I have encountered a problem with Internet Connection Sharing using Intel My WiFi Technology.
The first PC (my laptop - Windows 7 32bit + latest CIS 4) is conneced to the internet via cable and is configured for internet sharing via Intel My WiFi Technology.
The second PC (friend´s laptop - Windows 7 64bit + CIS 3.14) want´s to connect to the internet via my laptop.
On both PC´s is the network configured with Stealth Port Wizard.
The problem is that, that Internet Connection Sharing works only when firewall in CIS 4 is disabled. Nothing other doesn´t work (second PC is permanently blocked by my firewall and almost no logs are created). I tried to put firewall to the training mode but there were no alerts even if I set the alert level to Very High. It´s strange because firewall in CIS 3.14 is set to safe mode and everything works fine.
How shall I set up firewall in CIS 4 to make this work flawlessly?
I have no experience with ICS, but I noticed something that may help…
Training mode is described as such: “Application traffic initiated by any application is learned.”
By this logic, even in Training Mode, a global rule blocking incoming traffic will prevent Training Mode from creating an application rule allowing incoming traffic.
Have you tried training mode with all global rules removed/disabled/set to allow?
You may also want to check what blocking network rules you have setup for svchost.exe, as training mode doesn’t seem to override application rules that already exist.
“System” is not a file group, and thus is a ‘thing’ independent of svchost. I’m assuming svchost is included in either the “all applications” group or the “windows updater applications” group, as it doesn’t itself appear on the list. Furthermore, I’m assuming it’s in the “all applications” group because training mode would have otherwise created inbound rules for the “windows updater applications” group. Meanwhile, inbound rules are blocked for “all applications.” This would block svchost from accepting inbound connections, which I’m assuming are essential for Internet Connection Sharing.
Export your current configuration and save it somewhere. Delete all application and global rules and set the firewall to training mode.
(As this puts your computers at a security risk, I would recommend not doing much web surfing while in training mode.)
Im not sure, if I have understand you, but in global rules, there are all request enabled. And I think when there is once all, that means ALL. (picture)
PS: I need this sharing only for today for few hours, but for the future, I´ll be glad if someone will tell me and to the others how to setup the firewall correctly.
PS2: I have the second problem with the firewall when I´m using DC++. Firewall is set like in the manual in this forum for CIS 3.x by Pandlouk (I´m not sure right now if this is his name), where all was working fine. But in CIS 4.x, searching is not working… Strange 88)
What do you mean when you say the “Stealth Port Wizard for this zone is configured too”? The Stealth Port Wizard does not configure to any specific zones. It creates a set of global rules.
Well, I mean, that with Stealth Port Network Wizard, I have made a trusted network zone, so all connections should be allowed. But the firewall was still blocking the second pc from connection to the internet…
I don´t know where I can see if this computer is ICS server in comodo… 88)
In Intel MyWifi IP range is from 192.168.16.2 to 255.255.255.0 and for the shared network connection there was IP range from 192.168.137.1 to to 255.255.255.0 (set automatically by the Intel application), so this should be ok, I think.
And of course I can show you the screenshot ;D
PS: What means Type(3) etc. in the firewall log? Is somewhere explained what means these rules “Type(x)”, because I have many of them in the log, and I´d like to know what does it mean. Thanks for you help :-TU
Go to Firewall → Advanced → Firewall Behaviour Settings -->Alert Settings
In Intel MyWifi IP range is from 192.168.16.2 to 255.255.255.0 and for the shared network connection there was IP range from 192.168.137.1 to to 255.255.255.0 (set automatically by the Intel application), so this should be ok, I think.
And of course I can show you the screenshot ;D
The logs show that IP traffic from 192.168.137.237 is being blocked on port UDP 53. That is traffic for DNS requests.
On your own computer you need to edit the rule for svchost.exe to allow incoming traffic on UDP port 53. Edit the rule and add the following:
Action: Allow
Protocol: UDP
Direction: In
Description: Allow DNS traffic for ICS
Source Address: Zone (choose the wifi network)
Destination Address: Zone (choose the other local network)
Source Port: Any
Destination Port: 53
When done look at the rule of svchost.exe. If there is a block rule (red icon) at the bottom make sure the new rule is somewhere above it.
Now try again.
PS: What means Type(3) etc. in the firewall log? Is somewhere explained what means these rules "Type(x)", because I have many of them in the log, and I´d like to know what does it mean. Thanks for you help :-TU
That is ICMP traffic. Read more about it in this Wikipedia article: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol .
I´ll try your manual later and if I´ll have the opportunity to share my internet connection again, I´ll tell you if it is working. It seems that it should work. Thanks again for your help. :-TU