No access to LAN (Windows 7)

Since installing Firewall & Defense+, my Windows 7 PC can access the internet, but can no longer see other devices on the LAN. I have defined a ‘Home Network’ network zone, and when the default install option didn’t give me LAN access, I have (following the help files and posts here) tried the any address (‘MAC Any’) option and the ‘IPv4 Subnet Mask’ option, and have used the Stealth Ports Wizard to trust the zone.

So far, still I can’t see any network devices - is there some simple way to just enable access to the LAN?
Do I have to reboot before these settings are effective?
Any suggestions?

It sounds like the steps you’ve already taken should have worked, but we can check the details and see why it’s not.

First up, I would suggest a reboot. Strictly speaking it shouldn’t be necessary, but for the amount of time it takes, it’s worth doing. Next we can check some details:

1. Open a command prompt and type ipconfig /all - Post the details here
2. Take a screen-shot of your Network Zones - post a screen-shot here
3. Take a screen-shot of your Firewall Application rules - post a screen-shot here

Are all the PCs on your LAN running Windows 7? If so, are you using Windows 7 Homegroups?

Thanks for the quick response Radaghast, and apologies for the delay replying - I was running a backup, which is why I hadn’t tried rebooting. Now I have rebooted, I can now access the LAN devices, so good news there

I’m not actually using Homegroups, and there are various devices - a laptop with Win7, a NAS with Windows Home Server, a backup Diskstation NAS, and iPhone, etc.

However, although I can access my NAS via the network, the firewall is still blocking remote access to my NAS via Remote Desktop Connection - I don’t know how to post a screenshot here, but the event log says:

Windows Operating System was blocked Protocol = TCP, Source IP = 192.168.72.103, Source Port = 1031, Destination IP = 192.168.72.104, Destination Port = 2869

The ‘Source Port’ changed to 1031 the second time I tried Remote Desktop Connection.

How do I enable this facility?

Glad to hear

However, although I can access my NAS via the network, the firewall is still blocking remote access to my NAS via Remote Desktop Connection - I don't know how to post a screenshot here, but the event log says:

Windows Operating System was blocked Protocol = TCP, Source IP = 192.168.72.103, Source Port = 1031, Destination IP = 192.168.72.104, Destination Port = 2869

The ‘Source Port’ changed to 1031 the second time I tried Remote Desktop Connection.

How do I enable this facility?

Here’s a tutorial for posting a Screenshot

With regard to the remote access, the details you’ve posted don’t seem to relate to RDP but rather SSDP (TCP port 2869) SSDP is part of the UPnP environment, which may or may not be related to your NAS.

Standard Windows RDP (Remote Desktop) uses TCP over port 3389, for which you will need to allow inbound connections. You can take a look through this thread for some details on how to configure RDP.

Thanks for the links. You’re right about the firewall event log entries, they don’t seem to refer to remote access after all - I tried it twice and just assumed those two entries with a similar timestamp were it. Looks like I get no firewall events when I try remote access, despite setting alerts to the highest setting…

I tried the thread on RDP configuration, and found I already had an svchost entry for UDP, so I edited it to TCP/UDP in/out for all incoming and outgoing ports (which seemed to cover everything), then saved and rebooted, but still no joy. Remote Desktop Connection still can’t see the NAS.

Here’s ipconfig /all:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dave-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eu.intdata.com
Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : RP614v4
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-11-11-CB-FB-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::287a:b292:cc5f:f43e%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.72.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 01 August 2011 12:35:18
Lease Expires . . . . . . . . . . : 02 August 2011 12:35:18
Default Gateway . . . . . . . . . : 192.168.72.1
DHCP Server . . . . . . . . . . . : 192.168.72.1
DHCPv6 IAID . . . . . . . . . . . : 234885393
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-74-DF-83-00-11-11-CB-FB-29
DNS Servers . . . . . . . . . . . : 156.154.70.22
156.154.71.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.RP614v4:

Connection-specific DNS Suffix . : RP614v4
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.72.104%16(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 156.154.70.22
156.154.71.22
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:28d2:203:3f57:b797(Preferred)
Link-local IPv6 Address . . . . . : fe80::28d2:203:3f57:b797%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Here are the Network Zones:

http://gallery.idnet.com/main.php?g2_view=core.DownloadItem&g2_itemId=110832&g2_serialNumber=2

Here are the Firewall Application rules:

http://gallery.idnet.com/main.php?g2_view=core.DownloadItem&g2_itemId=110834&g2_serialNumber=2

Beginning to wonder if this is the right firewall for me - it seems far more awkward to set up than I was expecting - most of this stuff ought to be set by default, or via a wizard.

Unfortunately the images you’ve uploaded are not working for me.

I believe I misunderstood your requirements. So, just to clarify, you’re using remote desktop to connect from your PC to your NAS? If so, does the NAS use standard Windows RDP?

Svchost.exe, is the process responsible for receiving inbound RDP connections, however, like all good firewalls, CIS doesn’t allow unsolicited inbound connections. Therefore, you would need to create both a Global and an Application rule to allow these connections. Hence the link I posted earlier.

If you’re making an outbound connection from your PC to NAS, the process responsible is called mstsc.exe and is found in Windows\System32. If you’re using the default firewall rules, you don’t have to create any additional rules, as this is a trusted process.

Please repost the images, as I can’t view them and the url seems to be broken.

Unfortunately the images you've uploaded are not working for me.

Odd - the images show fine here, and viewing permissions are set for everyone at the host. I'll repost them:

http://gallery.idnet.com/main.php?g2_view=core.DownloadItem&g2_itemId=110831&g2_serialNumber=1

http://gallery.idnet.com/main.php?g2_view=core.DownloadItem&g2_itemId=110835&g2_serialNumber=2

So, just to clarify, you're using remote desktop to connect from your PC to your NAS? If so, does the NAS use standard Windows RDP?

Yes.

OK - finally solved the Remote Desktop Connection problem (mostly). For some reason it will no longer work with the server name, but it’s OK if I explicitly use the server IP address. A bit of a pain, but at least it works. The server name works fine for network access, so I don’t know what’s changed.

I did discover ‘training mode’ (I don’t recall that being mentioned at install time) and tried putting both the firewall and Defense+ into training mode, so they’re learning what’s going on, but although I got learning alerts when I tried RDC, it still wouldn’t work using the server name - in fact the server name didn’t work even if I disabled both the firewall and Defense+. I guess it’s just IP adresses from now on…

The reason you probably having problems with host names is because you chose to use the Comodo secure DNS servers during installation. To remove these and revert to your previous name servers, see the image below.

If you want to keep the Comodo DNS servers, you can add an entry to your hosts file;

Windows\System32\drivers\etc\hosts

This is a standard text file, so use any text editor. Create an entry with the IP address of the NAS first, followed by the host name.

For you Application rules, I suggest you delete the rule you modified/created for svchost.exe and also delete the TCP IN rule on the system process, as this is covered by the two following System rules.

If you find there are still connections issues, you can add the two ‘Home network’ rules to svchost.exe. This is something necessary when using Windows 7 Homegroups.

[attachment deleted by admin]

Aha - OK, I’ll try hacking the hosts file. It didn’t occur to me the DNS servers would be involved locally.

For you Application rules, I suggest you delete the rule you modified/created for svchost.exe and also delete the TCP IN rule on the system process, as this is covered by the two following System rules.

If you find there are still connections issues, you can add the two ‘Home network’ rules to svchost.exe. This is something necessary when using Windows 7 Homegroups.

Great - thanks for your patience & advice; it doesn’t take long for my brain to go numb when dealing with comms & networking

Apologies, forgot to post the image. Give us a shout if you need any more help.