A collegue recommended this little (Network Magic that is) tool to get my network going. (I still have problems getting network access/ shared ;)). So after installing this on both machines I’m still not able to connect to the other machine. Comodo is set to allow all connections and I’ve adjusted the network range to 0.0.0.0 to 255.255.255.255
Any one any tips?
Another funny thing, on my laptop the program only shows 3 connections through the router and on my desktop it gives me 4 connections. ???
Do you have CPF on both machines?
Have you run the Wizards for setting up your Trusted Zone, and then set that Zone as your Network, within CPF?
How is you network physically configured (through a router, ICS, etc)?
What Log entries do you have in CPF (Activity/Logs) - you can Export to HTML, and then copy/paste the text into your post; this will tell us what’s being blocked.
LM
Comodo is installed on both machines.
Have you run the Wizards for setting up your Trusted Zone, and then set that Zone as your Network, within CPF?:-\ I need to check that to be sure when I get home. I thought Comodo configured the network zone during installation.
How is you network physically configured (through a router, ICS, etc)?Using a Linksys router.
What Log entries do you have in CPF (Activity/Logs) - you can Export to HTML, and then copy/paste the text into your post; this will tell us what’s being blocked.I’ll post them later today when I’m home again.
I switched comodo off to test things on both machines. When it was turned off Network Magic detected the machines and the shared folders. Turning CPF back on made sure I couldn’t connect anymore. By doing this I was hoping for some pop-up questions from CPF to allow, but unfortunatly they didn’t show.
Ok, I’ve run the wizard to detect the network and I’m now able to see all machines on the network via the program. However I’m not able to connect to a shared folder.
The log for the machine that I want to access shows several times:
Date/Time :2007-02-02 19:43:00
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.145.161, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 169.254.145.161:1168
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 8
Could you post a screenshot of the Network Monitor rules as it applies to this Network of computers? Open CFP to full-screen, Network Monitor, and highlight one of those two Rules (which refer to your zone), then capture the screenshot. This way the details are present.
The Network rules should Allow Any IP protocol back & forth across that Zone/Network, which would include the one you’re seeing blocked, so it must not match up with your Rules.
The 239.x.x.x IP is probably originating from your router; some require it in order to do their “thing.” The odd part (to me) is the 169.x.x.x IP. That normally indicates a problem with Windows Internet Connection Sharing (ICS) setup not working properly. However, it can also be used as an internal IP address for the network, so it’s not necessarily a problem.
Let’s see the Network Rules (or you can just post complete details of each of those two rules in text, if you want - just open the rule and reduplicate everything…), and we’ll go from there.
LM
Thanks, tneo ~
Okay, as you can see, the IP addresses don’t line up. I’m thinking that the 169.x.x.x shows up in the log entry, because the connection from/to the 239.x.x.x was stopped; thus the connection is bad and we get the “fake” IP address in the entry.
Let’s try this next:
Create a new Zone - Security/Tasks/Add a Zone. Your IP range will be 224.0.0.0 - 239.255.255.255. Name it whatever you want; I suggest Multicast (but that’s just me)
Now add that Zone as another Network - Security/Tasks/Define a New Trusted Network. This is okay, as the IP assignment is reserved and is not external to your system. You can Add Logging to the rules, and see if it’s always the same IP address; if so, go in and Modify the Zone to limit the IP, just to tighten it up.
Then reboot and see if that resolves it.
LM
I’ve created the zone, added it to Trusted Zones and it has 2 rules (like on the screenshot). On the other machine I turned off CPF (to get it working one way and to configure the other later on). After trying to get to the shared folder I get the following several times in the log:
Date/Time :2007-02-02 22:52:58
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 72.142.74.98, Port = 1755)
Protocol: TCP Incoming
Source: 72.142.74.98:60293
Destination: 192.168.1.101:1755
TCP Flags: SYN ACK
Reason: Network Control Rule ID = 10
Date/Time :2007-02-02 22:52:03
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 212.181.143.204, Port = 1623)
Protocol: TCP Incoming
Source: 212.181.143.204:60811
Destination: 192.168.1.101:1623
TCP Flags: SYN ACK
Reason: Network Control Rule ID = 10
Before I turned CPF off on the other machine the log shows:
Date/Time :2007-02-02 22:40:23
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 169.254.145.161, Port = upnp-mcast(1900))
Protocol: UDP Incoming
Source: 169.254.145.161:1281
Destination: 239.255.255.250:upnp-mcast(1900)
Reason: Network Control Rule ID = 10
Thanks Little Mac for your help so far 
P.S. Network Magic’s website stated my machine name might have been to long, I shortened it and rebooted the computer.
I don’t know how those two incoming policy violations would be connected to the shared file issue…
The first one is Rogers Cable (72.x.x.x) - error loading page (probably because it’s a webhosting IP, and there are multiple sites within it), the second one (212.x.x.x is Telia Network Services (Sweden) - a “blog” of Joachim Malmgren. Are you familiar with either of those? Any software from either? Browsing to either?
LM
No clue here where those violations come from. I’ve been looking into the log a bit and I noticed that the violation is mainly for UDP out, not for in while I also tried to connect to this machine.
You said earlier that it might have something to do with ICS, any ideas on how to solve that?
If you have blocked violations for UDP out, it is because something doesn’t match up to the rule in the Network Monitor. CFP filters from top to bottom, and only allows explicitly. If the traffic is not explicitly allowed by a rule, then it will be implicitly blocked by the bottom block & log rule (the default catch-all). This is true for both In or Out traffic. You can also create rules to explicitly block certain traffic, and place them above the bottom block & log rule (that may seem redundant, but it has its purposes).
I don’t use ICS, so I’m a bit iffy on exact details. Windows uses ICS to share internet connection (such as if your two computers are hooked together at the Network Card, and only one has a connection to the internet - like thru a modem), and filesharing. If you have not run the Wizard in Windows, you may want to do that - go to Network Places, and Setup a Home or Small Office Network. That should walk you thru it. ICS uses IGMP (a multicast protocol) as part of its communications, as do some routers.
All that said, here’s a question ~ if you set CFP to Allow All on both machines, can you access and manipulate the Shared Files?
LM
Even with CPF down on both machines I’m not able to access the files. I can share whatever I want and I’m able to see those shared folders, but I’m not able to access them.
???
It seems to me that you have a problem on “the other” PC.
If you go to that PC and go to start/run and type cmd, click ok.
Now type ipconfig /all and see if you get an IP that are within your network (trusted zone).
If you get that 169.254… IP, you can try to go to your network connections in control panel and right click and repair.
Both machines are in the network range. (I configured the router to assign specific IP’s to any port.)
Machine 1 gets: 192.168.1.100 Desktop
Machine 2 gets: 192.168.1.101 Laptop
Machine 3 gets: 192.168.1.102
Machine 4 gets: 192.168.1.103
Only 1 and 2 are connected and show identital settings on the CMD prompt. The only difference is that the laptop shows “Netbios over TCPIP : Disabled”. Could the wireless network card interfere in a way? That is not assigned any IP, because there is no wireless network.
If you go to control panel/administrative tools/services, can you see if “server” and “TCP/IP NetBios Helper” is running? If not, set them to autostart and reboot your PC and see if it works.
Both services are running on both machines (I assume that the XP network wizard turned those on for me).
IGMP was mentioned and I found the following in the log:
Date/Time :2007-02-03 21:18:31
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.100
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8
Date/Time :2007-02-03 21:18:26
Severity :Medium
Reporter :Network Monitor
Description: Outbound Policy Violation (Access Denied, Protocol = IGMP)
Protocol:IGMP Outgoing
Source: 192.168.1.100
Destination: 224.0.0.22
Reason: Network Control Rule ID = 8
Could that have to do anything with this?
Try to make these net. mon. rules and see if it helps.
Action : Allow
Protocol : IP
Direction : In
Source IP : 224.0.0.22
Destination IP : Zone
ICMP Details : IGMP
Action : Allow
Protocol : IP
Direction : Out
Source IP : Zone
Destination IP : 224.0.0.22
ICMP Details : IGMP
As usual you put them ABOVE the block rule…
Put in this one too and see if it helps. I think it will help is you use names instead of IP…
Action : Allow & log
Protocol : UDP
Direction : In
Source IP : Zone
Destination IP : 192.168.1.255
Source Port : Any
Destination Port : Any