Firewall issues using ICS and Network Bridge

Hi.

I have a problem using ICS configuration and Comodo Firewall together.

I have a main PC with Internet connection, which I want to share to 2 other PCs which are directly connected to the main PC

To share the Internet to two connections (two other PCs) at the same time, I need to create Network Bridge between them, and then Share Internet connection with this Bridge.

I set up this configuration under Windows Firewall, prior to installing COMODO, and everything worked good. Every PC sees every other PC, file and printer sharing possible, internet connectivity is available for all the three. All Good.

Then, when I install the COMODO Firewall with DNS server, and on default settings (“Safe” protection level, ICS box enabled), after installation I have no Internet access on the both PCs (which are on Bridged connection). Only the main PC have Internet access. Also, no PC can see no other PC (though the Network Bridge is defined as trusted network in COMODO, with visibility Enabled).

Another critical problem, is that once the COMODO installed, “System” process uses full CPU (actually 25%, but it is full 2 logic cores on 8-threaded i7, which is plenty), and svchost.exe uses full RAM (which is 6GB) and continues to Page File.
If Comodo removed OR one of the 2 PCs removed from network bridge OR “Block All” selected in firewall protection level, then the CPU usage returns to normal.

How can I make this configuration work with comodo firewall? (I also can use normal ICS without Bridge for one of the PCs with no problems under comodo firewall)
The whole configuration worked before OK, but I want better firewall, and I need Network Bridge, since it is the only way to make ICS work for two PCs…

Any of you guys have any previous experience with it? Any ideas?

System Specs (Edit:):
Windows 7 Ultimate x64, Intel i7 920 CPU, 6GB RAM 1600MHz, GA-x58A-UD5 Motherboard w/ Dual Gigabit LAN onboard plus 100mbit Intel Ethernet PCI Card, nVidia 275 GTX GPU.

Thanks. Any help appreciated.

-AndreyD

Can you explain how the three PCs are connected to one another and how you’ve created the bridge?

Thanks.

The Network scheme is in attached picture.

Here is my progress so far - I removed the firewall, and started all from the scratch. Created the bridge, and then installed the firewall with all default settings, without “proactive protection config”. And i got it working!!

The only thing is that I’ve done some tests on firewall, and it reports that I have several open ports (which I didn’t allowed manually, it was auto selected to allow by firewall).
I tried the “port stealth wizzard” to block ports with exception of my network bridge. But no change occured.

I have ports 135, 139, 445 opened. Which i think is not good. I hesitate to raise the security level abovethe current (“safe”), because probably this is what caused the network blocks for internet sharing to PCs before. Are these ports necessary to be open for my configuration to work? Or I can stealth them? And if so, the how?

-Thanks

[attachment deleted by admin]

Can you show the Firewall logs as well as Global Rules and your rule for System in Application Rules?

When you see blocks for UDP ports 67 and 68 please follow No network connection after using Stealth Ports Wizard (DHCP Broken) and see if that helps to get internet access for your computers.

Here is port test result:

GRC Port Authority Report created on UTC: 2011-12-25 at 21:28:33
Results from scan of ports: 0-1055
10 Ports Open
0 Ports Closed
1046 Ports Stealth

1056 Ports Tested
NO PORTS were found to be CLOSED.
Ports found to be OPEN were: 80, 135, 139, 443, 445, 1025, 1026,
1027, 1028, 1032
Other than what is listed above, all ports are STEALTH.
TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

The Firewall Log is actually empty (in View Firewall Events), though firewall logging is enabled in preferences.

The Rules are in the attachments:
(Home #1 is the Bridge address; Home #2 is VirtualBox adapter for VM. Stealth port wizard was run to stealth all but for Home 1 and Home 2 networks )

[attachment deleted by admin]

?

The reason the ports are showing as open is because there appears to be nothing between you and the Internet and the firewall has not been configured to prevent unsolicited inbound connections. Basically, you have exposed ports, listening for inbound connections and when you run a scan like Shields-up, it will find those exposed ports.

To prevent this you need to create a rule to block all unsolicited inbound connections. The easiest way to to this is to run Stealth Ports Wizard with the third option:

Block all incoming connections and make my ports stealth for everyone

However, if you do this you will more than likely break ICS. To counter this, you need to add an Application rule for svchost.exe that allows inbound connections from the bridged PCs. Outbound connections for svchost are already catered for by the Windows System Applications firewall rule. The rule you need to create would look something like the following:

Application Name - svchost.exe
Action - Allow
Protocol - IP
Direction - In
Source Address - The address block used by your ICS connection (192.168.137.x/255.255.255.0 maybe)
Destination Address - Any or use the MAC address of the ICS gateway
IP Details - Any

Adding this rule allows for such things as DNS, DHCP etc.

Thank you, Radaghast, for the reply, I will try this when I get back home, and let you know the results.

It’s been a long time since last post, but I just want to say, that the solution worked perfectly!
Thank you all very much for the assistance!

• AndreyD

Thanks for letting us know, I’m glad we could help