fw: howto allow dhcp?

petterg · June 16, 2007, 1:59pm

I installed Comodo firewall on my laptop a few days ago and I’m starting to love it. Except when I bring my laptop around.
When I first installed Comodo fw I was at my parents house. It installed fine, worked fine.

Then I got home, and could not get an IP address. Neigther on wireless or wired network. Even when selecting “Allow all” Comodo kept on blocking DHCP. So I uninstalled it. Then DHCP worked. So I installed Comodo again and DHCP still worked.

Now I brought my laptop to the office - same problem. Comodo has to be uninstalled in order for DHCP to work.
Now, back home I’m blocked from the DHCP again.

If I set static IP I get network access. It’s just the DHCP part that makes trouble.

Does anyone know what to do about this?

sysinfo:
Comodo Version: 2.4.18.184
Connection: LAN
OS: WinXP, SP2
Logging on as: Administrator
Apps installed: I even run into this with a clean XP install - no apps installed, just the NIC driver.

petterg · June 17, 2007, 8:38pm

Am I the only with this problem?

wodow · June 18, 2007, 11:15am

I just looked up something similar at https://forums.comodo.com/help/comodo_firewall_block_my_pc_when_repair_renew_ip-t9872.0.html

Add the network monitor rules

Action : ALLOW
Protocol : UDP
Direction : IN
Source IP : 192.168.1.1
Destination IP : ANY
Source Port : 67
Destination Port : 68

Action : ALLOW
Protocol : UDP
Direction : OUT
Source IP : ANY
Destination IP : 192.168.1.1
Source Port : 68

but use your DHCP server’s IP address instead of “192.168.1.1” in the above (or use an IP range). Maybe play with the IN/OUT settings in these rules too.

Wodow

petterg · June 19, 2007, 7:50pm

Thank you,

this seems to work:

Action : ALLOW
Protocol : TCP/UDP
Direction : IN/OUT
Source IP : ANY
Destination IP : ANY
Source Port : 67-68
Destination Port : 67-68

Little_Mac · June 19, 2007, 8:07pm

No, you’re not the only one, petterg. Sorry it took so long for someone to respond; we do try to make contact within 24 hours of each post, but sometimes it gets away from us. We’re all pretty much volunteers…

The DHCP lease & renewal can be a confusing thing, in my experience/opinion.

Your computer will always use its local port 67 to send traffic/communication to the DHCP server (which said server will receive this traffic on its local port 68).

When traffic is coming back from the DHCP server (which will use its local port 68 to send, as well), it will be incoming on your computer’s local port 67 (the same place it originated).

Sometimes, if there are difficulties, it is because of the way the whole process goes; it may utilize a broadcast address outside of the given normal range.

Thus, it may be better (from a security standpoint) to create two rules, similar to what wodow posted, something like this:

Action: Allow
Protocol: UDP (it will only be UDP)
Direction: Out
Source IP: Any
Dest. IP: Any
Source Port: 67
Dest. Port: 68

Action: Allow
Protocol: UDP
Direction: In
Source IP: Your DHCP Server’s IP address
Dest IP: Any
Source Port: 68
Dest. Port: 67

For the inbound connection aspect of it, the DHCP server’s IP should remain constant; on the initial outbound, you may notice address fluctuation until the lease is established. This is why the outbound rule has “Any” for the Source and Destination IP, but the DHCP server IP as the Source IP on the Inbound rule.

Hope that helps,

LM