[SOLVED] Comodo settings issue

[blabla49 0]

Hi !

So I thought I had everything set up with comodo as I said on another post.

But actually no.

I thought I understood the way it works, but the global rule "block everything of everything" gives me troubles.

What I get at this point when I apply this rule is an error 102...

Airvpn can always login and connect. And I still have access to my router/nas administration.

Comodo's log for doesn't show anything. So I don't understand what's blocking what. Why Comodo doesn't show the fact that it's blocking me from connecting ?

Did I put that global rule where it should be ? Is there another one of my rules that could be wrong ?

I just don't know how to debug this.

Thanks,

Alex.

[Staff 9972]

Hello!

Please make sure that you have enabled logging for the block rule (tick the box "Log as a firewall event when this rule is fired") and that your hosts file has been modified according to the instructions (see step 12).

Then please send us:

- your network zones

- your global rules

- your application rules

- Comodo Firewall events logs

Kind regards

[blabla49 0]

Hi,

Step 12 is ok. And airvpn always connects, whatever the rules.

For all the rest that you need, can I find files somewhere ? I googled it and couldn't find any info. Or do I send you dirty screenshots ?

Thanks.

[Staff 9972]

Hi,

Step 12 is ok. And airvpn always connects, whatever the rules.

For all the rest that you need, can I find files somewhere ? I googled it and couldn't find any info. Or do I send you dirty screenshots ?

Thanks.

Hello!

Readable screenshots are just fine.

Kind regards

[blabla49 0]

Hi,

Actually, I said that I had access to my router/nat , but not anymore..

It's funny how Comodo takes quite a while to actually apply the new rules... Should be instantly (?).

Here are the screenshots:

Also I should mention that even though I have a DHCP rule running, I'm actually on a fixed IP... I had issue with DHCP, so I switched to fixed. I guess I should remove that rule now.

DNS and gateway are both: 192.168.0.254 (again it's a router/dhcp/nas/wifi/tv/bloody everything "box").

Thanks a lot.

[Staff 9972]

Hi,

Actually, I said that I had access to my router/nat , but not anymore..

Hello!

Unfortunately you renamed your Global Rules, so we can't see what they really state. It's not your fault, it's ours, we did not specify in the guide NOT to rename the rules, because renaming them makes troubleshooting impossible. We'll modify the guide accordingly. Anyway, from what we can see on the Comodo firewall event logs, it looks like you were not connected to an Air server, because there is a suspiciously high number of blocks from 192.168.0.31 to several different IP addresses.

From your description, the DHCP rule is wrong, it should allow communications toward IP 255.255.255.255, because before the DHCP negotiation your computer can't know the address of your router or even the subnet of your network, see RFC 1541 and RFC 2131 or http://support.microsoft.com/kb/169289

Can you please delete your customized rules names, re-send the Global Rules and send us also the logs of your client and the output of the command "ipconfig /all"?

It's funny how Comodo takes quite a while to actually apply the new rules... Should be instantly (?).

It should take no more than a couple of seconds...

Kind regards

[blabla49 0]

Unfortunately you renamed your Global Rules, so we can't see what they really state. It's not your fault, it's ours, we did not specify in the guide NOT to rename the rules, because renaming them makes troubleshooting impossible. We'll modify the guide accordingly.

Of course ! Should have guessed that

Before anything, I am currently running Comodo with the "block everything" rule... And everything's working... O_O except that I have leaks. I'm connected to Virginis' server.

But I haven't done any modification on any rules for now.

it looks like you were not connected to an Air server, because there is a suspiciously high number of blocks from 192.168.0.31 to several different IP addresses.

Hum.. Weird cause I'm always connected, but you might be right.

What I had put at first was my router/gateway ip instead of 255.255.255.255.

I've also change my network zones (was wrong to me):

New screenshot of rules:

Here's a new screenshot of my log after correction:

I'm sorry I can't be of any help, I'm totally lost here.

It should take no more than a couple of seconds...

I'll check that out after everything's sorted.

[blabla49 0]

Windows IP Configuration

Host Name . . . . . . . . . . . . : Alex-PC

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : TAP-Win32 Adapter V9

Physical Address. . . . . . . . . : 00-FF-E1-84-75-56

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::1cbf:f7f9:c9fa:70ae%16(Preferred)

IPv4 Address. . . . . . . . . . . : 10.4.0.14(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.252

Lease Obtained. . . . . . . . . . : vendredi 19 octobre 2012 10:35:40

Lease Expires . . . . . . . . . . : samedi 19 octobre 2013 10:35:40

Default Gateway . . . . . . . . . :

DHCP Server . . . . . . . . . . . : 10.4.0.13

DHCPv6 IAID . . . . . . . . . . . : 268500961

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-A1-46-31-C8-60-00-11-6B-BF

DNS Servers . . . . . . . . . . . : 10.4.0.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Con

troller (NDIS 6.20)

Physical Address. . . . . . . . . : C8-60-00-11-6B-BF

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv4 Address. . . . . . . . . . . : 192.168.0.31(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.254

DNS Servers . . . . . . . . . . . : 192.168.0.254

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E1847556-35C7-4051-B05D-AE6292F37326}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9E608965-2226-4958-BF5A-88F23E289D40}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

 

[Staff 9972]

Hello!

Ok, situation now is much clearer.

The rule:

Allow TCP or UDP In/Out From MAC Any To IP 192.168.0.254 Where Source Port Is Any And Destination Port Is Any

will allow at least DNS leaks, please delete it.

The rule:

Block And Log TCP or UDP In/Out From MAC Any To MAC Any Where Source Port Is Any And Destination Port Is Any

is sub-optimal because prevents only TCP or UDP leaks, please modify it into:

Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any (this will expand the total block to layer 3).

We're looking forward to hearing from you.

Kind regards

[blabla49 0]

P.E.R.F.EC.T.

Everything's running smoothly, and no leaks.

Do you see anything else in my settings that I could be improved ?

Thank you so much for your help !

[Staff 9972]

P.E.R.F.EC.T.

Everything's running smoothly, and no leaks.

Do you see anything else in my settings that I could be improved ?

Thank you so much for your help !

Hello!

Great, glad to know it.

According to your reports no improvement is necessary.

For your comfort, you might define a Network Zone (for example [Air servers entry IPs]) containing only the entry-IP addresses of our servers and then set two rules like

Allow TCP or UDP In/Out From In [Air servers entry IPs] To MAC Any Where Source Port Is Any And Destination Port Is Any

Allow TCP or UDP In/Out From MAC Any To In [Air servers entry IPs] Where Source Port Is Any And Destination Port Is Any

In this way, you will only need to add a single IPv4 addresse to that Network Zone in order to connect to a new server, instead of defining two additional rules for each server, which may be annoying if you switch between a lot of servers.

Kind regards

[blabla49 0]

Ok great, I'll do that.

Thanks again !