ping is not working

lvm · January 4, 2008, 11:33am

Firewall is configured to allow all in/out traffic for ping (yes, I know it is an overkill), it is the first rule in the list, global rule to block ICMP is deleted and yet all ping requests time out unless I disable the firewall, nothing is logged. Am I missing something?

I am sure that I am running the instance of ping the rule is configured for, pings to local subnet also time out even though it is set up to allow all in/out in global rules.

3.0.14.276

goodbrazer · January 4, 2008, 12:32pm

Does ping.exe work if it is set to trusted application and there are no any block entries in global rules?

If yes, try this:

For ping.exe set these rules in same order:
allow/icmp/out/any/any/where message is echo request
allow/udp/out/any/any/any/any
block all unmatching

For system set default ruleset (outgoing only).

Make sure there is no global rule like block/ip/out/any/any/any

cornix · January 4, 2008, 9:36pm

I have added also the permission in input for echo request for the “windows operating system” rules and so it works in one system, but in the other I had to disable defense+. Why?

goodbrazer · January 4, 2008, 10:07pm

Do I understand correctly: this is rule allow/icmp/in/any/any/echo request ?
If yes, better remove it as it is not needed anyway.

What do you mean? 2 different computers?
Try to set ping.exe as trusted application in D+.

lvm · January 5, 2008, 6:50pm

tried all this - no effect, icmp is still not getting through. traceroute is not working either…

goodbrazer · January 5, 2008, 6:57pm

Maybe you’d be interested in this site while solving problems with ping and traceroute.

EDIT:

What does the log show in this case?

cornix · January 8, 2008, 6:20pm

Dear goodbrazer

1)for the rule “allow/icmp/in/any/any/echo request” I have noticed you have eliminated it and it is ok.
2) yes I have two PCs with WIN XP PRO, CFP 3.0.14.276 and with the same rules, in one the rules works, in the other I receive an “access denied” at any ping try unless you disable D+ (even if ping is trusted in D+)

goodbrazer · January 8, 2008, 7:12pm

Hi, cornix

I’m embarrassed (:SHY)

Maybe this will help:
go to defense+ ->advanced->computer security policy and remove all entries, except these groups: all applications, windows system applications, windows updater applications, comodo firewall pro.
Set D+ to training mode. Try to ping some addresses for a couple of times. Set D+ to train/w safe mode (or clean pc mode, or paranoid mode). Try to ping again.
What are results?

cornix · January 8, 2008, 8:54pm

Fine goodbrazer! The result now is that ping works.
Thanks a lot.