vmware, comodo and bridged connection

Hey guys

Trying to run a vm with bridge network. Unfortunately bridging is interfered by comodo as long as i do not disable ‘COMODO Internet Security Firewall Driver’ on my host adapter.

I’m not sure but i think it worked from time to time but i dont know how to reproduce. Any ideas?


Can you show screenshots of the firewall logs (View Firewall Events) , Global Rules and Application Rules?

Hi, I got the same problem on Windows 7 Ultimate x64 physical machine running with Comodo Firewall v5.10.228257.2253 , my virtualized machines are Win7 x64 and Fedora 17 x64. Bridged connection not working. Using Vmware Workstation v8.0.4. Please help!. Thanks!.

i have the same problem : my config is windows server 2008 R2 with vmware workstation 9.0.1 and CIS, the latest version (2012-12-11)

when i use a vm inside vmware workstation (Xen cloud plateform, or xen) and this vm use bridge, i cannot ssh inside.

But if i remove the service ‘COMODO Internet Security Firewall Driver’ on my host adapter it is ok : i can ssh inside vm.

I try to use windows 7 x64 and have the same problem.

I remove CIS, reboot and install zone alarm security and its ok

I prefer CIS

what can i do please ?

same here

Windows 7 Professional x64
COMODO Firewall 5.12.256249.2599
VMware Player 5.0.1 build-894247
FreeBSD with bridge network inside

When the CIS is disabled or uninstalled, i can connect to FreeBSD on any ports (http, ssh, samba).
When CIS is enabled, only ping and samba working.

— netstat on FreeBSD ----
tcp4 0 0 SYN_RCVD

in fact I can send packets to FreeBSD, but FreeBSD can not reply.

I can connect to FreeBSD by port forwarding on my router (me) ----> (router) ----> (FreeBSD on VMWare)

In CIS I was delete all global rules and add ‘allow from any to any’ rule. My network is defined as trust zone. In Firewall events i see no blocked connections.

any suggestions?

[attachment deleted by admin]

Is CIS on the VM or the host? Is NAT enabled in VMWare?

Be careful when you change the bridged adapter mappings. If you re-assign a physical Ethernet adapter to a different virtual network, any virtual machine using the original network loses its network connectivity via that network. You must then change the setting for each affected virtual machine’s network adapter individually. This can be especially troublesome if your host has only one physical Ethernet adapter and you reassign it to a VMnet other than VMnet0; even though the VMnet still appears to be bridged to an automatically chosen adapter, the only adapter it can use has been assigned to another VMnet.

CIS on host (Windows 7)
NAT is disabled in VMWare - network connection type is bridged.

The problem is not in my VMWare configuration, because it works. It only stops working when i turn on CIS, but even then ping works. Do not work only a few connections but can not see in the configuration and CIS logs information that has been blocked.

Any chance the Win7 firewall is enabled?

win firewall is disabled

you said:

I can connect to FreeBSD by port forwarding on my router (me) ----> (router) ----> (FreeBSD on VMWare)

Is the IP address for the host (me) the same as the IP address for the FreeBSD? The host and the VM are essentially a LAN; they must all have unique IP address.

What do you get from CMD: ipconfig /all on both host and VM?

I don’t understand no log entries. In FW Behavior settings, put slider on high, check all items (the host essentially IS an ICS gateway). In ‘advanced’ ensure ‘protocol’ and ‘NDIS’ boxes are checked.

Sorry my mistake. - me - Win7 (host) - FreeBSD (guest) - router

still does not work. Firewall log is empty. FreeBSD can not connect to Win7 from a different port than 445.

[attachment deleted by admin]

I don’t have much experience with VM except during lab for the principles of networking - a core component for CCNA examination - which I passed with an ‘A’. That notwithstanding, my understaning of VM configuration is pretty much that its all the same; its networking, albeit in a wholly virtual environment. I want to make sure the VMnet is configured properly before throwing CIS into the mix (so disable, or preferably uninstall, CIS).

Any chance you had VirtualBox previously installed? Apparently it doesn’t play together nicely in the sandbox with VMWare; the Bridge Network capability gets broke. The problem is only compounded when the host is running ‘Nix (this is not you but I’m just sayin’). When you installed VMWare Player, did you implement bridged connection, or perhaps host-only or NAT? Do you see vmnet-bridge process running on the guest OS?

In the directory where your virtual machine is should be a file named “something.vmx”. It is the configuration file of your VMWare Player and should contain something like “ethernet0.connectionType = (something)”; “something” should be “bridged”. Is the line there and is it “bridged”?

Ensure that the physical NIC is connected to the physical network and that the host’s network interface - local area network - is using VMware Bridge protocol.

How many physical NICs are installed on the host? In network connections do you see VMNet0? In the Virtual Network Editor is VMNet0 being used for the bridge? Is it being bridged to a physical NIC or a virtual adapter (perhaps one implemented from Virtual Box)? Is the VMNet bridging configuration set to auto? If so try setting it manually to the physical NIC. If there are multiple NICs in the host, try disabling all other NICs except the one VMNet 0 should use.

Of course, you must stop all guest OS before making any changes to VMNet mapping. Secondly, if changes need to occur, I’d suggest to uninstall CIS.

After making any changes and restarting the guest OS you should see a vmnet-bridge process on the guest OS.

You should be able to test network connectivity by opening a terminal in the guest OS and pinging: local loopback, the guest OS’s virtual NIC IP address, the physical network’s gateway and finally some URL. Since the network connection is bridged, you’ll have to specify the guest’s IP address, mask, gateway and DNS. Keep in mind the guest OS’ gateway is the router of the network that the host is a node of (not the host itself). And if DHCP is enabled for the guest OS, the DHCP address would be the physical network router (or network DHCP server) address.

Also, be aware that although VMWare Server lets the user configure the IP address assignments and DHCP ranges from within the application, VMWare player doesn’t. This can be bit of an issue if you have a VM that’s been configured with a static IP address in a non-default range. By default, VMware Player uses 192.168.x.x IP address to assign IP address for your guest vm images. Again, this is not you, but I’m just sayin’. But the utility needed - ‘vmnetcfg.exe’ - isn’t installed by default when VMWare Player is installed. It can be found in the VMWare Player install directory, i.e., ‘C:\Program Files\VMware\VMware Player’. You can configure the IP Ranges to be whatever you wish using this utility.

Furthermore, when making network configuration changes for the VM, the VM shouldn’t be powered on.

If the foregoing can’t be gotten to work correctly w/OUT CIS, then I’d suggest resinstalling the VMWare adapter interface, i.e., bridge, host, NAT. It can be done w/out reinstalling VMWare from scratch.

If virtual network connectivity has been ascertained, then I’d reinstall CIS and recheck connectivity. If the network topology is sound - based on verfied connectivity - then any subsequent problems must necessarily lie with the firewall.

I know this is an old topic, but it’s the number one result when looking up

allow vmware bridge firewall / vmnat firewall in major search engines.

Just want to say that several different firewalls (FortKnox, Outpost, Comodo, etc.) all have issues with allowing VMWare’s internet connection to work - be it in NAT (yuck!) or bridging mode.

Perhaps one day VMWare themselves will address this. Other than temporarily disabling the firewall (which works with all Firewalls tested so far), I haven’t found a solution. Hopefully someone will, someday.


I found a rule (see attached pic) that solve this. Hope this helps.

[attachment deleted by admin]

I have the same problem. How do you solve it?