Problem with Private network detection

aposner · February 11, 2008, 11:03pm

Just installed v3 and I like it. Only problem is that the “private network” that is being detected is named after my network adapter (which is should), but the address is listed as

192.168.1.100/255.255.255.0

That is the address of my first computer, but the router and gateway address is 192.168.1.1,
so I’m getting a lot of blocked router traffic in the log.

Is there a security problem if I add my router to the trusted network address?

Thanks,
Alan

system · February 11, 2008, 11:16pm

What messages are you getting blocked? The subnet mask says that 192.168.1.0-192.168.1.255 are part of your subnet, so the 192.168.1.1 router is also. Have you actually made your network trusted by going to firewall/common tasks/stealth port wizard and making rules about it?

riggers · February 11, 2008, 11:18pm

Hi aposner,i idea would be to place a block(but dont log) rule for the address,this will stop the logs cluttering up

Nice 1 Matty

ps welcome :■■■■

aposner · February 12, 2008, 6:08pm

sded,

That was my point. The network is being “automatically detected” as 192.168.1.100, rather than 192.168.1.0

Why should that be?

Yes, my network is trusted, but the router (192.168.1.1) is not recognized as being part of my subnet.

aposner · February 12, 2008, 6:24pm

Actually I can solve my own problem if I could be sure that it is safe to trust the router (192.168.1.1).
Can I assume packets coming from the router originate in the router, or is it possible for an outside IP to get into my computer by using the routers IP address???

All other firewalls I’ve used include the router IP in the detected networks except for Comodo.

system · February 12, 2008, 8:57pm

What is being blocked? Your network is detected and identified on your computer by the IP address of your NIC, 192.168.1.100, with an IP netmask 255.255.255.0 which would include your router at 192.168.1.1. That does not mean it is a trusted network; just that a private network has been identified, and you may be one of a bunch of independent computers accessing the internet through a wireless router. What rules were created when you trusted your network? You can certainly modify the network zone created by explicitly adding your router, and then go to stealth port wizard and trust it.

aposner · February 12, 2008, 11:45pm

Sded,

What is being blocked is svhost.exe. The source is 192.168.1.1 and the destination port is 2869.

The network identified by my NIC (192.168.1.100) is set as trusted.

I don’t see why you say my router is included in the netmask? Wouldn’t it then be detected as :
192.168.1.0/255.255.255.0 ?? It’s obviously isn’t thats why it’s being blocked. Right?

system · February 13, 2008, 2:59pm

Do you have application rules for svchost to allow the connections? All the inbound global allow rules do is pass the packets to the application rules. There have been reports of the global allow rules not logging properly also. Are you able to access your router GUI? If so, you are on the same subnet.