roots of Comodo - Firewall with defense+ standalone. It works about 20 times better and haven’t had an issue. I like the old interface a lot more than the dummed down new interface.
Anyway 192.168.0.255 wanted to connect to the internet and when sharing i’d get connects to the internet going out from 192.168.0.3 my pc to 192.168.0.1 the internet. Only while sharing files and doing file sharing internally. I don’t want any possibility of people being able to hijack my network or even log usage within local “system” sharing. So I blocked it and haven’t had even a single issue sharing between all my computers.
I don’t like to allow my gateways access on “system” because the gateway is the internet. So basically I’d be allowing internet hackers a possible chance to do whatever it is they do. So I blocked the 192.168.0.255 and my gateways 192.168.0.1 and 192.168.0.2 and everything works flawlessy so allowing those IP’s is not required and in my opinion creates a security vulnerability.
I’m being attacked by numerous Linux based intrusions of different levels via sql etc. Someone I know locally is messing with me since he knows im a network administrator and he’s trying to out smart me.
There’s no chance of that occuring but he did catch me by surprise when I wasn’t buckled down there was more than a huge amount of malicious activity occuring from his linux machine/ net servers to my entire network. This guy does internet website/ network security as well. Comodo firewall has an almost unlimited potential availability of ways to secure the network and secure it in ways to prevent vulnerability and thats what I do.
Let’s get one thing straight - if an IP address that starts with 192.168 is communicating another IP address that also starts with 192.168 then it is not internet traffic - it is only internal LAN traffic - even if one of those addresses is 192.168…0.255!!! Addresses starting with 192.168 are classed as a private address and are non-routable across the internet. If a router somewhere on the internet is sent a packet with a source address of 192.168 then that router will absolutely drop the packet without notification. That’s not me saying this, it is the defined standard.
I don't like to allow my gateways access on "system" because the gateway is the internet. So basically I'd be allowing internet hackers a possible chance to do whatever it is they do. So I blocked the 192.168.0.255 and my gateways 192.168.0.1 and 192.168.0.2 and everything works flawlessy so allowing those IP's is not required and in my opinion creates a security vulnerability.
Your gateway is your router and your router has TWO IP address - one publicly facing towards the internet and the other inward facing towards your LAN. This is how you can access it from your LAN using the address 192.168.0.1 but if you use something like GRC’s Ports UP utility to do a port scan you will see it scans against your public IP, and NOT the 192.168.0.1 address.
Similarly, this is why when you set up uTorrent, to achieve maximum download upload speed, you have to set up a port forwarding rule on your gateway to the internal IP address of the system running uTorrent.
I'm being attacked by numerous Linux based intrusions of different levels via sql etc. Someone I know locally is messing with me since he knows im a network administrator and he's trying to out smart me.
Then I’d harden up your router. Assuming this other person isn’t in your room and internally connected to your gateway, his point of access is your gateway and you need to learn and harden your router.
I just don’t think you know how I have my network/ networked computers setup because that’s incorrect about 192.x.x.x are only internal. If you setup your pc’s static ip address dns server to 192.168.0.1, the computer will send traffic “OUT” to the “INTERNET” via 192.168.0.1.
Yeah I locked down our routers which are cisco with all security options enabled.
my pc’s dns servers are 192.168.0.1 so each computer uses 192.168.0.1 as a dns to get on the internet. The router does the routing required on its end to get the traffic online.
So Comodo see’s my gateway/dns server as an internal address, since it has no idea what my real actual dns server is because my router routes that traffic accordingly on it’s own. That’s unless Comodo was smart enough to do it’s own traceroute and determine the actual dns server.
If I setup my dns servers to the actual numbers it wouldnt be ideal because they change and are dynamic. If it was that way COMODO would see my traffic source as my 192.168.0.3 to say 206.199.44.100. Instead COMODO takes my static ip configuration and presents it outright as it is. It should show traffic going out from 192.168.0.3 to 192.168.0.1… Which LOOKS like it’s internal but it isn’t it’s external because again my DNS Server is 192.168.0.1…
So the 192.168.0.1 is in FACT GOING TO THE INTERNET.
Please refer to section 1.1.2 - I don’t need to know how your network is set up - 192.168.X.X is a private address and is non-routable across the internet.
It’s not just me saying it. If it’s on the internet, it must be true. 88) ;D
Because your router is doing DNS forwarding. Your outbound requests are received at the routers internal IP address, bridged to the external address and forwarded outwards to the internet. The outbound packet will have a destination port of 53 (marking it as a DNS request) where it will be picked up by the next hop - your ISPs DNS server.
Your home router obviously does not contain the entire name resolution table for the internet, it’s sending your requests somewhere else and, unless you have explicitly nominated an open DNS service (like Comodo, Google or Nortons open DNS services), it will be picked up by the first available DNS resolver service (your ISP).
That’s cool I was just explaining that any traffic in comodo designated by 192.168.0.1 because comodo right away had a message saying “system” wanted access to the internet as destination 192.168.0.1 and it say the source ip was 192.168.0.3 and it wanted to connect to the internet.
