Second computer cannot connect to web with ICS

I know little about firewalls. I too have had identical symptoms as of 12Jan11, running CIS Firewall on an XP (SP3) machine connected via Ethernet to a (don’t snigger) Window ME machine. Updated this morning (UK time) and since then I cannot get any Internet connection on the ME machine (tried 3 browsers).
I’ve not had a previous problem in 2 years but now can only use the ME PC if CIS Firewall is disabled (all then works - but no Firewall (unless I sadly have to use the MS one).

Tried setting up a new LAN but to no avail (but I’m not sure what exactly is required). A wheel has clearly fallen off CIS somewhere. I’ll watch this post to see if help can be found.

I split your post from Firewall blocking Internet Help pls.

Did you try the suggestions given by Jacob?

I haven’t tried the suggestions but I will now do so as soon as I can (up to my ears). I’ll report back. Thanks.

Keep us posted.

I’ve got the same problem with a triple ICS hook-up since updating last night…
Host is XP SP3 with 3-mobile dongle.
Second is triple-boot XP SP3/Win 7 Prem/Ubuntu - Direct LAN.
Third is Vista Home Basic laptop via wireless dongle in host PC - AD-HOC link.
Everything working fine until update last night (15th, but hadn’t been on-line for a few days).

Now only host connects. Looked at firewall logs and found a series of “192.168.0…” blocked.
Tried unblocking them - no luck.
Then un/re-installied CIS, but no joy, and ‘blocked’ don’t re-appear!

Any ideas?

Oh - one thing I forgot. Somehow Windows Firewall got turned back on somehow.
Could it be related?

I have a similar problem. My home network is setup using ICS with the following computers:

host- desktop WinXP sp3- Ethernet connected to DLink router
client- laptop WinXP sp3- wireless
client- laptop Win7 Ultimate- wireless
client- desktop LinuxMint- Ethernet

I am using a Huawei broadband dongle for my internet connection.

My problem is that after setting up a Comodo firewall yesterday for the first time on the host and one client computer, everything worked great. I have ZoneAlarm firewall and AVG on the other WinXP client. I named my home network “Home”, the Huawei broadband internet dongle “Tigo”, and my VPN connection “VPN”. But this morning when I tried to connect to the Web from any of the client computers, No Internet Connection! I still have internet connection on my host computer. I noticed that every time I start my home network, my Huawei dongle, or my VPN I get a “New Private Network Detected” message, even though the network that is connecting has already been identified and is not a new network. When I type in the name of the network (eg. Home, Tigo, or VPN), it tells me that “The name that you entered is already in use. Please enter a different name.” What is going on? How do I fix this? Thank you.

Step 1 Give Network Name

@ theasta;

Could you please post a screenshot of your global rules?
Also; to verify your LAN Enviroment
You have a XP Machine which Vista Connects to via AD-HOC Link;
Also You have another XP Machine That Connects directly to the Router
Also You have recieved alert for which computer?
Also; is it possible to post the IP’s So i could give direct directions
Which Machine has CIS? and Which Machine You have Uninstalled?

---- – ==== >

@ mhnrimrncmr;
Has anything changed since you had everything Good To go?
Also; What mode do you have enabled? (Safe Mode/ Custom Policy Mode)
I get this error; once i have two different configurations that has the same IP Address with the same Network Zone name.
Could you post a screenshot of both your Global rules and network zones for clarification purposes?

---- – ==== >

@ cyrillick;

[img] [./img] (Remove the .)
this is if you have uploaded an image to a image hosting website (ie Photobucket/Imagecave)

If you do not have an account with such you can click "More Options > click Upload/Browse and just look for the image

Hope this all helps:)

Jake

I’ve tried some experimentation (groping in the dark) so rather than hit my head against a brick wall, I’ll supply all the relevant info I can.

Host PC runs XP (SP3). Broadband via Ethernet cable to (very reliable) Huawei SmartAX MT882 modem. XP PC connects to Internet without problem with Comodo Firewall in Safe Mode.

Attached via 100Mbps Ethernet connection to old Compaq PC running ME (I’ve specialised s/w which will only run on ME). Once I’d gone through the Network Zone setup (again) I ended up a connection which worked with IE6 (ouch!), Opera9 and Firefox2 (can’t upgrade on ME). Please note that I removed all traces of a previous firewall and virus checkers on the Compaq a while ago. A part of IPCONFIG output is:

0 Ethernet adapter : (the connection to the XP PC)

Description . . . . . . . . : NDIS 5.0 driver
Physical Address. . . . . . : 00-10-B5-E8-00-45
DHCP Enabled. . . . . . . . : Yes
IP Address. . . . . . . . . : 192.168.0.64
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . : 192.168.0.1

(I’m not sure what all these items mean, but the IP address hasn’t changed at all).

Corresponding info for XP machine is:

Ethernet adapter Local Area Connection 2: (the connection to the Compaq)

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-22-15-17-08-54
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::222:15ff:fe17:854%6

History & Notes:

  1. Comodo (vsn. 3?) installed Feb 2009 on XP PC. (Needed two attempts because I already had a virus checker).
  2. Upgraded to Vsn 4 when released. This gave occasional problems with System Tray Icon (cfp.exe appearing but not responding to mouse, with subsequent shutdown failure. Will pursue elsewhere in forums).
  3. Upgraded on the 12th Jan, when all the connection problems started (see original post). Current version is:
    Comodo Firewall Product Version 5.3.175888.1227 (but Comodo release notes says latest version: Version 5.3.174622.1216: 29 December, 2010 !!)
    I’m running Comodo with Firewall in Safe Mode, Defence+ in Safe Mode, no Comodo Virus checker, Sandbox disabled.
  4. With Firewall in Safe Mode, no browser will work (usual “can’t find” or timeout error messages for all URL’s). Turn Firewall to Disabled Mode, everything works just as it normally used to.
  5. I made a copy of the configuration file 15th June 09, loaded that but to no avail.
  6. I’ve tried several suggestions from related posts (inc. by Jacob) but no joy.
  7. The Firewall Events log always shows the blocked Application to be ‘Windows Operating System’. See below for example:

http://img200.imageshack.us/img200/853/cisevents2.png

  1. I’ve re-read the on-line documentation and believe I’ve got my configuration correct, details follow:
    Network Security Policy
    Tab is Network Zones
    Lan #1
    IP In [192.168.0.0 - 192.168.255.255] ***
    Loopback Zone
    IP In [127.0.0.1 / 255.0.0.0]
    etc

    Tab is Global Rules
    Allow All Outgoing Requests If The Target Is In [LAN #1]
    Allow All Incoming Requests If The Sender Is In [LAN #1]
    etc.

    Tab is Application Rules

http://img440.imageshack.us/img440/3868/cisapprules.png

8.1 *** I wasn’t sure exactly which IP address to use, so I guessed the whole range (is this ok or too general?).
9. I used the Global Rules to modify the ‘System’ entry to ‘Custom’. It didn’t make the slightest difference.
10. I set up the Zone using the Stealth Ports Wizard (first option).
11. Under Firewall Behaviour Settings/Alert Settings the box for … (i.e. an ICS server) is ticked.

Summary: The Compaq has remained un-modified (h/w or s/w since May 2009). The first connection problem occurred immediately after I upgraded Comodo this month. I haven’t been able to find any obvious variant which works (but I repeat, I don’t know much about firewalls, so I don’t want to experiment too much). If I’m doing something stupid, please let me know and I’ll be contrite, otherwise - help!..

(Thanks Jake for image info - I’m not clued up with all the modern tech stuff).

Cyrillick. Looking at the logs I see traffic to port 80 being blocked when coming from WOS.

When WOS is in the log for outgoing traffic it means that CIS cannot see an application that is doing the request. That can happen when another program is “blocking the view”.

When you know your system is not infected I suggest to make an application rule for WOS and give the Browser policy.

Please Follow EricJH Method; and Report Back;

Thanks

Jake

Thanks for response (EricJH and Jake). I’ll do a full virus scan, and full scan with Ad-Aware and also MalwareBytes tomorrow on the XP (it’ll take a couple of hours) then try your suggestion. I’ve already checked the Compaq and nothing showed up.

I did the full virus scan, Ad-Aware scan & Malwarebytes scan on the XP PC, and repeated a full scan on the ME PC (used last vsn of AVG compatible with ME). These showed up just the usual few tracking cookies re-appearing from my last purge. Both PC’s are as clean as I can get them.

As requested - in Application Rules, I changed ‘System’ from ‘Trusted’ to ‘Web Browser’. Alas, I still had the same problems when trying to browse from the ME machine. (I have not meddled with the Web Browser configuration - it’s the default as provided). I also had a few Firewall errors of ‘System’ blocking UDP (IP 192.168.1.3, which I think is the Huawei modem), these errors occurred even with ME PC switched off. These disappeared when I reverted ‘System’ to Trusted Application.

I also checked the running processes on the ME PC (using MS WinTop) and there’s just the normal 14 + whichever browser, it’s exactly as normal (I run WinTop all the time, paranoia rules OK).

In all other respects, the two machines are working fine. The Ethernet connection works fine at all times for bulk file transfer and apart from the (temporary) UDP block mentioned above, the XP PC seems to connect to the Internet without any obvious problems. The only other thing I’ve tried was to remove my bandwidth monitoring program (BDM.exe) from the XP PC (it’s worked OK for several years irrespective of any firewall present or not). This did not make the slightest difference. I’ll continue to take advice and reply with any relevant info. Thanks for your help.

… Sorry about delay.

Host: Win XP SP3 Home, CIS 5.3.175888.1227, Virus Sig 7434)
Client1: Win XP SP3 Home (Mainly), CIS 5.0.163652.1142, Virus Sig 7392)
Client2 (Laptop): Win Vista Basic, CIS 5.0.163652.1142, Virus Sig 7341)
(Sometimes runs Win 7 or Ubuntu)
Host and client normally run 24/7, but not always online.
Last two haven’t been updated because of link.

Host has ZTE MF112 Wireless Broadband dongle with ICS enabled.
Physical link to client 1: 100MB Ethernet
Wireless link to Client 2: Edimax (RT73) ‘Ad-hoc’)

Ad-Hoc link details:
Host set to automatically connect (have to reset after reboot)
Client 2 set to host Ad-hoc link (Windows limitation?). Host reconnects automatically when it’s turned on.

CIS is running on all M/C’s. Settings:
Sandbox - disabled
Antivirus - Stateful
Firewall & Defense+ - Training mode.
The latter seems to be the only way to allow BOINC to create new process executables.


This setup worked fine for over a year until update last Friday.
Now ICS no longer works, but shared drives are still recognised & accessed fine.


Re:- blocked messages
When problem cropped up, I looked for the log messages, and found a long list of
‘192.168.0.???’ messages blocked.
I thought they’re local network and thought if I un/re-installled CIS on host, it might re-recognise
it and give me the chance to reset the settings.
When I did that, it did detect a new network, and I enabled it as Trusted.
But there are now no ‘blocked’ messages showing up on any of the machines (and the old ones have been deleted).

I was going to include ‘Global Rules’ as you asked, but can’t figure out how to get the screenshot in here!
(HELP how do I translate

  • I may look newbie on profile, but my degree in Comp. Sci. was 1977 before PC’s were invented :wink: !

Cyrillick. I see you changed the rule for System. I asked to change the rule for WOS to the Browser Policy. Could you try this?

There is one thing I think we forgot to check. Please make sure CIS is set to act an as an ICS. Please check under Firewall Alert Settings

At Theasta.

How to post a screenshot?

To copy a screenshot of the active window push alt+print screen to copy the active window to the clipboard (pushing print screen will copy the complete window to the clipboard not just the active window). The window is now copied to the clipboard. Paste the image in any image editing program, Paint, Paint.net, the Gimp etc. Use the “crop” function to resize the canvas to size of the image. Now save the file as 32 bits png image.

At the forum push the reply button. Or when using the Quick reply type some text and push the preview button.

Underneath the text box click on Additional options. Push the Choose button and navigate to the file and select it. When you want to post more images click on the more attachments link.

When done typing push the Post or Preview button.

EricJH. I already checked that CIS was acting as an ICS - it’s what I was trying to say in note 11 of my long Reply#8. The notes re. posting screenshots were useful, thanks.

Because of ignorance I assumed WOS meant Windows Operating System and hence I altered ‘System’ in Application Rules. The only other possible entry is 'C:\WINDOWS\system32\svchost.exe, is that what you mean?

The Windows Operating System (WOS) is a pseudo process. It indicates that in case of incoming traffic CIS does not see a listening program; it then show the incoming traffic being stopped by WOS. In case of outgoing traffic and CIS cannot see what application is asking the request (some applications can block CIS’ view) it will alert the user.

It is possible to make a rule for WOS when it pops up or when it is in Application Rules (in that case you can choose to edit the rule).

EricJH. It’s becoming clearer!. Unfortunately, WOS is not in my Application Rules (and I don’t know how to get it there) and I’ve never seen a pop-up for WOS. Not sure where to go from here…
(Time delay to my responses is down to time zone differences.)

To take a different angle. I see you are running a utility from your Huawei modem. May be that is interfering here. Can you disable it from starting with Windows? When done reboot and see what happens.

EricJH. The Huawei utility is one that I use occasionally but is not run at boot time - it’s never been left as a permanent resident process.

I’m at a loss to know what’s happening - but I’m going to try to get Comodo to detect and setup a new LAN, if only to check exactly what is set up. I have updated (via Comodo prompt) to version 5.3.176757.1236 but this made no apparent difference. As far as I can tell, CIS is behaving entirely as normal when connecting to the Internet from my XP PC. If I try from the ME PC - not a flicker. I’m going to check again the ME PC for any recently added files but haven’t found anything so far. Any further suggestions?