Quick question for you - if your router is in the 192.168.1.X subnet, why isn’t it in the same zone as the PCs in the same subnet? The router is part of your LAN and should be included in the same zone as the PCs that connect through it.
If you want to be really, really tight, give your PCs static addresses of 192.168.1.2, 192.168.1.3, 192.168.4 etc. Then make your zone from 192.168.1.1 to 192.168.1.4 (assuming your have three PCs).
If you used the wizard to create a zone and set it as a trusted zone, you shuld have ended up with more than 3 rules. From memory, you should have ended up with about 7 rules.
My suggestion would be to
Temporarily disconnect from the internet
Delete the three rules you currently have in the Network monitor
Allocate static IPs to your PCs
Redefine the zone using the wizard, setting the addresses to match the routers/PCs addresses
Set that zone as trusted
Reboot your PC
Reconnect to the internet after rebooting your PC.
This will automatically create the appropriate rules.
The ip 224.0.0.1 resolves to ALL-SYSTEMS.MCAST.NET (224.0.0.1) is located in Marina Del Rey, California, United States.
Those 224.0.0.xxx addresses are part of the Cicso IOS(router and switch operating system). It is part of the new IGMPv2 standard and is used by Linksys routers also, as they are owned by Cisco. I don’t know whether other brands use it or not. I’m guessing they do as it is a standard. They are for intranetwork communication. Here is a webpage that sheds some light on how it operates:
https://forums.comodo.com/index.php/topic,1125.msg30093.html#msg30093; it specifically addresses the current default rules, and what rules should be added when you run the Network Wizard. Your rules look a little out of whack to me; not sure how they got that way, but you for sure want a block rule at the bottom… (the whole thread about Network Control Rules is worth the time, imo)
The 224.0.0.1 IP is part of the IGMP multicast block; if this is in play apparently you’re multicasting. Jasper has indicated that this is used by the Linksys router, which could mean it’s a communication “internal” to your LAN. I can’t direct you in that area, but I’m sure Jasper or Ewen can help there.
I read that post and understand how rules work now. They are very flexible and just want to make sure I’ve got the defaults I need, since I think I messed up the defaults.
In CPF, the rules work from top to bottom, filtering on the way through. Each connection attempt starts at the top and continues until it’s stopped/reaches its destination. So if your Block rule is in position 4 (rule #3), everything below that is blocked… No connection. :o If you don’t need those rules, then fine; but if you do… more :o
Keeping in mind the following:
An “In” rule applies to an inbound connection request.
An “Out” rule applies to an outbound request. When a website returns information to your browser, although this is direction “In” it’s not an inbound request; it’s in response to your outbound request.
All Application Rules work within the confines of your Network Rules, so opening up “Out” communication doesn’t mean that just any application can connect; it can only connect if it’s allowed to do so in a way that lines up with the Network Rule.
You are right about the addresses being multicast Little Mac. What is using the address is Upnp and SSDP services. I also see 239.255.255.250 going to my wireless router if I have those services enabled. If you disable SSDP and Upnp under services on your PC you won’t see those addresses anymore as that is where all the traffic is being initiated.
Sorry for getting everything off of the subject here Mike77, but I have seen quite a few threads asking about what that address does and is it needed. I personally have those services disabled now as I don’t need them for anything and am having no trouble.
Now let me get out of the way here and let these guys finish helping you Mike77.
Much better! ;D Looks like that matches the defaults pretty well, unless my eyes deceive me…
Regarding the NetMeeting, do you initiate the connection, or does someone else/some other machine? Cuz if UR the one to start the connect, I’d take the “In” off the rule, and leave at just “Out” (unless that proves to interfere).
I don’t use NetMeeting or communicate with other computers on a LAN; my only “In” rule is to block; all other rules are “Out.” If I need a remote response, it comes following my “Out” request for an “In” response.
I provide software support and remote nemeeting users call me via netmeeting when we decide on phone if needed. I give them my IP and they initiate a netmeeting to me. I have several dozen to support so I dont want to keep track of their IP#'s. Netmeeting establishes a different tcp port each use, so I had create a range of open tcp ports. I observed netmeeting in the log trying to open a port up in the 50000 range once, but I’m only keeping a range of open tcp at 1057-4999 for now, and it seems to be working so far.
All is working ok and I no longer have the router logging every two minutes- but is this only because I put the router in my safe LAN zone range? What if the router is still trying to access 224.0.0.1 every two minutes?
Shouldn’t I create a Block IP In for my router? I never thought my router itself would be trying to go out on it’s own to the internet. Is it still doing so? To find out should I take it out of my safe range temporarily as a test?
Your rule ID 2 should be set to just IN. You already have a general “any” rule for out.
You can also set destination as zone.
Since you are using netmeeting, i’m not sure if that count’s as streaming audio/video (multicast) in your case… ?
You can try to set a block rule for it, and if it doesn’t work, just change it to allow.
Right click the default block rule and choose add/add before
The rule for IGMP would look like this. Action : Block (or Allow) Protocol : IP Direction : In Source IP : Any Destination IP : Any IP Details : IGMP
Remember to restart CF.
Edit:
Some routers (mine) does have a option to enable or disable multicast broadcast.
