firewall blocking sites, cant figure out why.

Hello, Im back again with another question. Comodo events is showing some sites being blocked, but I dont know why, so am posting some screenshots of events and rules in the hopes someone can spot what is blocking me. Some of the events seem to be showing me blocking me, but I also seem to be blocking yahoo, but not always, which is the weird thing. Thanks for your time, Techdunce :slight_smile:

[attachment deleted by admin]

Can you tell us a bit more about your network? ADSL or cable? Router present?

Does this only happen with FF? What happens when you set FF to the standard browser policy? What happens when using IE?

Try moving the block “Block IP In from IP Any to IP Any where protocol is IGMP” to the bottom and see what happens.

Hello, Im on a standalone pc, not networked, with a wireless router.
Does this only happen with firefox? Well, no, but I hardly use IE for anything, and most of the blocks that are logged in there are happening in the background, except I can say for sure, that I was trying to access yahoo mail, and that is the logged events concerning the IP address 98.xxx etc.
Moved the rule you mention “Block IP In from IP Any to IP Any where protocol is IGMP”, Will have to wait and see on that, as, I can actually access yahoo, its just getting blocked and logged occassionally. Also, what is all that other activity, I seem to be blocking alot of traffic from pc to router, or am I guessing wrong. Anyway, thanks for the reply, really appreciate the help. Its late here and Im knackered, will definitely catch up later,Techdunce :slight_smile:

It looks like Firefox rules are set to a Web browser predefined policy variant.

This result in the blocked traffic for outgoing TCP on port 53 (dest router) and 843 (dest Internet).

are there some sites that have a trailing :843 in the url (eg http://www.site.com:843) ?

The reason for asking about IE is to determine whether it is browser related or not. Please try IE on affected websites.

Moved the rule you mention "Block IP In from IP Any to IP Any where protocol is IGMP", Will have to wait and see on that, as, I can actually access yahoo, its just getting blocked and logged occassionally.
Please try as the change of behaviour or the lack thereof may be a clue.
Also, what is all that other activity, I seem to be blocking alot of traffic from pc to router, or am I guessing wrong. Anyway, thanks for the reply, really appreciate the help. Its late here and Im knackered, will definitely catch up later,Techdunce :)
You are right about the router traffic. Sleep well for now.

Hello again, and thanks for your replies. Endymion, I honestly cant answer your question as I have no way of knowing, and cant access the link you provided, sorry.
ErichJH, I know I said I dont use IE for much, but I also said “no”, its not a browser issue, but I cant replicate or re-produce the behaviour at will either, its not a hard and fast rule, sometimes sites are blocked, and other times not, thats the most annoying thing about it >:(
Here’s a screenshot of events this morning. Pc has just been fired up, accessed homepage and this site with Firefox, when I read responses, I tried to access Endymion’s link with Firefox, and IE. Any other activity is a mystery to me :-\ Thanks again for your time with this, its really appreciated, Techdunce :slight_smile:

[attachment deleted by admin]

Hello td, Still having these problems :frowning:

You said you were going to speak to your ISP?

The problems still seem to be with that strange destination port of 843, which as I said before, is really not usual.

I also see that your DNS requests (port 53) are being blocked, by what I think, is your router. If it can’t find the right number it’s not going to connect…

I still think your your router might be a problem. Is there anyway you can ‘hard wire’ your connection for a test or three?

Hello Quill, what your saying about DNS on port 53 makes some sense to me, I did (earlier) make a new rule to allow TCP out on port 53, didnt change behaviour though, so removed it, and I know what your going to say, its already covered in Browser custom rule, but just wanted to try it. ISP, who Ive been in contact with, are being a bit vague, they say there were some issues, but nothing to do with them, and all sorted now anyway ??? Im still trying to figure out just what that actually means ;D Lastly, if you mean connect to Router with Ethernet cable, thats just too much of an “inftastructor” problem, but I’ll try and get hold of a laptop, I gave mine to my sister when I built this machine and she lives well out of reach, except when she needs a laptop ;D :smiley: Can you post your testing ideas, just in case I do get something sorted. Big thanks again, Techdunce :slight_smile:

ok, just try this as a test:

Open the properties for your network adapter.

Select Networking, then TCP/IPV4.
Select Properties
Changer the radio button from automatic to use the following…
Enter:

156.154.70.22
156.154.71.22

These are Comodo’s Secure DNS servers and this is just a test, to change back back, just choose auto.

Create a rule for svchost.exe and make it outbound only.

Try an connect…

I’d still really like to see a hard wired connection test as opposed to your wireless router, just to check…

Hello Quill, I cant find the settings you mention anywhere, maybe Im going a bit punchy at this stage. My wireless cards properties contain no TCP/IPV4 option, or even “networking”. My router has nothing like that either, nor anything in “control panel/network connections”. Your gonna have to run that by me again please, thanks again

No worries :slight_smile: find the option you use to connect to the net. maybe you have a ‘connect to’ in your start menu. If not, open Control panel, find Network Connections and then find the one that connects you to the net, Click on that and do the properties thing I mentioned above…

Is this what you meant Quill, this killed my connection altogether, please confirm Im in the right place, thanks again, Techdunce :slight_smile:

[attachment deleted by admin]

That’s the place, not saying this will work, but its an interesting test :slight_smile:

Ok Quill, I already had an outgoing rule for svchose.exe, and when I changed the DNS settings earlier it killed my connection, but gave it another go, and am still connected, can also surf here and there, no bother, but as I said before, this is not a problem I can re-produce at will, its intermittent, but persistently so. So if there’s anything else you might want me to try, then let me know. I gotta get busy with some non pc related stuff, but will definitely post back wih results/performance of new settings, Im thinking its ok to leave em for a while? Thanks again, very grateful for your assistance (and patiance ;D ) Techdunce :slight_smile:

Hello again. My connection is proving to be very unstable after trying the new DNS server, worked for a while, but then drops out, returns instantly when I revert back to auto. Any ideas why that is, or does that tell you anything new. Thanks again, Techdunce :slight_smile:

EDIT: Im wondering, does this new configuration need to be added to my router aswell?

This does not need to be configured in your router.

Do you know what websites you are trying to connect to when the block happens? Do you use FF extensions that may generate this traffic? Do you use some kind of ad blocker program (Ad Block Plus Extension f.e.)? Do you use a tool like Peer Guardian or Protowall?

Do you use a hosts file blocklist of some sort? Can you check your hosts file to see if mentioned IP’s get blocked?

The IP’s you are experiencing problems with in your previous topic are from Yahoo:

OrgName: Yahoo! Inc. OrgID: YHOO Address: 701 First Ave City: Sunnyvale StateProv: CA PostalCode: 94089 Country: US

NetRange: 98.136.0.0 - 98.139.255.255
CIDR: 98.136.0.0/14
NetName: A-YAHOO-US9
NetHandle: NET-98-136-0-0-1
Parent: NET-98-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2007-12-07
Updated: 2009-05-18


The IP’s that are logged in this topic are from a hosting company called Hostway:

OrgName: Hostway Corporation OrgID: HSWY Address: 1 N. State St. City: Chicago StateProv: IL PostalCode: 60602 Country: US

NetRange: 66.113.128.0 - 66.113.255.255
CIDR: 66.113.128.0/17
NetName: HOSTWAY
NetHandle: NET-66-113-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS.SITEPROTECT.COM
NameServer: NS2.SITEPROTECT.COM
Comment:
RegDate: 2001-04-25
Updated: 2002-02-19

Hello ErichJH, I do use Adblock plus in Firefox, but turning it on or off makes no difference to site access(or not :frowning: ) There is one website Im constantly blocked fromm, but others are totally random, eg: If Im downloading files from say, rapidshare, I might get the first one and then lose connectivity to that site, or any site I might go to regularly, acess one minute, none the next. As you say, Ive brought this up before, but the main reason I came back here, was because of the event log yesterday, which showed a block on yahoo, that I was trying to access. Am also concerned about all the blocks in events, most of which are in the background and go unnoticed. Thanks again for help, Techdunce :slight_smile:

When you get a drop out, could you try pinging the router or perhaps a site on the other side. I’d just like to see if you are loosing all connectivity of if it’s something specific.

Open a command prompt (have it open ready) and type ping (your router address) also ping www.yahoo.com

Hello Quill, haven had a “dropout” yet, but Ive only just fired up the machine, but I can tell you, when it happens, its only connectivity to some sites, not a complete loss of internet access, example: I might not be able to get onto rapidshare, or ebay, but can still get to google or somewhere’s else. I wasnt 100% convinced that this is down to the Firewall, but posted when I saw the block in events (screenshot in first post in this thread) but, when a dropout happens next, I’ll ping the router and some other site and post back. But Im guessing, if this really were the Firewall causing this, it would happen a bit more constantly wouldnt it. Thanks again, Techdunce :slight_smile:

Hello again. Been having lots of trouble accessing this site for quite a while tonight, was busy with other things, but have just now started browsing, and probably the worst its been yet. Pinging my router timed out, but pinging google was ok. Lots of trouble with browsing in general, not just one or two sites, but lots, but the connection was still up for, again google, yahoo, and some others. Here’s a look at events. Thanks again, Techdunce :slight_smile:

[attachment deleted by admin]