Internet Connection Sharing problem

I have been using ICS to connect my laptop to the internet through my desktop using a crossover cable. Since installing comodo I have been unable to connect to the internet on my laptop without disabling comodo. I tried a clean install and defined the network as a trusted zone, but it still does not connect. Any suggestions?

Hi and welcome at the forums (:HUG)

Can you disable the feature Do Protocol Analysis?

ps. Let us know if it helps

thanks,
Panagiotis

Didn’t help. (:AGY)

  1. Can you describe your ics and your lan?
  2. Can you give a description of your network monitor settings?
  3. Verify that svchost.exe is not being blocked.

Thanks

My desktop is connected directly to the cable modem and my laptop is connected to the desktop’s second lan card by a crossover cable. Both are running XP with the desktop set up to share its internet connection. It works fine when the firewall is disabled, but the laptop can not connect to the internet when comodo is running. I followed the FAQ for installation then ran the “define a trusted zone” wizard for the network. I have 8 rules, the first two being dedicated to the network.
How can I detect if svchost.exe is being blocked?

[attachment deleted by admin]

vabantha,

You can check your Application Monitor to see if there’s a “block” entry for svchost.exe. You can also check your log files (Activity/Logs) to see if something is blocking svchost.exe.

A couple questions, for when pandlouk returns…

Did ICS work prior to installing Comodo?

Does it work if you set Comodo’s security level to “Allow All”?

LM

Doesn’t look as though svchost.exe is being blocked. Yes, ICS working prior to installing comodo and yes, ICS does work when the security level is set to “allow all”.

The network monitor log has a bunch of violations listed. I have included a screenshot.

[attachment deleted by admin]

Hi can you maximize CFP and take another snapshot of your network monitor. Please make sure that the rule #0 is shown at the details tab.

thanks

[attachment deleted by admin]

Your trusted network 192.168.0.1-192.168.0.255 is your lan or your ICS range?

Can you add the following rule?

Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = The ICS adress of the host pc
Source port = 68
Destination port = 67

I believe it is the lan range. After installing comodo I ran the wizard to define a trusted zone for the network card that connects the two computers. I’m not sure how to find the ICS range.

Just Disable the network monitor for a while, connect the laptop at your host pc and run the wizard of the trusted network once again. Now you should have two trusted ranges. After that enable again the network monitor.

ps. post another image of your new trusted zone like you did before, and I’ll guide you through this :wink:

OK…

[attachment deleted by admin]

??? Did you connect the laptop? I mean did it acquired the IP adress and the connection through ICS?

It seems strange because CFP reports the same range again.

Please check at your laptops connection status. StartControl PanelNetwork and internet connectionsNetwork connections
Select the active network connection, right click with he mouse and select statussupport
IP adress=?
Subnet Mask=?
Default gateway=?

Yes, it’s been connected.

IP 192.168.0.252
subnet 255.255.255.0
gateway 192.168.0.1

ok the default gateway of your portable is the ics host.

add this rule at the network monitor of the host pc.

Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = 192.168.0.1
Source port = 68
Destination port = 67

then move this rule up over the default BLOCK Rule

and try to do some tests connecting and disconnecting your portable.

if this resolve the problem please report back the results. :wink:

Didn’t work…

Hi Vabantha,

I did some research and from http://www.microsoft.com/technet/security/smallbusiness/topics/ServerSecurity/ref_net_ports_ms_prod.mspx I found that you must allow udp incoming for the ports 53,67 and maybe 2535. And maybe is also necessary to alow tcp incoming at the port 53.
These should be the rules:

Rule 1 (necessary)
Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = 192.168.0.1
Source port = ?
Destination port = 53

Rule 2 (necessary)
Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = 192.168.0.1
Source port = 68
Destination port = 67

Rule 3 (?)
Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = 192.168.0.1
Source port = ?
Destination port = 2535

Rule 4(?)
Action = Allow
Protocol = TCP
Direction = In
Source IP = Any
Destination IP = 192.168.0.1
Source port = ?
Destination port = 53

ps. I’ll ask the other mods and maybe someone from the firewall team to help me restrict a little these rules. Hopefully tomorrow we will finally resolve the ICS problem :smiley:

I hope this isn’t irrelevant, but your first log pic indicates outgoing ICMP (needed fragmentation) is blocked. Is a Net Mon rule required to allow these connections?