Inbound Policy violation on a trusted network ?????

In my log, I get a lot of “inbound policy violations” (port 137/138 nbname/ndbgram etc), from a computer on my local net (192.168.1.3).
I defined this net as being trusted (192.168.1.1 to 192.168.1.15).
I thought that defining “trusted” means that traffic on that net would be totally uninhibited by the FW … ??

What would the best course of action be, to allow “file and printer sharing” on my local net ? Obviously, “trust” is not enough…

Erik,

That should allow all traffic across the network; you are correct there. The only caveat to that is the details and placement of the rules in the Network Monitor.

Will you do the following:

Open your Network Monitor to full screen, and capture a screenshot. Save the image as a jpeg (you can use MS Paint if you have nothing else), and attach to your post under Additional Options.

Open Activity/Logs, right click and select “Export to HTML.” Save the file and reopen it; then copy/paste a few of those inbound violations as text into your post, so I can compare to the rules in the Network Monitor.

TNX,

LM

Sorry to high jack this post but I too am experience the same problem.

This is how my home network is set up.

CABLE MODEM → D-LINK ROUTER (DI-714P+) → 2 computers and a Buffalo File Server

D-Link using IP: 192.168.0.1
Computer 1 (Toshiba Laptop) IP: 192.168.0.120
Computer 2 (HP Desktop) IP: 192.168.0.108
Buffalo File Server IP: 192.168.0.175

Both computers running Windows XP SP 2 with ALL updates. Computer 1 is running Comodo FW V2.4.17.183 while Computer 2 is running Comodo FW v2.4.18.184. Both using Comodo Cert. Applications DB V3.

Computer 1 has no trouble accessing the file server using “My Network Places” or via a “Map Network Drive” under “My Computer”. Computer 2 can NOT access the File Server unless the FW is turned off or allows all.

I added both the entire home network and just the file server on the trusted networks and nothing.
The entire network is called ALIENNET and goes from 192.168.0.0 to 192.168.0.255, the file server is called The Hive and was assigned trusted network of 192.168.0.175 to 192.168.0.175.

This is how I first had it:
http://www.maj.com/gallery/jediagh/PCs/firewall/network.gif

Using either the My Network Places or the Map Network drive on my computer would not allow me to access the file server and the errors were logged under Log_Error.html (attached below).

I then added the entire network as a trusted side as well, IPs and TCP/UDP as well to see if that would work. So right now it looks like this:
http://www.maj.com/gallery/jediagh/PCs/firewall/network2.gif

But I get these errors:
http://www.maj.com/gallery/jediagh/PCs/firewall/windows_error1.gif
and
http://www.maj.com/gallery/jediagh/PCs/firewall/windows_error2.gif

and here is the log is attached as Log_Error_2.html.

Any help you could provide would be greatly appreciated!
Thanks,

Ahui

[attachment deleted by admin]

jediagh, my apologies for missing your post here.

jediagh, the logs are from Computer 1? I ask that because they have the file server and computer 2 IP addresses listed as the source on the incoming UDP’s that are blocked. If the rules have been defined on each computer in question (trusted network), you should not be getting blocked entries. Here are some questions for you:

  1. Do computer 1 & computer 2 have any reason to connect to one another, or only to the BFS?

  2. Do you have a trusted network set on each computer using CFP?
    a. If so, will you give a full-screen capture of the NetMon of each, identifying which is which?
    b. If one (or both) computers cannot connect to BFS, please provide the logs (as before), identifying to which computer they belong.

  3. Just to clarify, the computers can access the BFS correctly when Comodo FW is taken out of the loop?

LM

Thom,

Tnx for the PM on this topic. Will you please bring me up to speed for your scenario? That is, the details of what you are experiencing; I don’t want to assume that yours is exactly the same as either of the above…

Tnx,

LM

Hi LM,

Thanks for getting back. Yes, my senario is identical (more or less) to jediagh’s even down to the screenshots provided. This is the log when I attempt a connection from the laptop:

Date/Time :2007-05-31 18:57:09
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.1.2, Port = nbname(137))
Protocol: UDP Incoming
Source: 192.168.1.2:nbname(137)
Destination: 192.168.1.255:nbname(137)
Reason: Network Control Rule ID = 5

This is depite this IP being given its own rule defining ‘Allow’ on TCP/UDP. It seems the Block IP rule 5 is overriding this (set to block all). As I use file sharing I want this block to remain. Any help would be much appreciated.

Cheers,

Thom.

Thom,

If the BLock All rule is catching it, that would be an indication that your Trusted Zone rule falls below that in the hierarchy. Netowrk Monitor filters from the top down; traffic is either allowed or blocked, by the first rule it hits that would do either of those things. You should always make sure that the Block & Log All rule is always the very last rule.

If you use the Wizards (Security/Tasks, then Create a Zone, and following that Define a New trusted Network), this will add two rules to the very top of the Network Monitor, where they need to be. The first will Allow IP Out from Any to Zone. The second will Allow IP In from Zone to Any.

A screenshot of your Network Monitor (full screen, please) will be helpful. Definitions of IP layout for each computer in question as well.

LM

Perfect! That has done the trick. If only I’d RTFM!!!

Thanks very much for your help.

Cheers,

Thom.

Ah, that they would all be this simple to resolve… :smiley: Glad that did it, nice n easy! If you have any more questions, feel free to ask. You may, however, find answers, many of which will be here: https://forums.comodo.com/index.php/topic,6167.0.html

LM