Help me get this CUSTOM firewall working.

filthycat · July 30, 2009, 11:09am

This is wierd request for a custom firewalll just know I need it to do this…

I use a VPN. I need it to restrict internet access when VPN disconnects. Internet should only be allowed when I am on the VPN. This are the instructions I have been following for customizing my firewall to do so…

Download Comodo Firewall + Antivirus from http://www.comodo.com/home/download/download.php?prod=firewall
Install it as FIREWALL only, not Firewall+Defense, if you have the option. Also decline the Antivirus install.

Uncheck the Leak Protection box if it is there

Uncheck the options for installing the following 3 options of their addons (these may change slightly depending on the

Comodo SafeSurf/Toolbar

Default search provider

Homepage

Uncheck System scan for Malware
Finish the installation.

Restart when propted.

Click OK for any Network Zones it finds.

Connect to the VPN. Accept default Allow options for OpenVPN.

This will also create a new network Zone that comodo will prompt you for. Make note of the network number (“Local Area Connection #X”)

Click on the Firewall tab, then on Advanced
Click on Network Security Policy

Click on the Global tab

Create the first rule

Everything is default settings except what I specify below
Description “Allow VPN”
On the DESTINATION tab, click on Single IP, put in 72.5x.14x.xxx
Click Apply

Next rule

Description “Allow Tun”
On the SOURCE tab, click on Zone, put in the Zone that related to the VPN network you made note of earlier
Click Apply

Next rule

Description “Allow Network”
On the DESTINATION tab, put in IP Range. Assuming you have a major brand router, put in 192.168.0.1 in the first box, and 192.168.255.255 in the second box. If you have changed your home network settings on your router to an alternate range, put that in.
Click Apply

Last rule

Action BLOCK
Description “Block All”
Click Apply

Make sure the red BLOCK rule is the lowest on the list. Select it and click “Move Down” if it is not.

This should complete the configuration of the firewall. Test it by connecting to the VPN and making sure you can access the internet, then disconnect from the VPN and make sure it restricts your internet access. If you wish to disable the firewall for a period of time you can right-click on the tray icon, go to Firewall security level, and click on Disabled.

Unfortunately this is not working. Any advice on getting this to work would very much be appreciated. I need the internet to be completely restricted when I am disconnected from the VPN. If anyone is capable of helping please either post here, AIM me at jerry4553 or pm me and help me get this set up. I would be willing to compensate if you can get this for me and teach me how to do it in case my computer needs reformatting. FWIW, I have windows vista.

Thanks!

system · July 30, 2009, 12:02pm

Welcome to the forum filthycat.

In theory it may be quite straight forward, however, that will depend on certain conditions.

To provide any assistance, you’ll need to provide some additional information:

How s the VPN established, is it with your ISP or some other way.
Which applications do you need to use once the VPN is established.

filthycat · July 30, 2009, 12:13pm

1.) its not through ISP, its purchased monthly from a third service provider that has servers elsewhere. The program is called openvpn.exe

2.) with the vpn on I want to be able to have internet available to every application…firefox, i.explorer and then a few select programs I have that require internet when in use. When i disconnect from the vpn whether its on purpose or accident I need the firewall to immediatly shut off internet to EVERYTHING. So unless I am connected to the VPN internet can not be accessed. This is absolutely crucial.

Again, I would love to get this solved asap. If anyone here can help me knock this out, I can compensate.

system · July 30, 2009, 12:55pm

From what I understand about openvpn, you’ll need to establish and Internet connection before you can create the VPN. Because of this, there’s not really an easy solution I can think of.

You will have to maintain firewall rules for the applications you wish to use, and I can’t think of a way to make them work only through the VPN.

This simplest way would be to right click on the CIS icon in the system tray and select Block All from the firewall menu, once you disconnect.

filthycat · July 30, 2009, 1:46pm

I want all apllications to access internet when on VPN.
I want no applications to acess internet when not on VPN.
If VPN is to disconnect I want it to automatically shut off internet so applications receiving internet so they fail to work.
I.e.- you are streaming a video on youtube while on VPN. The vpn server goes down (occasionally happens) instead of it continuing to stream via non vpn internet I need it to stop. I cant risk my true IP being revealed to whatever processes I have opened.

Right now I just got firewall to work when on VPN. It doesnt let me receive any INTERNET when VPN shuts off…perfect! But when VPN is on it is not letting me access firefox/internet explorer but funny enough I can still log onto AIM/mirc (progs that require internet).

So I just need to find a way for my web browser to stop getting blocked (while on vpn)? There is an easy solution to this right?

filthycat · July 30, 2009, 2:30pm

so basically I got it all fixed. Except my webbrowswer (firefox/internet explorer) are being blocked now. Other internet programs can still connect/work. How can I make exceptions for these?

filthycat · July 31, 2009, 12:35am

still havent figured out why firefox/i.e. are blocked now? Anyone know how to make an exception for these two programs when VPN is on.