Problem loading specific sites [RESOLVED]

I’m at the point where the browser has ALLOW rule for TCP+UDP both IN+OUT (component monitor in learning mode), configured for ANY remote IP with ANY port, ALLOWing invisible connections, parent application NOT defined (skipped) and I’m having problems loading specific pages from specific sites (example: www.ebay.com.au → myeBay → then attempt to log in). It just hangs. Dropping the firewall lets the traffic through immediately ???

Before I start examining the traffic flow, I was wondering if anyone had any similar issues?

Have you checked your Logs to see what CPF blocks?

Nothing turns up as blocked in logs. I’ve had a further look and it seems that there may be an issue with cpf together with avast! and its “web shield”…

This happens if you have not added your network as a trusted zone.
It happens with ebay, hotmail and other sites.

Defining the zone worked, thanks! But to learn from the experience, do you know what exactly causes this behaviour ie what traffic is blocked as a result of not having a trusted zone defined? (WCF3)

Everything that is not allowed is blocked. Simple and efficient. It only allows what it is told to allow.

Ewen :slight_smile:

Ewen,

Your response was interesting, and relates to my other discussion with you. In a home LAN, does the router’s (gateway’s) LAN-side IP address have to be included in a rule (or zone used in a rule) allowing traffic, or only the two endpoints of any given transmission?

Thanks,
Bruce

ok :slight_smile: but why does setting up a trusted zone cause a certain site to work, as opposed to giving full access to a browser in cpf? (and by “work” I mean “completely” work, in my ebay example you will see that initial access to ebay site is ok, but following the path I suggested doesn’t)

Note that it’s only certain sites that pandlouk listed in his post above.

I love replying to my own posts.

It turns out that without defining a trusted zone (typically a LAN behind a NAT router), the problem is blocking ICMP fragmentation-needed messages. I can move on with my life now ;D

Hey Bruce,

If the rule covers your PC and a site on the internet then, since you only have the opportunity to nominate two IPs in the rule, it would be the two IPs concerned - not the router. The only time the routers internal IP would be included in a rule is in the trusted zone rule for your home LAN.

Hope this clears things up.

Hey drmjx,

If you don’t define a trusted zone, your PC can’t accept ICMP calls. check if ebay and the other nominated sites send any ICMP data ahead of any transactional data. Not 100% certain on this, but its a possibility.

Hope this helps,
Ewen :slight_smile:
(WCF3)

Simply confirming that this works… I did this and voila, problem solved.