Home Network Issue [RESOLVED]

Hi All, I’m new to CPF and I have one issue I can’t seem to resolve. I have dial up (yea I know) and use a Ethernet hub to connect to my other computers on my network with WinXP on 2 computers and WinME on the 3rd. Everything works fine until I have to reboot my host computer, after reboot in order for my other 2 computers to connect I have to run the Network Setup Wizzard, then everything is fine again until I reboot. How can I resolve this issue?

Thanks in advance, James

Have you added your subnet as a trusted zone?

Do you know if it is CPF that is that is blocking? You can tell by selecting Allow all and then pinging one of your other machines. If that works, you just need to setup your subnet as a trusted zone.

If not, your problem is elsewhere. If you have to run the network wizard on your host, do you have to do the same on the other 2 machines? Does your host have a fixed IP or have you left it as dynamic?

Just a few things for you to test before anyone can give you a clear decisive answer.

James,

In addition to what Rucia has mentioned about creating a Zone to encompass your computers and setting that as Trusted in the Network Monitor, there is something else to add…

If you are using ICS (Internet Connection Sharing) from your host machine, you will need to create a network rule allowing IGMP (multicasting protocol) across that Trusted Zone/Network, as ICS apparently requires it (perhaps on Port 2…). Again as Rucia mentioned, the Logs in CPF will show what is being blocked, when, and how.

And yes, you will need to do the trusted zone on each of the computers that has CPF installed.

Hope that helps,

LM

PS: I wasn’t clear if you are using ICS, since you mentioned a “Host” machine, so I thought I’d bring that up…

Hey Thanks Rucia & Little Mac for the fast replies and sorry for the long delay for I had to go out of town.

I repair computers as a hobby but this Network Rules thing is still new to me so I guess I’m a Network Rules DUMMY! In the past I’ve used Zone Alarm and Kerio which seemed easier for me to set up and just hook my Ethernet cable to any computer and presto I had Internet.

Just to make sure there wasn’t anything on my computer causing the problem I uninstalled CPF, rebooted my system and turned on Windows firewall and I had internet connection to all my other computers. I then installed Kerio and still had connection to all computers. I then uninstalled Kerio, rebooted and still had connection. I then reinstalled CPF and ran the “Trusted Network Zone Wizard” and no connection to my other computers until I ran the “Windows Network Setup Wizard”.

I ran the Windows “Set up a home or a small office network” which is the “Network Connection Wizard” which I do believe is ICS on My Host computer (WinXP Home) and setup in my Local Area Connections - Internet Protocal (TCP/IP) Properties to use the following IP address: 192.168.0.1 and Subnet Mask: 255.255.255.0. My client computers are setup to obtain the addresses automatically, which has worked fine in the past with the other firewalls.

After I installed CPF I ran the “Trusted Network Zone Wizard” which created 2 new rules:

Rule #0
IP Out:
ALLOW IP OUT FROM IP [Any] TO IP ZONE : [Realtek RTL8139 Family PCI Fast Ethernet NIC -
Packet Scheduler Miniport] - 192.168.0.0/192.168.0.255 TO IP [Any] WHERE IPPROTO IS ANY

Rule #1
IP In:
ALLOW : [Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler
Miniport] - 192.168.0.0/192.168.0.255 TO IP [Any] WHERE IPPROTO IS ANY

During the CPF wizard process it never asked me for the “Subnet Mask” so I’m assuming I need to do so but as hard as I’m trying to understand how to do these rules… I’ve searched the forums and even It’s still just Greek to me at the moment!

If this is the case can you please give me detailed instructions?

Thanks, James

You shouldn’t need to set the subnet mask for CPF, James. The two network rules allow traffic between the two computers.

Yes, Network Rules are new to many people, as most firewalls don’t seem to have separate rules. If an application is allowed, it’s allowed, period. Turns out, most firewalls have a much lower level of security than CPF… ;D

Here’s a little explanation of how CPF rules work:

Everything communicates in the context of the Network Rules. The Network Rules filter from the top down; if traffic is not explicitly allowed In or Out, it will be stopped by the bottom block rule (meaning, there has to be a rule prior to the bottom block rule, that specifically addresses the type of traffic, in order for it to be allowed). On the inverse side, traffic is blocked either explicitly or implicitly (meaning, a “block” rule will specifically mention a type of traffic - explicit, or it will be blocked because it hasn’t been specifically allowed - implicit). Example: Let’s say you do not have a Net Rule to allow IGMP (multicast) protocol traffic. Windows Messenger tries to use IGMP to access the net. CPF filters through the rules, but cannot find IGMP allowed; thus, it is implicitly blocked by the “Block Any” rule at the bottom. Let’s say you wanted to easily identify IGMP traffic, so you create a Block IGMP rule above the bottom rule. Now CPF will explicitly block IGMP traffic.

This brings us to the next area - Application Rules. The Application Monitor contains Applications which are allowed (or blocked) from connecting. Even if we allow an Application to connect, it does so within the context of the Network Rules. So, to use our Messenger example from above, we may allow Messenger within the App Monitor. Then, it tries to use IGMP protocol, which is not allowed by our Network Rules. The connection will be blocked. Even tho Messenger is allowed, IGMP is not. Another aspect of the App Rules is that Comodo allows you to identify a “Parent” application; such a your browser using explorer.exe as its Parent; kind of like your browser using another core application to actually connect with. Thus, you may need multiple rules for one application. For example, Firefox (as a browser) may have a rule with firefox.exe as both Application and Parent; it may have a second rule with firefox.exe as the App and explorer.exe as the Parent. Make sense?

Final area - Component Monitor. Component Monitor loads all “components” - .dll files, etc that are used by an Application, and verifies their authenticity and relationship to the application. These components are not what is connecting to the net; when they are marked as “allowed” it is so that the application can use them as it connects to the net. Sometimes these components are shared resources between different applications. If an application updates, it may cause this “library” of components to change, and cause a popup alert (whereby you can view and approve these components directly).

I hope that’s not an overload of information for you; my intent is to help you get a better understanding of CPF, since it is so different from other firewalls.

I wasn’t sure from your last post, is your connection working now?

If not, the logs in CPF will hold the key to what is being blocked, and we’ll need to take a look at those.

LM

Cool LM!

That sure filled the blanks i had on rules and stuff. I hadn’t thoroughly thought through the implicit and explicit rule scenario.

Thanks

You’re welcome, Rucia. I just hope that poor James’ brain is still intact after that influx of information… ;D

LM

Hey Thanks Little Mac for the great explanation of the rules, and even though my brain is Swelling & Throbbing… it’s making sense on the rule functions. Now for the IGMP… That’s where you went right over my head but I’ve researched it some and know it stands for “Internet Group Management Protocol” and ICMP is “Internet Control Message Protocol”, but I’m afraid I’m going to need further research before I can make complete sense of it.

BTW… maybe you should have that posted to the FAQ’s, I didn’t see anything in there that explained it quite that well.

Now back to my problem… Yes my connections to my other computers work just fine using CPF after I run the “Windows Network Setup Wizard”. Now if I restart my computer, that’s when my connections to my other computers fail. I’ve checked my other computers IP’s and they are in the IP range I setup in CPF (i.e. 192.168.0.xxx) and in order to restore connection to my other computers I must run the “Windows Network Setup Wizard”.

Below is a Screenshot of my “Logs” and my “Network Control Rules”, hopefully it’ll shed some light about my problem.

http://pcjames.net/images/2007-01-15_210314.png

Ok the above log file is the time immeditaly after I rebooted and trying to get a web page on one of my other computers. I do know that the IP addy 216.77.198.2 is my isp but I don’t see anything here that’s blocking my other computers.

http://pcjames.net/images/2007-01-15_214053.png

Thanks again for all your help, James

I’m also attaching my logs.log file as logs.txt below.

[attachment deleted by admin]

James,

You don’t need to worry about IGMP at this point; I merely used that as an example. If it turns out we need to address that, we will.

Here’s what I need at this point:

  1. Do you have CPF only on the “host” computer, or on others as well?
  2. If different, what firewalls do you have on the other computers?
  3. Let’s do this for CPF’s log:
    a. Right-click an entry, select “Log Events” and uncheck Component Monitor (this will reduce the file)
    b. Right-click, select “Export to HTML” and save it as an HTML file (ie, “Logfile.html”)
    c. Open the HTML file in your browser, re-save as a text file (ie, “Logfile.txt”) - this saves it as text, in the same format as the HTML version; it’s easier to read through that way… :wink:
    d. Attach the new text file to your post
  4. Is the IP address of your ethernet hub within the range you have set for your NIC card? (you can find all the info by going to Start/Run, type in “cmd” then at the prompt, type “ipconfig /all”; make sure everything is within that range).

In your response , you can simply reference the item number and give your answer (in other words, you don’t need to requote the question…).

This will give a better idea of what’s going on, and hopefully provide a resolution…

LM

It’s there now, tnx for the suggestion. Should’ve thought of it myself; guess I’m too busy explaining it… :wink:

LM

ok LM here’s the info!

  1. The host computer runs WinXP Home and CPF.

  2. Client #1 runs WinXP Pro with Windows firewall, client#2 runs WinME and Kerio, Clients 3,4 & 5 varies depending on if I have a computer(s) to work on.

  3. View Log file http://pcjames.net/comodo/logfile.html

  4. My ethernet hub is actually a Ethernet Switch with auto-MDI/MDIX crossover detection function and provides plug and play capability. But anyways here’s the info

http://pcjames.net/comodo/2007-01-16_230828.png

Sorry about the delay, James

James,

I’m going to get someone with better knowledge of this sort of thing to interact here, to better help you. I think we’ve just passed my proverbial “pay grade.” (:WIN)

However, here’s what I see:

  1. At the time of your post, the default gateway for your PPP adapter seems to be where the problem lies. Your log is full of Inbound Network Monitor violations, where the destination IP address is that default gateway. A lot of them are within the same IP range as that gateway, and some are in the IP range of the DNS server, which I presume to be your ISP.

If I understand correctly, the PPP adapter is what is creating your dialup connection. The problem here is that per your post just prior to the most recent, the block was occuring on a different IP address, but would appear from your screenshot to be the same thing.

  1. Did you set up the ICS (run the network wizard) on each of the other (client) computers, as well? I think this may be necessary to have them know to route to the host computer.

  2. If you do the start/run then cmd then ipconfig /all on each of the client computers, are your results the same? (PS: You can edit out the IP addresses if you like; just leave enough to identify if they’re in the same range…)

  3. If you select “Allow All” for the security setting on CPF (from the Summary page of the GUI, or the systray icon context menu), do the other computers connect without needing to re-run the Windows Network Wizard? If not, what if you close CPF (systray icon, context menu, choose “Exit” and follow the prompts); do they connect then, without re-running the Windows Network Wizard?

  4. Also, from your first post, when you said you had to re-run that Wizard, is that just on the host computer, or the clients?

That’s it for now, from me. I’m going to get a (:KWL) brainchild in here…

LM

Hey James,

Assuming that the PC that connectes to your ISP is called “machine 1” and the other XP PC that is on the network permanently is called “machine 2”:

Can you please run IPCONFIG /ALL on machines 1 and 2 before you have rebooted machine 1 and lost the internet connection and record the details from both machines. Then, without rebooting machine 2, test that you have indeed lost the internet connection on machine 2 and, if so, run IPCONFIG /ALL on that machine a second time and record the details.

I just want to see what is changing because of the reboot so we can nut down the number of things we have to check.

Cheers,
Ewen :slight_smile:

This may help - I had the same problem over the past two days - I loaded CPF on my primary pc running XP Pro - the secondary pc on my home net is running XP Home. I could setup a trusted network but I could never connect the second PC to the Internet - no problem with the local network, just no IP. I finally removed the protocols for NWlink IPX/SPX… and NW Netbeui - rebooted, reloaded CPF, I also made sure that my browser and other apps that I want to access the internet are allowed (I manually loaded them as allowed). The second PC is running WFW (On) - Both now connect to the Internet.

I have not tried to load IGMP and the NWlink protcol - it may work, but right now everything is OK.

Windows for Workgroups???

Windows Fire Wall “Turned (ON)” been a Loooong time since WFW 3.11 …javascript:void(0);
Wink

(:LGH) (:LGH) (:LGH) (:LGH)

Ewen :slight_smile:

Hello All,

I had a CPF update Friday and I installed it and seems my issue has magically disappeared. I rebooted machine #1 numinous times and everything seems to be just fine! I suppose the update had a fix in it.

Anyways I’d like to Thank Little Mac for your great explanation of the rules and also for all the help trying to resolve my issue and also to Rucia, who made the 1st response.

Panic… sorry you didn’t get the chance to work your magic!

I’d also like to Thank Comodo for such a fine product and the extraordinary support. I’ve never received this kind of support for paid products much less for the great price of FREE!

If I should ever have any problems, I know where to come… you guys have been great!

James

Hey James,

Glad to hear the issues resolved itself.

I’ve got to echo your thanks to Little Mac and Rucia for their responses. While they didn’t get the opportunity to nail the problem on the head, their answers were both logical and informative.

Great answers guys!

Cheers,
Ewen :slight_smile:

Great, James, I’m glad that’s working now…

I, too, am sorry that Ewen didn’t get a chance to work his magic… I’d like to see that process with your situation. Oh, well…

So, is your CPF now version 2.4…?

LM