Firewall blocking networkdrive

Comodo Internet Security - CIS Firewall Help - CIS
1

After some time searching in this forum and google, I taked the step registration and posting the question directly on this forum.

I have troubles mapping my networkdrive.
If I disable the firewall I manage to map the networkdrive, and can browse to the drive through Windows Explorer. If I enable the firewall I receive a 53 message (of the networkdrive assistant) when I try to map and if I mapped the drive (firewall disabled) I can see the drive but receive a cannot find networkpad message in Windows Explorer when the firewal is enabled.

I am aware that the networkdrive is using a set of ports, so I entered this list into the firewall: http://www.synology.com/support/faq_show.php?q_id=299
as is explained how to do so in Comodo > firewall > network security policy > global rules:
http://portforward.com/english/routers/firewalling/Comodo/ComodoFirewall/Synology_DS210j.htm

OS of pc: Windows XP SP3 (set tot static IP)
Comodo 5.5.195786.1383
Networkdrive Synology DS211J V3.1-1613 (set to static IP)

Any suggestions?

2

It looks like port 137,138,139 are causing the problem.
When the firewall is enabled, and I try to map a drive,a new entry in the Firewall Event log is created:
{IP adres of pc} port 138 to {IP adres of NAS} port 138 with protocol UDP, direction out is blocked.

This is strange since I created a Global Rule:
Allow
TCP or UDP
Destination Port:137,138,139
Source port: 137,138,139
Direction in/out

3

When you’re creating rules for outbound communication, you should use Application rules, in this case, you need to allow create rules for the System process that allows outbound communication for the NetBIOS ports (137, 138 and 139) over TCP and UDP. The easiest way to do this is by using the Stealth Ports wizard, specifically, the first option. You can of course create the rule manually.

4

Thanks Radaghast, it works!

The day before Yesterday I already tried to set up stealth ports, but without success for my NAS, so I created rules manually.

So for inbound communication I have to use Global Rules (because there is no Application specified), and for outbound Application Rules?
What confused me is that there is a in/out direction option in the Global Rules.

5

Good to hear :slight_smile:

The day before Yesterday I already tried to set up stealth ports, but without success for my NAS, so I created rules manually.

If you choose the first option under Stealth Ports Wizard, it creates two Application rules for the System process and two Global rules. The rules simply allow IP in and out on from and to your LAN.

So for inbound communication I have to use Global Rules (because there is no Application specified), and for outbound Application Rules? What confused me is that there is a in/out direction option in the Global Rules.

Application rules and Global rules work slightly differently. Application rules provide control for individual processes, whereas Global rules provide control over ports and protocols. For the most part, depending on which security configuration you’re using, and whether you’re running a server process, such as a web server or a p2p client, you don’t need to create inbound Application or Global rules.