My Network Zones Help Please

Comodo Internet Security - CIS Firewall Help - CIS
1

Below is my current config. per the router. I am using dynamic DHCP via a Netopia 3347 router. OS is WIN XP SP3:

IP Route Table:

Network Address-Mask-----------------via Router---------------Port--------------Type—

0.0.0.0/0.0.0.0 xx.xxx.xxx.xxx* WAN vcc1 Default
127.0.0.1/255.255.255.255 127.0.0.1 Loopback Local
192.168.1.0/255.255.255.0 192.168.1.254 Ethernet 100BT Local
192.168.1.254/255.255.255.255 192.168.1.254 Ethernet 100BT Local
192.168.1.255/255.255.255.255 255.255.255.255 Ethernet 100BT Bcast
224.0.0.0/224.0.0.0 0.0.0.0 – Other
224.0.0.9/255.255.255.255 0.0.0.0 – Other
255.255.255.255/255.255.255.255 255.255.255.255 – Bcast

Output from ipconfig /all is;

Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix  . :
    Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
    Physical Address. . . . . . . . . : xx-xx-xx-xx-xx-xx*
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.168.1.97
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DNS Servers . . . . . . . . . . . : 192.168.1.254
    Lease Obtained. . . . . . . . . . : Saturday, June 06, 2009 8:42:11 AM
    Lease Expires . . . . . . . . . . : Sunday, June 07, 2009 8:42:11 PM
  • eliminated for security reasons

When I installed Comodo last week, it set up two zones:

127.0.0.1/255.0.0.0 Loopback
192.168.1.97/255.255.255.0 Local Connection #1 (This is my XP SP3 assigned network address)

My question is do I have to add my router address 192.168.1.254/255.255.255.255 to Comodo’s Local Connection #1 rule or any of the above IP addresses for that matter? I am asking this because Comdo is blocking everything inbound from my router i.e. anything with a source address of 192.168.1.254.

2

Hello DonZ,

What sort of stuff is being blocked and are you still able to surf the net?

The stuff you see getting blocked is probably broadcasts/upnp requests from the router to basically find out on a regular basis what computers are running.

You can use the “Stealth Ports Wizard” to add you router IP so that info sent is received by windows(the good thing about doing it this way is it sets up Application Rules for System and Global Rules Automatically).

Alternatively you can set up Block rules for the stuff getting loged.

For “Stealth Ports Wizard”: Firewall–>Common–>Stealth Ports Wizard–>The top entry “Define a new trusted network” will allready be checked, just click Next–>Check “I would like to define and trust a new network”–>Enter the router`s IP address in the Starting IP and Ending IP box–>click Finish.
You should receive the message “Your Firewall has been configured accordingly”.

Now have a look in Firewall/Advanced/Network Security Policy–>There should be 2 Application rules under “System” for your Router IP and also 2 Global Rules.

Matt

3

Hi Matt,

I already ran the sleath wizard and it generated the four std. rules: IP all in, the two ICMP rules, and the final block rule.

My main issues are the blocked ICMP events but maybe they should be? They are for the OS and are type 3,0 versus type 3,3?

I have attached today’s log file for your review. The blocked ICMP entires are in that.

Web browsing and file downloads are OK presently.

I have a problem with DHCP delays with APiPA assignment at boot time. I added a svchost.exe port 68, 67 rule for dest. 255.255.255.255 as suggested in a forum posting. I logged it and it also is shown in the attached log file. It eliminated the APIPA fallback but I am still getting a delay on dynamic DHCP at boot as evidenced by a XP system log time out warning message.

[attachment deleted by admin]

4

You can safely ignore these ICMP messages so they won’t crowd your logs. Follow the guidelines starting from 11 in this topic: https://forums.comodo.com/firewall_help/utorrent_comodo_firewall_guide-t32326.0.html;msg230413#msg230413 .

5

Thanks, Eric. I added those three allow rules for unreachable ICMP and they eliminated those blocked ICMP entries in the firewall log.

I also noticed when I booted my PC today that there wasn’t a startup ping (8,0) from my nic to the router log entry so I assume these rules somehow blocked that. Does not appear to be a problem since everything is running fine.