How To - Understanding & Creating Network Control Rules properly

system · January 16, 2007, 2:35am

m0ng0d,

How did you get Comodo to display that? And couldn’t there be a default setting to keep that last blocked rule at the bottom?

m0ng0d · January 16, 2007, 2:49am

For each rule you highlight, it puts the Details at the bottom… highlight each rule taking a screenshot, then used paint to merge the parts I wanted.

That might be a handy feature if there was only one way to add rules. I always use the right-click to create rules where I want them… by

Adding above, or
Adding below

No need to move rules around if you put them exactly where you want them on creation.

(V)

[attachment deleted by admin]

system · January 16, 2007, 5:11am

Ok, I compared, the first screenshot. I have 2-5. However, 0 and 1 aren’t there. Are they needed?

m0ng0d · January 16, 2007, 5:22am

not unless you are on a network/Router/LAN

system · January 16, 2007, 8:17am

Ok, this may have caused a problem.

I had a router last week, and it burned up. Is it possible that the firewall was blocking the router and therefore overworking it somehow? Since other devices hooked up to the power strip were running fine, I just assumed the router gave out.

I am not sure on the difference between network and LAN. I have a DSL connection, so I don’t know the extent of how much of a network I am on. I did have 2-3 computers hooked up at one time to the router until last week.

Right now, it’s a direction connection from this computer to my ISP box.

panic · January 16, 2007, 8:57am

I couldn’t imagine the conditions under which a software firewall could physically break a hardware router. I really can’t. I’m not saying it’s impossible, just that I can’t see how it could.

I am not sure on the difference between network and LAN. I have a DSL connection, so I don't know the extent of how much of a network I am on. I did have 2-3 computers hooked up at one time to the router until last week.

Network = A collection of devices that are connected together for the purposes fo sharing resources (storage, printers, etc.)

LAN = Local Area Network- a network of connected devices within a locally defined area.

WAN = Wide Area Network - as above but over a greater distance or between two separate locations

Right now, it's a direction connection from this computer to my ISP box.

Which I assume is an ADSL modem.

If the other PCs are no longer connected to your current PC (because of the dead router), the only network your are on is the network between your current PC and your ISP. As such, rules 0 and 1, that normally relate to a LAN environment) are not required, but they can be left in place for when you replace the router.

Hope this helps,
Ewen
[/quote]

Rotty · January 16, 2007, 9:58am

Increased traffic to any device can increase it’s running temperature. For a home network device the temperature difference would be very minimal if any at all and it would have to be enough to exceed the recommended running temp. Since most routers are in air-conditioned homes it is unlikely that excess traffic could cause a router to fail and if it did, it was likely to fail anyway at a time not to far in the future.

For a CPU, could limit it’s life span if it was under pressure 24/7 because of the fan and that most CPU’s fans use a washer and oil, not a ball bearing and oil (Is more expensive to implement and has the capability to last 15-30 years. (Consumers generally want cheap equipment that is unreliable so it is a needed downside to computers).

m0ng0d · January 16, 2007, 1:22pm

Does the “fall of the router” coincide with the install of CPF? If so, your router may be fine. (unless the lights don’t blink anymore… then it’s burnt)

Your router would have acted as your DHCP server (giving your PC an IP address) and gateway (communication vessel to the internet). If the trusted zone wizard was not run, the router would not be trusted, and would seem to fail to do it’s job.

system · January 16, 2007, 1:49pm

Ok, so if I do have to put 0 and 1 in, I am trying to find out what range to use. So, for now, I went to the network connections. I looked at what the IP address was, rounded the last number down to .00

Then, I looked at the dafault gateway address, and rounding up, used that as a limit. I don’t know if this is too wide of a range or not. Is there a better way? How do I find the correct range?

As for the router, it was lit for a while. I went to the bathroom, came back and the white plastic casing was smoking. Then, I never saw it light up

I did get the cheapest I-O data router I could get, so maybe it was ready to go. However, it didn’t last a year which surprised me.

AOwL · January 16, 2007, 3:25pm

I bought the cheapest model… twice… and they both burned up…
Then I bought a more expensive one, and it runs very smooth… ;D

system · January 16, 2007, 8:47pm

How long did each last? More or less than a year?

AOwL · January 16, 2007, 9:17pm

Less than a year…

m0ng0d · January 17, 2007, 2:05am

Let CPF make these…

Go to the Security tab
Click the Tasks section
Click the Add/Remove/Modify a Zone link… you should see an entry here that was created at CPF install… if not, add one… if you do, just close this window
Click the Define a new Trusted Zone link… in the window, click next… then select the Zone in the dropdown (next)… then click finished
You now have rules 0 & 1 in my screenshot

More often than not… we get what we paid for (:SHY)

henryg · January 17, 2007, 8:36am

What are the implications of having a combined router/adsl modem, as I can’t put the two elements in different zones. Or do I just not understand any of this stuff? :

Henry

panic · January 17, 2007, 11:08am

With a combined router/modem, you can pretty much forget the modem side of things, providing the router is passing the correct details to the modem and it is connecting to your ISP correctly.

The router contains two network cards, one facing outwards to the internet/ISP and the other facing inwards to your LAN. The only one we need to worry about is the inward facing one, as this is the one that picks up the outbound data requests from the LAN and forwards incoming replies to the LAN. This NIC would typically have an address like 192.168.1.1, or 192.168.1.254, 10.0.0.1 or 10.1.1.1 or similar. The default address should be in your routers documentation, or if you have changed the default address, you should know it.

When you create a zone, you only need to include the IP address allocated to the inward facing NIC. The outward facing NIC should NEVER be included in a zone, unless you have specific reasoins for doing so.

Hope this helps,
Ewen

henryg · January 17, 2007, 11:20am

Ewen

Thanks, that’s a really big help :■■■■

I never realised there were two nics in a router/modem, although I should have been able to work it out. And to answer my own question, clearly I don’t know anything about this stuff!

panic · January 17, 2007, 12:11pm

Hey Henry,

The smartest man is the one that knows how much he doesn’t know.
The only dumb question is the one that never gets asked.

Keep the questions coming, that’s how we all learn.

Cheers,
Ewen

system · January 17, 2007, 5:37pm

Very useful info for all of us. (:CLP)

cpic · February 11, 2007, 9:10pm

Hi!
I´m trying to understand ip banning with network control rules, and met this questions:

??? If you allow an ip belonging to your lan to connect, does it means that somebody from outside your lan with the same ip can connect too? (trough a firewall router)
??? ??? Is it posible to access to a computer of your lan without leaving him acces to you?

Thanks

panic · February 11, 2007, 9:49pm

Providing you use the IP address ranges of 192.168.1.1 -192.168.255.253 or 172.16.1.1-172.16.128.253 on your LANPCs, you will beOK, as they are private addresses and are non-routable across the internet.

Cheers,
Ewen