Should I Unblock a Certain IP?

Comodo Internet Security - CIS Firewall Help - CIS
1

Hi,

This morning, my Internet connection suddenly stopped. I suspected CIS Firewall, so I turned it off and now my connection works.

I looked in the FW Events, and found CIS FW is blocking a certain IP address, 169.254.8.84. Well, blocking that address completely blocks my Internet connection. I tried googling this address, and can’t find out much. I guess I have no choice but to create a rule to allow it, if I want to use the Internet!

I understand the 169.xxx.xxx IP is created locally by MS, so is it safe? If so, why does CIS FW block it?

All help and comments appreciated!

Thanks,

2

Getting an address in the 169 means that Windows cannot find a dhcp server to get an IP address from. So instead it will assign an IP address in the 169 range.

The causes for this may be a temporary problem with your router or (wireless) connection to the router f.e… Or there is a problem with the wire connecting your pc to your router. Or there is a problem with the firewall settings preventing your computer from receiving an IP address.

Can you show a screenshot of the Firewall logs with the firewall enabled? Did you recently make any changes to your CIS settings?

When the firewall logs show traffic concerning ports 67 and 68 pleas read No network connection after using Stealth Ports Wizard (DHCP Broken) and see if this solves your problem.

3

Hi Erich, Thanks for the reply.

No, I have not made any changes to CIS in months, never used the Stealth Ports Wizard.

Here’s copy=paste of my IPConfig:

:begin IPConfig.

C:>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Bob-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579V Gigabit Network Connectio
n
Physical Address. . . . . . . . . : 54-04-A6-38-4B-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::69b5:f1b8:cd73:854%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 05, 2012 8:54:07 PM
Lease Expires . . . . . . . . . . : Wednesday, December 05, 2012 10:54:07 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 257164454
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-AB-1D-FD-54-04-A6-38-4B-9D

DNS Servers . . . . . . . . . . . : 205.152.132.23
205.152.37.23
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{916AC51C-A4D5-4F01-82D4-9F8D472E93D9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:24ea:c913:47d7:e5ea(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::24ea:c913:47d7:e5ea%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

C:>

:end IPConfig

It’s really crazy now, I excluded a certain IP address and it still blocks it. I guess I’ll just wait for V6 to be released.

Thanks,

4

An alternative method is to create zone for the IP range 169.254.X.X and allow this zone access in/out.

169.254.X.X addresses are only used to keep a NICX alive while it is searching for a DHCP response. It is a non-routable address and is safe to use as an internal LAN zone.

I’ve had to use this method in the past to connect several old PDAs to PCs.

Hope this helps,
Ewen :slight_smile:

5

I’m trying it now. Poblem is, CIS FW seems to be disobeying my allow orders. :\

6

Here’s the latest I have.

Thanks,

[attachment deleted by admin]