Local network question

Dave.B · November 15, 2010, 9:25pm

Hi
I’m using the latest and greatest version of Comodo on two pcs at home. When I first installed, it detected the local network and I allowed full access between any of the pcs on this network

Soon we will be having a guest staying with us and I will most likely allow this person to connect to the network for internet access. I would like to disallow any new pcs access to the pcs on the network already. How can I use the firewall to do this?

Thanks

Citizen_K · November 15, 2010, 11:29pm

Go to Firewall → Firewall Security Policy → Networks Zones and edit the zone of your LAN to your likings. CIS will then apply the changes you made in Global Rules and the rule for System.

Dave.B · November 15, 2010, 11:43pm

I have tried to make the change there but it doesn’t seem to have any effect.

I went to where you edit the address, before the change it was using an ip mask, which was the address of the pc.

I changed that to using a range of ip addresses, the range I added only included the modem/router and 1 of the pcs (trying to lock out the second pc)

After the change, I still had access to the second pc and vice versa.

Citizen_K · November 16, 2010, 11:21pm

Can you show me screenshot of your Global Rules? Also run Diagnostics under More and see what that brings and says.

Dave.B · November 17, 2010, 2:48pm

The diagnostics utility did not find any problems.
I’m not sure how to post the screen capture.

Citizen_K · November 17, 2010, 6:14pm

How to post a screenshot?

To copy a screenshot of the active window push alt+print screen to copy the active window to the clipboard (pushing print screen will copy the complete window to the clipboard not just the active window). The window is now copied to the clipboard. Paste the image in any image editing program, Paint, Paint.net, the Gimp etc. Use the “crop” function to resize the canvas to size of the image. Now save the file as 32 bits png image.

At the forum push the reply button. Or when using the Quick reply type some text and push the preview button.

Underneath the text box click on Additional options. Push the Choose button and navigate to the file and select it. When you want to post more images click on the more attachments link.

When done typing push the Post or Preview button.

Dave.B · November 17, 2010, 6:35pm

Global rules

[attachment deleted by admin]

Citizen_K · November 18, 2010, 1:16am

Can you show me a screenshot of the Mordor network definition?

Dave.B · November 18, 2010, 2:59pm

Here you go.

Thanks

[attachment deleted by admin]

Citizen_K · November 18, 2010, 6:41pm

I also need to see the application rule for System. I forgot to ask, sorry about that.

Dave.B · November 18, 2010, 7:14pm

its defined as a Windows System Application, which has these settings

[attachment deleted by admin]

Citizen_K · November 18, 2010, 10:48pm

I meant the firewall rule for System under Firewall Security Policy → Application Rules.

Dave.B · November 19, 2010, 12:07am

Sorry, is this what you are looking for?

[attachment deleted by admin]

Citizen_K · November 19, 2010, 5:55pm

Thank you for posting the screenshot. We found the cause of your problem. System handles the network traffic and since you made it a trusted application it will allow all traffic.

Change the rule first delete it. Then run the Stealth Ports Wizard and make Mordor trusted network. That should do the trick.

Using the Stealth Ports Wizard will adapt both Global Rules and the rule for System.

Dave.B · November 20, 2010, 3:14am

Ok great, I hate to be a pain but I’m trying to lock this down as best as I can.
After I did what you recommended, I get the following pop-up, I allowed it as outgoing, I’m guessing I answered trusted in the past.

Thanks for your help.

[attachment deleted by admin]

Citizen_K · November 21, 2010, 1:28am

We are almost there. Remove the rule “Allow UDP out from MA…” in the rule for System and it should be working. Please report back your results.

Dave.B · November 21, 2010, 12:31pm

When I remove that rule, I get the pop up from system after after about 5 minutes.

Citizen_K · November 21, 2010, 11:38pm

Can you post a screenshot of the alert?

Dave.B · November 22, 2010, 4:52am

Its the last set of screenshots, I answered “outgoing only”

WxMan1 · November 22, 2010, 5:03am

Disable NetBIOS over TCP in local network TCP/IP configuration.

Also, based on how you’ve defined Mordor ensure that the new PC is assigned IP address 192.168.2.[1-255] (it puts the second PC on its own subnet).

Or you could make Mordor network explicitely 192.168.1.1 & 192.168.1.2 (without mask), or use range.

Or you can make Mordor network to be 192.168.1.1 / 255.255.255.254 & 192.168.2.1 / 255.255.255.254 (you’d have to change one PC’s IP address 192.168.1.2 to 192.168.2.1). Since you can’t assign network address (192.168.1.0) to PC, you have to use two subnets.

Easiest way of doing it would be to make Mordor a range 192.168.1.1 - 192.168.1.2 (that way you wouldn’t have to change any of the PC’s IP addresses). The question becomes, what about router or modem? Although that’s usually 192.168.0.1 it could be 192.168.1.1. So you still need two IP address for PC. You could make a network ID / mask like this then:

192.168.1.1 / 255.255.255.248

Since the network address (192.168.1.1) and broadcast address (192.168.1.7) are unuseable, the new PC could use IP address 192.168.2.1 (which would be on a different subnet). That PC could then access the modem / router (192.168.1.1), but if you’re using ICS, and the modem is plugged into one of the two PC’s, then what?