Help with CFW please [Resolved]

Hi

Hoping someone can help with a problem I have with CFW.

I use a program called Echolink (a little like SKYPE but for Amateur Radio), now I can get the program to open up but there is a list of operators (nodes) and when I try to connect CFW refuses to let me, although the program has been allowed.

Each of the ‘nodes’ do have different IP addresses, so I was wondering what settings I need to implement, so as to allow the connections.

I suffered the same problems with Kerio, which is why I moved to ZA (which worked OK) but I much prefer CFW, if I could just get the settings sorted.

Thanks
Astro
(V) (B)

I would suggest looking in your logs to see if anything is being blocked. By default, CPF (Network Monitor) will block all incoming connections unless you add a rule manually. CPF (Nework Monitor) allows all outbound connections by default but you should then be prompted via an Application Monitor rule. I haven’t used Echolink myself, so I’m not sure how it works but I would check your logs for clues.

:slight_smile:

Hi Graham

Nothing in logs.

The actual program (Echolink) opens up OK, but how the program works (or simply what it does), it lists hundreds of ‘nodes’, these are operators from around the world who have a permanant internet connection, which is in turn connected to a VHF or UHF transmitter.

To ‘open’ the transmitter I have to connect to the IP address of the ‘node’, once connected I can make a call, using my PC microphone, this causes Echolink (via a small box connected between the PC and the transmitter, to 'open the VHF or UHF ‘Radio’, which means that anyone in range of the station, who is tuned to the frequency will be able to speak to me and vice versa.

The firewall does not give any log message (Kerio did not either), it just causes the connection to the node to ‘Time Out’, hence the program becomes useless.

It’s as though the IP addresses are blocked by CFW but it does not tell you so.

Astro

Well I created a rule manually but still no joy.

I would hate to have to go back to ZA, but the only way I can use Echolink is to ‘Allow All’ on CFW and this is something I do not want to do.

Any of the techie’s out there want to solve my problem? (:WIN)

Astro

Hi,

Lets see if this helps.

Go to the program in the Application monitor click the program, then click Edit, in the Window that comes up with the rule settings click the circle that says allow all activities for this application, then check the following boxes, Allow Invisible Connection Attemps, and Skip Advanced Security Checks.

Justin…

You are the man (:CLP) (:HUG)

Everything is working fine, just wish I was a little more knowledgeable when it comes to things like this.

Thanks a MILLION (:KWL)

Astro (:NRD)

(B) (L) (R) (V)

My pleasure Astro, glad I could assist you! :smiley:

I will go ahead and mark this issue as Resolved`:-)

Hi guys,
Same problem with EchoLink and Comodo. Tried all the solutions mentioned here but it doesn’t work. I have gone back to Outpost several times when I absolutely had to have EchoLink working and I might have to again. But I’ll keep trying. The firewall is great!
tim

Tim,

Do you have any log entries in CFP? Activity/Logs. You’re looking for entries when you try to run EchoLink, showing blocked/stopped items. They’ll be either for Network Monitor or Application Monitor.

You can right-click an entry, and select “Export to HTML.” Save the file, reopen it, and cut/paste as text into your post.

If you don’t seem to have anything, we can also force the issue. We’ll do a little “find the bunny” hunt with our handy-dandy direction finder… Go to Security/Advanced/Miscellaneous. Move Alert Frequency slider to High. Click OK. Reboot. (note: While you’re in there, make sure the top box is checked, “Enable Alerts.”)

At this point you will get popup alerts for everything that happens, each IP address, each Port, each direction of traffic, type of traffic, etc, for every application. You want to make sure you allow any svchost.exe, or you’ll lose your internet connection (but you don’t have to “Remember” so as not to create a bunch of extra rules; just click fast - pretend you’re trying for your Extra Class license with the 20 wpm code test, hihi).

When you get any alerts for EchoLink, “Remember” and Allow. That will create rules for you in the Application Monitor. If you’re still blocked after that, make sure that bottom Block All In & Out rule in the Network Monitor is set to Log (“Create an alert if this rule is fired”). If it’s not, it won’t log diddly.

LM

Hi Little Mac,
Thanks for taking the time to reply. Sorry I’m late with it. Had to uninstall it to run a net using EchoLink last week and just reinstalled today to continue wity troubleshooting. Just before generating this log, I cleared them all and restarted CFP. This is a fresh log entry gathered when firing up EchoLink. Not sure what NetBeui (highlighted) is doing in there. Didn’t know it was used.
-tim

Date Created: 22:00:34 10-02-2007

Log Scope:: Today

Date/Time :2007-02-10 22:00:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 22:00:12
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 22:00:07
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.106, Port = nbdgram(138))
Protocol: UDP Incoming
Source: 192.168.1.106:nbdgram(138)
Destination: 192.168.1.255:nbdgram(138)
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 22:00:02
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:52
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:42
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:32
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:32
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5198)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5198
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:25
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5198)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5198
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:20
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:20
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5198)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5198
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:15
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5199)
Protocol: UDP Incoming
Source: 68.178.202.110:5199
Destination: 192.168.1.102:5199
Reason: Network Control Rule ID = 5

Date/Time :2007-02-10 21:59:15
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 68.178.202.110, Port = 5198)
Protocol: UDP Incoming
Source: 68.178.202.110:5198
Destination: 192.168.1.102:5198
Reason: Network Control Rule ID = 5

End of The Report

Tim,

Looks like the nbdgram(138) alert is probably coming from a router… the 192.x.x.x IP address matching up to yours looks like an internal deal… I get those myself from time to time, as it’s blocked by default.

On the EchoLink, looks like all your violations are related to the 68.178.202.110 IP. I can see that’s a GoDaddy address, it’s a secure server, but other than that I don’t know what’s on it… Is this the “host” that you’re connecting to with EL?

It also looks like everything’s coming in on port 5199 or 5198. Which makes me wonder if EL has a port -specification setting in it? Given what little I understand about EL, it reminds me in some ways of a torrent application and something like Skype; perhaps you have to enable some specific inbound traffic.

Scratch that, and check out this link: Firewall Solutions

EchoLink requires that your router or firewall allow inbound and outbound UDP to destination ports 5198 and 5199, and outbound TCP to port 5200. Source ports are dynamically assigned. If you are using a home-network router, you will also need to configure the router to "forward" UDP ports 5198 and 5199 to the PC on which EchoLink is running.
    This can be summarized as:

    Allow UDP (source port any, destination ports 5198-5199) from Internet to PC
    Allow UDP (source port any, destination ports 5198-5199) from PC to Internet
    Allow TCP (source port any, destination port 5200) from PC to Internet

The information above applies to every situation, regardless of the type of equipment and software you are using.  If the information below does not help you solve the problem, please consult your equipment's documentation, or contact the manufacturer for support, and provide them with the information above.

Note: If you are using Internet security software and have recently upgraded to a newer version of EchoLink, you may need to re-apply the special security settings you had established earlier.</blockquote>

Based on your log entries for CFP, and EL’s Support/FAQ page, this should resolve your problem. You’ll create an inbound rule in the Network Monitor, as such:

Allow. UDP. In. Source IP: Any. Destination IP: Any (or your computer’s IP). Source Port: Any. Destination Port: A set of Ports: 5198,5199 (no space after the comma). OK. Reboot.

You shouldn’t need to specifically allow outbound UDP on those ports, as long as you have the default network rules (which you’ll see one set to Allow. TCP/UDP Out. Any, Any, Any, Any). If you’ve changed that, then you may need to, but doesn’t look like you have any alerts for Outbound in the log, so that’s probably not an issue.

If you want to tighten things up a bit, in Application Monitor, on Rule for EL, you can select to add that Destination Port 5200.

Let me know how that works for you.

LM

Hi Little Mac,

Yes, I have followed the EL directions for firewalls for several years and CFW is the only one that has not worked (out of just about any you can name - I have played with almost all of them at some point). I use it for the Linksys router/firewall as well.

I set up things as you said but got the same results. It sends data without any problem and can see stations that are on (so something is coming in). But when I try to connect to the test server, it times out waiting for a response.

I also looked up that IP address a few days ago and was surprised to see the GoDaddy info, but it’s possible that the owner info is masked. (I think)?

I have to run a weekly net on Mondays and will have uninstall CFW again, but I’ll be back to try again.

Thanks for your help!
tim

Have you try to disable the feautre “Do protocoll analysis”?

GoDaddy’s just the Registrar/registered site owner; my guess is that it’s probably a webhosting site/server.

You shouldn’t have to uninstall CFP for your net; moving the Security Level to Allow All should do it for you.

Will you open your Network Monitor to full screen, and capture a screenshot. Save it as a jpeg, and attach to your post under Additional Options.

TNX,

LM

Hi LM,

In the past, “Allow All” did not work. But something has changed and it does let EL work. (A major milestone)!

Here is the screen shot you requested.

BTW- Windows and the program files run off Drive E on this machine. Just FYI.

Thanks again!
tim

[attachment deleted by admin]

Well, Tim, I think we may have bunnied it out, here… A little direction-finding works wonders… :wink:

Rule ID 6 (your EL rule) CANNOT be below that Block & Log All rule; it is getting blocked!

Move the EL rule UP the “food chain;” I’d put it right below your top rule (which will make it Rule ID 1).

Reason on that is, CFP’s Network Monitor rules filter from the top down. Traffic (whether In or Out) will either be explicitly allowed, explicitly blocked, or implicitly blocked. The bottom Block All rule is an implicit block on everything not already allowed; it’s your safety net. Thus, anything you want to Allow must come before that in priority.

So move that up, reboot, and see what you get.

LM

LM! It works!
I honestly hadn’t considered the order in which rules are applied (which is why, despite playing with all those firewalls, I am not an expert).
Thanks very much for your patience and understanding.
tim (the CFW banner will stay on my web site forever) :BNC

Great news, Tim! Glad it works for you now… (:CLP)

I apologize; I should have checked your rules before. I KNOW that very well. I guess my brain was running QRP.

If you have any more questions/problems, just let us know…

73,

LM