Internet Connection Sharing (ICS)[Resolved]

I wish to use Internet Connection Sharing. One computer is connected to an ADSL modem (USB), and the other computer is connected to the first by a wired ethernet LAN.

I have installed Comodo Personal Firewall on the first computer (the one connected to the internet), and I have set-up ICS on both computers, so that it works perfectly without the firewall.

In the firewall I go to Security>Tasks>Wizards>Add a trusted zone, and add my LAN network adapter as a trusted zone. This is confirmed in the Network Monitor where the settings are the following:

0 Allow IP Out [Any] ZONE : [Dlink… (my network adapter) WHERE IPPROTO IS ANY
1 Allow IP In ZONE : (my network adapter) [Any] WHERE… (same as above)
2 Allow IP Out [Any] [Any] WHERE…
3 Block IP In [Any] [Any] WHERE…

With these settings, and Comodo enabled, I cannot use the internet on the other computer (the one not directly connected to the internet). Any internet requests just time-out. I do seem to be able to access secure websites (https://), but this is very slow, and I am not sure that it works for every secure website (I’ve tried it on two). Non-secure (http://) does not work at all (just times-out).

If I close Comodo, it works again. Enable it, and it stops working.

Any ideas? Thanks

Can you try the latest beta?

Thanks for your reply.

I have updated to the latest BETA release, but ICS is still being blocked. I can’t even access sucure websites anymore (although being able to do it with the older version might have just been a fluke). The second computer (not connected directly to the internet) cannot even see that there is a shared internet connection available (when I go to ‘Show all connections’ it just shows the LAN connection.

I should add that I did add the network adapter to the trusted zone again, after updating to the latest beta release.

The first computer (directly connected to the internet) is running Win XP Pro SP0
The second computer (connected via LAN to the first) is running Win XP Pro SP2

You could try using a proxy app vs ICS. I have always found ICS to be to ■■■■ iffy. I use an application called Freeproxy. From the name you can guess it’s cost. It works well and is simple enough to set up. It does have limitations like the # of smtp mail accounts etc and you’ll possibly run into difficulty with torrents or other P2p apps (although they may just work fine, since I don’t use ANY p2p apps at present and couldn’t tell you if they work) but it’s an alternative.

Can you show us the LOGS so that we can see what CPF is blocking?

Thx,
Egemen

Thanks for the suggestion of FreeProxy, I’ll have a look at it.

Shall I post the logs in the forum?

Got the same problem installed comodo firewall last night, after having problems with zonealarm crashing my pc. My pc worked fine but ICS on second computer stopped. Configerd the network on comodo. but after 3 hours of playing couldnt get anything the log panel shows no attemts at anything being refused. seems second pc cant even see this one ( your doing the job a little too well). anyway uninstalled comodo as i couldnt find how to turn it off, exit hashed out. restarted everything and still no ics!. had too run network wizard again and enter a diffrent network name to get it working. Reinstalled comodo and no ics again, tried running network wizard with comodo running and that now errors! Never ever had a problem with ics, networking atc apart from normal setting up pains. Both pcs use xp sp1 main pc that has comodo on, is almost a new format so very little else on it too conflict. Seems like this isnt going to work for me (:AGY)

To say that a Microsoft Windows function is no good so that you should use another product, sets a dangerous precedence. I can gaurentee that i have delt many times with ICS, it is not THAT hard to setup, it is quite easy.

If i were going to use COMODO, ICS HAS TO WORK, otherwise it will not be touching these computers. My Mum would KILL me if ICS did not work LOL.

Anyway, i’m sure the COMODO team is on top of it, i hate it when people shrug of that a component of your own operating system is broken. It should be fixed. Ensuring compatibility with every application, i do not expect of any product, but i do always expect compatibility with every function of the operating system.

Cheers, rotty

Sure you can post them here if you believe it does not contain confidential information.

fluppet, ICS should be enabled only on the computer connected to the modem. All other computers connected to your second NIC are Clients. If I’m understanding correctly, it sounds like you and
md_ford are enabling ICS on your Client computers. The one with the internet connection is your ICS Server (Host) and does the routing for Clients. ICS is working fine for me but it can be a pain if it is not configured properly. Open the Command Prompt and type “ipconfig /all” (no qoutes) and hit enter. Your “Internet”
NIC should have the IP address of your ISP (don’t post this address). Your “LAN” NIC’s address should be 192.168.0.1. When you enable ICS it automatically assigns this address to your LAN NIC. You can change this but ICS may not like it. Your LAN NIC does not have a Default Gateway because ICS handles the routing to the Internet NIC.
More info is needed for your setup. You say your second computer is connected via ethernet Lan. How?
By router? By switch? If you are using a router connected to the LAN NIC and the cable is connected to the Wan port of the router, then the router is part of the LAN subnet and requires an IP address.
Therefore, this address (Wan port = 192.168.0.2) would have to be allowed in Comodo. Your router
itself would be 192.168.1.1 and Clients are assigned 192.168.1.2 on up with DHCP enabled in the router.
Is the second computer connected by crossover cable to the LAN NIC?
Now that we are all totally confused, try this link to check ICS:
http://www.annoyances.org/exec/show/ics
Hope this helps ya!

Thank you for your lengthy reply, treggmo. Unfortunately it does not solve my problem, as I believe I already have ICS set-up correctly. When I run the network set-up wizard (part of Windows) on the host computer I select ‘Connect to the internet directly, other computers on the network connect through this computer’, and on the client computer I select ‘this computer is not directly connected to the internet, it connects through another computer on the network’ (or something like that). When Comodo is not enabled, ICS works perfectly. As soon as I enable Comodo it stops working.

When I turn-on my computer (and Comodo comes on automatically) the client computer can’t connect to the network at all (it says ‘limited or no connectivity’), whereas the host computer shows the connection as working. Therefore when I connect to the internet on the host machine, the client cannot even see that it is connected. When I close Comodo, the client manages to connect, and it can then see that there is an internet connection present.

The two computers are connected via a cross-over cable (i.e. no router).

Here is a sample of the logs: (217.164.58.191 is my IP)

Date/Time :2006-08-21 18:57:38
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.1, Port = dns(53))
Protocol: UDP Incoming
Source: 192.168.0.97:1197 
Remote: 192.168.0.1:dns(53) 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:33
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.1, Port = 2869)
Protocol: TCP Incoming
Source: 192.168.0.97:3715 
Remote: 192.168.0.1:2869 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:33
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.1, Port = dns(53))
Protocol: UDP Incoming
Source: 192.168.0.97:1197 
Remote: 192.168.0.1:dns(53) 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:27
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 217.164.58.191, Port = MS-ds(445))
Protocol: TCP Incoming
Source: 217.164.212.54:2344 
Remote: 217.164.58.191:MS-ds(445) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:27
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.1, Port = 2869)
Protocol: TCP Incoming
Source: 192.168.0.97:3715 
Remote: 192.168.0.1:2869 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 217.164.58.191, Port = 9898)
Protocol: TCP Incoming
Source: 222.212.241.128:3244 
Remote: 217.164.58.191:9898 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
In the attackers' world, this port is usually used by Trojan.W32.dabber.a(9898)
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 217.164.58.191, Port = 5554)
Protocol: TCP Incoming
Source: 222.212.241.128:4975 
Remote: 217.164.58.191:5554 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
In the attackers' world, this port is usually used by Trojan.W32.Sasser.Worm(5554)
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.1, Port = 2869)
Protocol: TCP Incoming
Source: 192.168.0.97:3715 
Remote: 192.168.0.1:2869 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 192.168.0.1, Port = dns(53))
Protocol: UDP Incoming
Source: 192.168.0.97:1197 
Remote: 192.168.0.1:dns(53) 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 217.164.58.191, Port = 18967)
Protocol: TCP Incoming
Source: 58.169.195.240:65521 
Remote: 217.164.58.191:18967 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 217.164.58.191, Port = nbsess(139))
Protocol: TCP Incoming
Source: 217.164.9.112:2651 
Remote: 217.164.58.191:nbsess(139) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 217.164.58.191, Port = nbsess(139))
Protocol: TCP Incoming
Source: 86.97.220.77:4065 
Remote: 217.164.58.191:nbsess(139) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6
Date/Time :2006-08-21 18:57:22
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 217.164.58.191, Port = MS-ds(445))
Protocol: TCP Incoming
Source: 217.164.8.91:3684 
Remote: 217.164.58.191:MS-ds(445) 
TCP Flags: SYN 
Reason: Network Control Rule ID = 6

Hey fluppet,
It looks like ICS has assigned your Lan NIC 192.168.0.1 which is correct. It also looks like Comodo is blocking that address (incoming from your Lan). It is doing it’s job! As far as configuring and adding rules in Comodo, I am not an expert. I’m anxiously waiting for the final release. Hopefully one of the experts will jump in and help you.
Remember to use the ipconfig /all command at the Command Prompt (Start > Programs > Accessories >
Command Prompt) for troubleshooting. And please don’t take offense if you already know this.

Good Luck!

I too am using a crossover lead, well 2 actualy I have 2 other pcs connecting too the net through this one. I understand how too set up ICS. and the fact that it works when Comodo firewall isnt installed proves this. Ive read about setting up the rules and hierachy in comodo as has fluppet because his rules were the same as mine, although i also tried telling comodo to allow the specific IP addy of computer 2 in an out. Unfortunatly this didnt work either, and surely if the computers where connected via router Comodo wouldnt be able to block them ?. From what i can see Comodo is a realy good product. I tested it on several realy dodgy sites and it performed perfectly. out doing zonealarm easily. If it wasnt so good i wouldnt even post here in the hope that it could be sorted out. just seems strange that at least 2 people with similar setups installing at around the same time cant get ics working!. I will look into this problem a little deeper in a few days too see if i can sort it out myself, but too much work atm. so im hopeing you forum geeks can do it for me (:WAV)

There is something weird here:

192.168.0.1 must be the PC1 which has ADSL modem. And 217.164.58.191, which is also PC1 but having the second IP address assigned by USB ADSL modem interface. Everything is fine. All blocking logs beginning with 212.xxx.xxx.xx are also good.

But since you have added rules for your trusted zone, CPF MUST not block any packets starting with 192.168.xxx.xxx.

This can be caused by only one reson: Your trusted Zone address is not defined correctly.

You can easily check this:

1- Go to Security->Tasks->Add a new Zone
2- Select your Zone name and click on modify button
3- Verify that starting address is 192.168.0.0 and Ending address is 192.168.0.255

After verifying this, also verify that your rules are still exactly the same as the following i.e.

0 Allow IP Out [Any] ZONE : [Dlink… (my network adapter) WHERE IPPROTO IS ANY
1 Allow IP In ZONE : (my network adapter) [Any] WHERE… (same as above)
2 Allow IP Out [Any] [Any] WHERE…
3 Block IP In [Any] [Any] WHERE…

This configuration must not cause any blocking of local IP addresses.

Lets us know if there was something with the zone addresses.

Egemen

Ok just an update had an hour spare tonight so thought i would have a play, installed comodo again, connected to net on pc 2 on nothing. Remembered to use the add trusted network button ran pc 2 on net again and the bloody thing works ?. now im just confused ??? only change in both pc’s during this time is the uninstallation of zonealarm on pc2.Forget that just checked on pc3 which has zone alarm installed and that too has net connection. Only other thing i did diffrently was install comodo whilst pc2 and 3 where turned off? may try uninstalling and reinstalling later too see if i can make it not work again, but as for now im happy
(:KWL)

Ignore this.

Thanks for your reply

Rotty: I don’t think anyone stated that they had two firewalls installed on the same computer…

Egeman: “3- Verify that starting address is 192.168.0.0 and Ending address is 192.168.0.255” I checked, and strangely this is not the case. When I installed Comodo, I just clicked ‘Add Trusted Zone’ and I added my network adapter… I don’t know why it seems to have used the wrong IP address range… It’s using the range 169.254.0.0/169.254.255.255

"After verifying this, also verify that your rules are still exactly the same as the following i.e.

0 Allow IP Out [Any] ZONE : [Dlink… (my network adapter) WHERE IPPROTO IS ANY
1 Allow IP In ZONE : (my network adapter) [Any] WHERE… (same as above)
2 Allow IP Out [Any] [Any] WHERE…
3 Block IP In [Any] [Any] WHERE…"

Well, they are slightly different now, as I am using the new beta release (there are now 7 rules)

Sorry, misunderstood

Yes as i said, this can be the only case. It means you have defined your trsuted zone when your network adapter failed to acquire an IP address. Those are bogus IPs used when IP address can not be acquired.

Egemen