First, sorry for the long detailed post, but I hope I put down enough info for someone to have a good idea!!!
I’m having problems with incoming Remote Desktop and VNC connections when CFW is running.
It almost seems like all incoming connections are blocked.
I disabled CFW and Remote Desktop worked. I haven’t been able to try VNC yet with CFW Off.
Next I tried to uninstall and reinstall CFW, with no improvement.
I’m using XP SP2 with all updates and CFW 22.214.171.1245.
I’m using Secure Shell (SSH) to tunnel the connections. My router is the SSH server so basically the TCP packets arriving at the Remote Desktop server (my PC) have the IP source address of the router, with the IP destination address of the PC. (I also used the SSH connection when CFW was disabled and Remote Desktop worked.)
When CFW is running I can see the incoming packets with Wireshark. The source address, destination address and ports all look correct, but there are no replies, and no entries at all in the Firewall Events Log. So if CFW is blocking the incoming packets it’s not generating any log entries. I’ve also tried setting the Alert Settings slider to ‘Very High’ and still no log entries.
Here are the CFW global rules I’m using:
- Allow IP In from Home Network to any address, any IP protocol.
- Allow IP Out from any address to Home Network, any IP protocol.
- Block ICMP In from any address to any address, Icmp Echo Request.
(Home network is defined as the subnet: 192.168.131.0/255.255.255.0)
(Router address is 192.168.131.254)
(PC address is 192.168.131.10)
Application Rules for svchost.exe are:
- Allow IP Out from any address to any address, any IP protocol.
- Allow TCP or UDP in from Home Network to any address, any source port,
destination port 3389.
I read another post from November 07 about problems with Remote Desktop. Some forum members had success moving svchost up in the app rules list, so I tried that as well. I’ve also tried other setting, all ports all everything allowed… No luck!
What I’ve been describing is an attempt to connect to my home computer from work.
I also have CFW installed on the work computer. I connect to the work network over a Cisco VPN, and am able to use Remote Desktop to control the work computer. I tried copying the CFW rules form the work computer; global, services and svchost, to the home computer. So the rules and their order in the list are identical. But even with identical rules the work to home connection still doesn’t function.
I’ve tried everything I can think of except installing OpenSSH on the PC, or getting another firewall. I was using ZoneAlarm Internet Security Suite with W2K, but CWF is much lighter on resources. I really like the control it provides with the HIPS component. I’d hate to go back to ZA!
I’m looking forward to your replies.
Thanks in advance!
I just tried enabling the Telnet server on my PC and connecting to it using the Telnet client in the router. Same results as with Remote Desktop. No connection possible, no mater what the Firewall Global or Application rules are set to. Once I disable the firewall by setting the slider to ‘Disable’ the connection goes through immediately.
So it looks like CFW is blocking all incoming connections. With no logs at all.