Ewen,
If you have a chance, I really would appreciate some help, I still am unable to resolve my problem. If anyone else has any ideas/suggestions I am all ears.
Fred,
I don’t know if it will resolve your problem, but I have been informed that in order for Windows ICS to work, IGMP needs to be allowed (it was mentioned that it communicates on Port 2).
Thus you would need to create a new rule (or two…) in the Network Monitor, as follows:
Action: Allow
Protocol: IP
Direction: Out
Source: Any (or the IP of the computer with the modem)
Destination: Any (or your Trusted Zone/Network of computers)
IP Details: IGMP
Click OK.
Action: Allow
Protocol: IP
Direction: In
Source: your Trusted Zone/Network (crucial that you have the Zone set, as you don’t want to allow “In” from just anywhere…)
Destination: Any, or IP of computer with modem)
IP Details: IGMP
Click OK.
I would recommend rebooting your computer at this point. Then see if that works.
Hope that helps.
LM
PS: Have you upgraded your firewall to the final release of 2.4 yet? I just thought of this; another guy with a similar problem found his resolved itself as soon as he upgraded from 2.3.8.61 to 2.4…
PPS: You might add your idea to the Wishlist; it sounds useful to me.
Thanks, I will try that when I get home. And yes, I already upgraded to 2.4
Hey Fred,
Apologies for the delay, but family must come first. 
The first thing we shuld try is to set the IP addresses manually on the laptop so that their address is in the range of the trusted network.
On one of the laptops, do a right click on MY NETWORK PLACES and select PROPERTIES. This will open the Network Connections windows, showing all networks configured on that PC. Do a right click on the WiFi connection and again select PROPERTIES.
In the connection properties window, under the heading “This connection uses the following items”, scroll down and find TCP/IP and do a right click on it and select PROPERTIES. This will poen the IP properties window.
Select "Use the following IP address, and then enter 192.168.0.2 as the address and 255.255.255.0 as the netmask.Leave all other options as they are, at the moment. Click OK to complete setting the address. Click OK to confirm the changes to the connection. It will take a little while to set the changes. Reboot the PC. It’s not actually necessary to reboot, but let’s just make sure that the system is starting up with the nominated values.
Once rebooted, repeat the above steps to verify that the address of 192.168.0.2 has actually stuck. If it has, check the logs on the desktop PC and see if the alerts still appear. Then check whether you can access the internet frm the laptop, while CFP is active on the desktop PC.
Back to you,
Ewen 
I tried this and added these rules, and it worked for about a day, and now is back to it’s same old problem.
I then went to my Network connections and set my IP address under TCP/IP for my WiFi network as you suggested, and it still can’t connect.
This brings me back to one of my earlier questions. Since it works fine when I turn off Network Monitor, is there any harm in leaving it off? None of my PC’s are networked and my WiFi router is only turned on when I am using it so I can connect to the internet through it from one of my laptops. Both laptops also have Comodo Firewall installed as well.
Any suggestions??
No, not a good idea to turn off Network Monitor, Fred. That is the basis for how your system is allowed to communicate; everything else happens within the context of those rules. You may allow an application to communicate, but that communication happens only as the Network rules allow.
Here’s a description of CFP’s layered rules that may help you understand how it functions a little better.
https://forums.comodo.com/index.php/topic,5372.0.html
As to your problem, I’m sure Ewen will be back with you shortly. He’s far better equipped to handle that than I, and I have every confidence he will be able to help you get it resolved.
I know it’s a pain, but hang in there!
LM
I am ready to give up. I have been fighting this problem for two weeks now and nothing seems to help except turning off Comodo.
It just seems like Comodo won’t work with Internet Connection Sharing.
Fred,
I understand your frustration, and I want to assure you that ICS will work with CFP; there’s obviously a setting problem here. I looked back at your logs you posted for Ewen, and saw that all those blocks were for 169.x.x.x; this is a “dummy” IP address assigned when ICS isn’t working (I’ve been doing some reading…). What are the Network Monitor Rules for your Trusted Zone/Network of computers?
Take a look at this topic; sort thru that and see if it doesn’t help you…
https://forums.comodo.com/index.php/topic,1643.0.html an ICS issue was resolved there, so I’m hoping there’s good info for you as well.
LM
I am still having problems. It seems that when I try to connect the laptop it stalls while trying to get the ip address from the WiFi router. Dunno what to try next, I have checked everything suggested.
Can anybody help me?
Fred,
Honestly, I don’t see why you can’t connect. To give a little overview (of why it shouldn’t be this difficult…) of how CFP works with ICS.
-
Two (or more) are set up to share internet connection using Windows ICS.
-
Connection is successful.
-
Install Comodo FW to the host/gateway machine.
-
Define Zone to encompass the linked computers.
-
Define Zone as a Trusted Network (to allow All traffic between linked computers).
-
All computers are now allowed to connect to the internet.
This really does work. I don’t know why it’s not for you, unless you see that at any step in the process, that is not the step you took.
So, wracking my brain for possibilities (ooh, that hurts)…
I don’t remember if you’ve done this or not, but try this: On your host computer, move the security level (for CFP) from Custom to Allow All. See if that helps.
LM
Hey Fred,
If you have installed CFP on the laptop as well, when you define the zone, you must include the IP address of the router in the range used for the zone.
The zone rules should be identical on all your LAN PCs running CFP.
If CFP was installed on the laptop and the router was not included in the zone definition on the laptop, I would expect to get the results you’re getting.
Hope this helps,
Ewen
Thanks, you may have hit on the problem. I have Comodo installed on the Laptops as well, and had not set up a trusted zone on them, didn’t think I needed to. I set up a trusted zone to encompass the WiFi router IP and so far so good. I will need more time to test it to be sure, but I think that may have fixed my problem.
Thanks again for your help and patients with me.
Well, I hate to tell you this but the problem is back.
Whenever I try to connect either laptop to the WiFi network, it stalls while “Acquiring Network Address”
If I turn off Network Monitor, it will acquire the network address, and I can turn network monitor back on after it has aquired and connected to the network, and all works fine.
It also seems like once I aquire the network address, I can disconnect and reconnnect to the network fine, as long as I have not rebooted either machine.
The host computer that has ICS set up on it is NOT using DHCP and DHCP is also disabled on the WiFi router.
For now the best solution I can come up with it to disable network monitor on the host PC, let the laptop connect, and then re-enable it once the laptop connects, but it seems like there should be a better way.
Hey Fred,
I’ve got to ask, and I’m not being facetious when I do but, if it worked between Feb 12 and yesterday - what has changed on your systems?
Have you installed any other security software?
Have you modified any rules on any of your PCs?
Did you backup the settings when it was working?
If so, does restoring the working rule set fix the issue?
Something, somewhere, has changed, we just need to identify what the change is.
Ewen
It worked when I first tried it on one laptop. However, it reappeared after Comodo pushed an update to me. That is the only single thing that has changed on any of the machines. I have not installed any software of any kind or made any changes to the rules.
I did get a couple microsoft updates pushed to the machine a week or so ago, about the same time I got the comodo update push.
I dunno. It baffles the heck out of me. One day it works and the next day it doesn’t.
Hey Fred,
I’d lodge a support ticket at support.comodo.com on this. If you can identify the Windows updates, include the details on these in your ticket, along with the date of the CFP update.
Let us know how you get on with this.
Cheers,
Ewen
Try to disable the feature Do protocol Analysis
Thanks, I will go try that. Any hint on where this feature is in Comodo?
Also, should I just do that on the ICS host PC, or any that connect to it as well?
Protocol Analysis is found under Security/Advanced/Advanced Detection/Miscellaneous. It is checked by default; it has to do with CFP’s Stateful Packet Inspection.
Pandlouk has been tracking this, that it seems in some cases (but not all), there is something about DHCP lease renewal that isn’t passing this security protocol, and that by disabling it, the DHCP works.
Following the typical “testing” procedure, I would do it one at a time, and probably start with the Host machine first. If that doesn’t work, then try it off the Client (only; turn it back on for the Host). If that doesn’t work, turn if off on both Host & Client.
LM