No access to Internet after installing

mikeboug · January 13, 2007, 11:26am

I’ve just tried to install Comodo firewall. My intention was to replace Sygate which is no longer supported since CA purchased the company.

However, after installing with all default settings, my Internet connection stopped working. I’m connected to a wireless switch (but directly with a cable) which is itself connected to an ADSL router. I tried repairing the network connection but it failed trying to get an IP address.

In the end, I had to uninstall and re-enable Sygate to obtain connectivity.

Does anyone have any ideas what the problem can be.

Many thanks.

AOwL · January 13, 2007, 12:20pm

Did you only disable Sygate before you installed CFP?
You should uninstall it in that case and clean the registry and reboot before you install CFP.
Did you make a trusted network in CFP?

Rucia · January 14, 2007, 10:04am

mikeboug,

AOwl is right. I had a similar situation with Outpost Pro. I disabled Outpost then installed Comodo, and i couldn’t get any web access. I then uninstalled Comodo and uninstalled Outpost, cleaned the registry and re-installed Comodo, then everything was fine.

ZLRAC · February 8, 2007, 3:24pm

Help. I’ve had the same problem. I had Ghostwall which I uninstalled. Then I installed Comodo and have been unable to connect to any internet web-page. I then closed Comodo and still had the same problem. I did a system restore and everything is fine now w/ Ghostwall but I’d rather use Comodo. Ideas?

Little_Mac · February 8, 2007, 3:38pm

Welcome, ZLRAC!

After uninstalling your firewall, you want to make sure you clean out any remaining files, registry entries, etc. I recommend these steps:

If you don’t already know what Services and Drivers the firewall installs and uses, find out - from it’s help files, the company, something.

Turn the firewall off, and Disable those Services and Drivers (that way they won’t start on reboot).

Go to Start/Run, type in “configsys”. Then go to the Startup tab, and uncheck any entries for the firewall. Apply. OK.

Reboot.

Now the firewall should not be running. Run the uninstaller on it. Reboot when finished.

Run a cleaner program (like CCleaner) to get rid of temp files, etc. Reboot.

Run a registry cleaner (like RegSeeker) to get rid of orphaned registry entries. Reboot.

Now is when you will install CFP.

LM

Moyo · February 8, 2007, 4:50pm

I have a similar problem, but not all the internet is cut off. I can use Skype and Thunderbird but not Firefox or Explorer. Any ideas?

Little_Mac · February 8, 2007, 5:18pm

Welcome, Moyo!

Sounds like they’re being blocked by something… Check the Application Monitor for “Block” entries. Check the Activity/Logs for entries showing blocks.

Also, a known possible cause (that won’t show up in CFP) is the remains of a previous firewall. Make sure you’ve cleaned out registry files, etc, (as posted to ZLRAC above), regarding your previous firewall.

First place to look, though, is CFP’s Application Monitor and Activity Logs.

LM

Moyo · February 8, 2007, 5:22pm

Thanks. I will check, as I had Zonealarm before. All the settings I had a look at earlier said that they should have been allowed though.

Moyo · February 8, 2007, 10:25pm

I found that by unchecking the box “block fragmented IP datagrams” I was able to use the internet. Does anyone know the significance of unticking this option?

Little_Mac · February 9, 2007, 4:21pm

From CFP’s Help files:

Block fragmented IP Datagrams When a connection is opened between two computers, they must agree on a Mass Transmission Unit (MTU). IP fragmentation occurs when you pass through a router with an MTU less than the MTU you are using i.e when a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller fragments which are each sent separately. Fragemented IP packets can create threats like DOS attack. Moreover, these fragmentations can double the amount of time it takes to send a single packet and slow down your download time. Comodo Firewall Pro is set by default to block fragmented IP datagrams i.e the option Block Fragmented IP datagrams is checked by default.

Here’s a MS link that discusses Windows’ vulnerability (and the patch) for fragmented datagrams; they state that fragmented packets are a necessary part of communication. http://www.microsoft.com/technet/security/bulletin/fq00-029.mspx

Here’s a more technical discussion about such things. A lot of it is highly technical, but there’s some stuff there that’s understandable by humans as well. This article is geared toward filtering with a router. RFC 1858 - Security Considerations for IP Fragment Filtering (RFC1858)

Based on what I am able to understand about this, a primary concern of fragmented packets is a “flood” occurring. While you’re turning off the CFP feature that specifically blocks the fragmented packets (thus allowing them), you still have the “flood” protection on (Security/Advanced/Advanced Attack Detection & Prevention).

Here’s my question for you, though ~ how did you conclude to turn this off? Did you have any Block entries in your Application Monitor? What Activity/Log entries did you have when your browsers were stopped from accessing the web?

LM

Moyo · February 9, 2007, 7:36pm

I checked the log and everytime I opened firefox and tried to got to a webpage it started blocking things complaining of fragmented data packets, so I unticked the option. I don’t use a router at the moment.

Little_Mac · February 9, 2007, 7:42pm

Moyo,

Can you post your log entries for this event? To do so:

Go to Activity/Logs. Right-click an entry and select “Export to HTML.” Save the file, open it, and copy/paste the text to your post.

That way you can select only a section of it, and edit/mask your IP address.

There may be something specific we can address, rather than turning off that aspect of your global security.

LM

Moyo · February 9, 2007, 8:34pm

No problem. Just the ones with high in the severity. I unticked the box because I assumed (from my skim reading of your manual) that everytime there was a high severity incident comodo automatically blocked acccess for a specified amount of time.

Date/Time :2007-02-08 21:47:17
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:47:16
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = TIME EXCEEDED IN REASS)
Protocol:ICMP Outgoing
Source: x.x.x.16
Destination: 212.58.226.20
Message: TIME EXCEEDED IN REASS
Reason: Network Control Rule ID = 5

Date/Time :2007-02-08 21:47:11
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:47:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 71.249.120.8, Port = 22482)
Protocol: TCP Incoming
Source: 71.249.120.8:50282
Destination: x.x.x.16:22482
TCP Flags: SYN
Reason: Network Control Rule ID = 5

Date/Time :2007-02-08 21:46:56
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 71.249.120.8, Port = 22482)
Protocol: TCP Incoming
Source: 71.249.120.8:50282
Destination: x.x.x.16:22482
TCP Flags: SYN
Reason: Network Control Rule ID = 5

Date/Time :2007-02-08 21:46:46
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:46:41
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:46:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 80.41.181.243, Port = MS-ds(445))
Protocol: TCP Incoming
Source: x.x.x.243:3900
Destination: x.x.x.16:MS-ds(445)
TCP Flags: SYN
Reason: Network Control Rule ID = 5

Date/Time :2007-02-08 21:46:31
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:46:31
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:46:26
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:46:20
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:46:20
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-02-08 21:46:15
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are n

Little_Mac · February 9, 2007, 9:19pm

Moyo,

Those incoming 212.x.x.x IP addresses are from Guardian Unlimited - www.guardian.co.uk. I have opened the site, and have no messages about fragmented packets. Obviously you’re experiencing an issue with that, but I’m not sure why; perhaps it is being caused by something with your ISP. If I had the same results as you, I wouldn’t think anything more of it.

Since I didn’t have any fragmented packets, you may want to file a ticket with Support - http://support.comodo.com/; they will be able to help you isolate the issue in more detail.

LM

BTW, I masked the personal IP addresses in your post to protect your privacy.

Moyo · February 10, 2007, 4:35pm

I think that was just website I was trying to access. If I took other examples the IP address just points to the website I was trying to access. Thanks for editing my post.

Little_Mac · February 12, 2007, 3:21pm

Yeah, if it happens with every website, I’d definitely recommend filing a ticket with Comodo Support. It may not be CFP, but they will be able to help you isolate that. Be sure to keep us posted with your results; that way others who may have the same problem will know…

LM

Iefiru · August 2, 2008, 1:09pm

I got the similar problem with Moyo, but I only got the problem when I visit http://delphi.ktop.com.tw/. However, after I unticking the “block fragmented IP datagrams” option, I can visit the site. Could it be something wrong with my computer or the website?
What can I do to set the rules to allow the website, but block other fragmented IP datagrams? I’d try to set a global rules that Allow >> source >> Host Name: “delphi.ktop.com.tw” but it dones’t work.

Thanks.