New Wireless Notebook Behind Router Ques!

Hello!

I’ve just watched AOwL’s wonderful Noob video & read Pandlouk’s hardening rules for wireless. And now I have questions!

One wireless notebook behind one router.

When creating the network zone, the wizard gives me two choices. Do I want to setup with Marvell Yukon 888 8036 PCI-E Fast Ethernet Controller or do I want to choose Local Network (might have said Local Area Network)? (Ques. 1)

On the Summary page of the FW it lists under System Info>Adapter: Marvell Yukon, Intel Pro/ Wireless, Bluetooth (not using Bluetooth at this time).

I want to create the most secure first two rules for when utilizing wireless.
Intel IP address ends in 1.3
Marvell Yukon IP address ends in 1.2

Which would I write to tighten the first two rules, 1.3 or 1.2? (Ques 2) Do I follow with the Submask numbers? (Ques 3)

I believe this is how they would look:

0 Allow IP out from IP [Any] to IP 192.168.1.2 WHERE IPPROTO IS ANY
1 Allow IP in from IP 192.168.1.2 to IP [ANY] WHERE IPPROTO IS ANY

Am I getting it? (Ques 4)

Thanks in advance for helping keep safe!

Michele

PS Just took a look at the Edit section for Network Control Rules. Could you tell me specific steps? (Ques 5) I think I’ll always be FW challenged!

Addendum: My old PC’s ethernet cable connects to the router right now, I’ve intentionally made it so there is no connection/communication between the two PCs & when setting the router I used the new PC. I just noticed on the old PC’s Comodo System Info>Adapter it lists Intel & its IP address ends in 1.4. Do you factor this additional information into the rules on both PCs? (Ques 6) Do the rulesets on both PCs match? (Ques 7)

I made its additional rules when I setup the router a few days ago (new PC had Norton suite at that time). It has no wireless abilities.

I want you to have all the details at your disposal.

Hi Michele,
please check this Restricted Secure Zone Rules

Pandlouk,

I read that prior to composing the post. I guess you think rereading it answers my questions! It does answer Ques 4! I’m not getting it! The answers must be very obvious to you. If that were true for me, I wouldn’t have to ask! I also have looked at the subnet calculator & I don’t know the values to enter!

Now I’m concerned that both Comodos are improperly configured! I’m not using wireless, but I have to have access the internet (wired) to figure this out! Help!

Thank you for your time.

Michele

Hi Michele!
You’re back!
More questions I see… 88)

You don’t need to put in the IP of the old computer in your zone, if you’re not using the internal network to send files/print between them.

Can you reserve an IP to your computers in your router?
or else you need to set the IP manually on your PC, so it wont change.

Can you set the IP range in your router?
If it have 192.168.0.0 - 192.168.0.255, can you change that to let’s say
192.168.0.100 - 192.168.0.103?
It’s good to “narrow” it down a bit…

I wont ask any more questions now… ;D

AOwL!

Wild horses couldn’t keep me away!

Could you please rephrase this?

In the Netgear reference manual without Botox!

Michele

Which Netgear router did you have?

Why I asked if you could reserve an IP to your specific PC, is that if you can, you can just use one IP in the network monitor rules in CFP.
If your router hands out dynamic IP, and you have only set one IP in your rules in CFP, your rules wont work…
Most of the time, you will get the same IP anyway, but to be sure, it’s good to set it static in the router.
If you don’t have that option, you should narrow the network down as I said in my previous post.

AOwL,

Netgear WPN824v2

So “reserve” is like assign. The section in the Netgear Setup Wizard called “Lan IP Setup” lists:

IP address 192.168.1.1
Subnet mask 255.255.255.0

There’s a tick in the box in front of “use router as DHCP server”.
Starting IP address 192.168.1.2
Ending IP address 192.168.1.254

The Netgear tech I set up the router with wasn’t interested in security, he wanted to get off the phone quickly. I was discouraged from updating firmware, using WPA2, using Mac address filter, invisible mode, & decreasing the signal strength.

I knew these were things I wanted to have prior to choosing the router. I eventually was able to include all these but the last. I went back after the call & tightened it up as best as I could & had a 2nd tier tech go over my moves & he wanted to keep the the signal strength so I let it alone. I remember narrowing those last lines (.2-.245) with him.

There’s the option in another section that I believe lets you choose, assign, or reserve… I need to get back in & look–I was there last night but I had no idea what you were asking…These concepts & terminology are foreign to me.

If I hadn’t asked my questions & received your invaluable support, I’d have assumed the Netgear tech was configuring things correctly. Imagine all the routers out there with features that are never employed.

I’m very grateful to those of you who give so generously.

Michele

Since your router is IP address 192.168.1.1
Subnet mask 255.255.255.0
and your LAN is
Starting IP address 192.168.1.2
Ending IP address 192.168.1.254
I would change the last 254 to 3
Now you only have your router and your 2 PC’s.
If I understand you right, you are using all the other protections you mentioned?
(invisible, Mac address filter, Wpa2)

When you make your trusted zone in CFP you choose your network card.
Just click ok and it will finish fast.
Now you can go to security/tasks and click on add/remove/modify a zone.
Click on your zone, and edit.
You can name it to what you want like “MyZone” or something.
Now you should set the IP range you have set in the router.
192.168.1.1 - 192.168.1.3
Click ok.

Now you have a very narrow zone.
If you go to network monitor you can see your new zone in the rules.
If you had already made one, you might have to double click every rule and click ok before the new name is showing. It’s a bug I think…
When you have a IN rule, YOU or your Zone should be set as destination IP.
In a OUT rule it’s the other way around.

Try these suggestions if you haven’t already.
Let us know how it goes.

AOwL,

Wished to touch bases with you. I was unable to connect to Netgear’s servers the other day, so I was waylaid from implementing your suggestions.

I now have changed the ending LAN IP address to 192.168.1.3. Also Netgear had me set a static address on the old PC of 192.168.1.10.

I’ve yet to figure out the rules! I keep reading, but I feel like I took a stupid pill. I’ve made a trusted zone using the Marvell card. When I click on add/modify/remove a zone, a dialogue box, Modify Zone, opens & there are two listings there, Local Area Network & Marvell Yukon. Do you want me to highlight Marvel Yukon & click edit? And then a dialogue box, Specify Zone, opens. Do you want me to put the new name, My Zone, where Marvell currently is in the Specify box? Change the digits listed there to 192.168.1.1 & beneath it 192.168.1.3? Is this correct?

What exactly will 0 & 1 look like in the Network Monitor? What will show under source & destination for 0 & 1? And what do I do with Local Area Network listing in Modify Zone box, leave it alone or remove it?

Michele

Hi Michelle,

go at your router settings and delete the static ip adress of the old computer. Then reboot the old pc. By doing this the router will assign at the old computer the IP 192.168.1.3.(leave the new pc connected will you do this)
After go at your router settings again and assign static IPs for both your machines.
One will be 192.168.1.2 and the other 192.168.3. After you are finished post again and we’ll do it together

Pandlouk!

I was coming back to ask whether or not I needed a UPD In rule #2 like on your Restricted Settings! Oh no! I may lose connectivity altogether!

I’ll start with the old PC! Don’t go away!

Michele

Hehe. Don’t worry.

Pandlouk,

I removed the static address from the old PC, rebooted, & have connectivity, however, the address assigned by DHCP is 192.168.1.2, at least I think so-- Network Connections>Local Area Connection Status’ Support tab says this!

Although the router was configured with the new PC, it was the old PC that was originally configured with the cable modem. Is this an issue?

Waiting for you before I mess with anything else!

Michele

No it is not an issue. Just assign static IPs on both systems and reboot your router if needed

Pandlouk,

What #s? 1.1 & 1.2? or ?

My god! I just noticed the total time logged onto this forum exceeds 1 day! I should get it by now!

Michele

at one pc put 192.168.1.2(old) and at the other 192.168.1.3(new)

Pandlouk,

I just realized you asked me to go to the router & remove the old Pcs static address. I did it on the properties page of the Local Area Connection on the PC itself. A problem?

Michele

Since the pc has the adress 192.168.1.2, it is not a problem. But you must assign them static IPs at the router.

Pandlouk,

I’m in the Netgear router manager. I can’t find where you’d do it!

Under Basic Settings>Internet Ip Address there are two radio buttons: Get dynamically fron ISP or Use static IP Address.

Under LAN Advanced IP Setup there’s that box with a tick in it in front of Use Router as DHCP Server.

There’s a section called Static Routes as well.

Thoughts? I have a few! Jeez!

Michele

Is there an advanced section? If not go at the static routes.

ps. can you give me a direct link of the routers config help file from the support site? I’ll give it a quick look and tell you exactly what to modify