I have visit following threads:
http://www.wilderssecurity.com/showthread.php?t=176589
http://www.wilderssecurity.com/showthread.php?t=171678
but still something strange.



I have using LNS 2.05p3 for long time, and new to 2.06.
Phant0m v6 ruleset. (with some modify by me)

VMWare Workstation 6.0 running in Bridge mode,
Inside VM, I install offical XP SP2 with latest updates.
Host PC LAN IP is 192.168.1.2
Guest PC (VM) LAN IP is 192.168.1.200

LNS 2.06 is installed inside VM.


My problem is LNS 2.06 don't understand my LAN IP.
In "Welcome" page, it show 192.168.1.200, not connected.
no matter how I setting "IP to exclude" in Options -> Advanced options.
(I don't test LNS 2.05p3 inside VMWare 6.0)


Due to above problem, LNS cause following strange wrong:
1. can't connect LAN. (block)
2. can't connect internet (block, show ETH packet)


Here is my resolved, but maybe cause security leak??
I manual add a rule in top of other rules.
Rule Name: VM
Source PC ethernet address: "Equip my @" (right-hand show correct MAC address of VM-NIC)
select In/Out bound
others setting are "ALL"


after add above rule, ALL strange problem are gone.
LAN has connected.
Can connect internet, LNS 2.06 will automatic switch NIC from VM-NIC to "WAN miniport (IP)"

but my rule are ok?? i don't know.

Hi,

I'm afraid the rule you created allows everything... so it is not correct.

The problems comes from the IP address which is not considered as a "connected one". The consequence is the "connected to internet" checkbox is not ticked and all the rules using "equal my @" for the IP are not correct.

Did you really try to clear completely the "IP Exclude list" in the advanced options ? To be sure it was applied quit/restart Look 'n' Stop.
Also did you try to select manully the network interface ? Most of time forcing the network adapter fixes this kind of issue.

Frederic

thank for reply.

-{ Quote: "Hi,
The problems comes from the IP address which is not considered as a "connected one". The consequence is the "connected to internet" checkbox is not ticked and all the rules using "equal my @" for the IP are not correct.
" }-


Yes, you totally understand my problem (core!!)

-{ Quote: "
Did you really try to clear completely the "IP Exclude list" in the advanced options ? To be sure it was applied quit/restart Look 'n' Stop.
Also did you try to select manully the network interface ? Most of time forcing the network adapter fixes this kind of issue.
Frederic" }-

After I completely clear "IP Exclude list", and OK, and EXit, then restart LNS,
Hey....they automatic back to default!! (10;169.254;192.168.0.1;127.0.0.1)
Why???


Anyway, I manual input "127.0.0.1;192.168.1.200" and OK, Exit, then restart....
"connected" is un-checked, but IP Address still show "192.168.1.200",
that mean "IP Exclude list" not work??? (bug??)



Final method, disable "automatic selection", and force to check "WAN Miniport", the IP Address back to "0.0.0.0".

In the past version 2.05p3, the "automatic selection" seem smart then 2.06??
OR.....IP Exclude list is not working in 2.06??

-{ Quote: "thank for reply.




Yes, you totally understand my problem (core!!)



After I completely clear "IP Exclude list", and OK, and EXit, then restart LNS,
Hey....they automatic back to default!! (10;169.254;192.168.0.1;127.0.0.1)
Why???
" }-
Maybe Look 'n' Stop was started initially as a service. In that case the options was saved for the admin (and they will be used again the next time Look 'n' Stop will be started in service mode).
If you manually start Look 'n' Stop, the options are specific to the current user.
-{ Quote: "
Anyway, I manual input "127.0.0.1;192.168.1.200" and OK, Exit, then restart....
"connected" is un-checked, but IP Address still show "192.168.1.200",
that mean "IP Exclude list" not work??? (bug??)
" }-
Not sure what you want to do finally.
Do you want to exclude 192.168.1.200 ? e.g. you don't want Look 'n' Stop to filter the network interface with this IP address ?

-{ Quote: "
Final method, disable "automatic selection", and force to check "WAN Miniport", the IP Address back to "0.0.0.0".
" }-
Yes if you want to have no internet filtering, and if there is a valid network interface to be filtered then you need to do that.
-{ Quote: "
In the past version 2.05p3, the "automatic selection" seem smart then 2.06??
OR.....IP Exclude list is not working in 2.06??" }-
Yes, there was a change in 2.06 compared to the 2.05p3.This is not a bug... but a feature ;)
This is linked to the following change (change logs):
Automatic selection of the network interface is anyway done on an excluded IP if no other network interface with a valid IP has been found.
This was introduced because many users had a network interface to be filtered with 192.168.0.1 as an IP address.
So the "Exclude List" is now only used to make a choice when there is a least a choice between 2 possible Network Interface: the automatic selection then choose the one not excluded.
When there is only one choice, the exclude list is not relevant. Look 'n' Stop choose the only one possible.

Frederic

-{ Quote: "Maybe Look 'n' Stop was started initially as a service. In that case the options was saved for the admin (and they will be used again the next time Look 'n' Stop will be started in service mode).
If you manually start Look 'n' Stop, the options are specific to the current user." }-

Noop, I always manual start.
It automatic back to default after empty "Exclude IP list" when I re-start LNS manually.

-{ Quote: "
Do you want to exclude 192.168.1.200 ? e.g. you don't want Look 'n' Stop to filter the network interface with this IP address ?
" }-

Yes. 192.168.1.200 is my local IP.
but LNS filter this IP even I setting "Exclude IP list" to 192.168.1.200

-{ Quote: "
Yes, there was a change in 2.06 compared to the 2.05p3.This is not a bug... but a feature ;)
This is linked to the following change (change logs):
Automatic selection of the network interface is anyway done on an excluded IP if no other network interface with a valid IP has been found.
This was introduced because many users had a network interface to be filtered with 192.168.0.1 as an IP address.
So the "Exclude List" is now only used to make a choice when there is a least a choice between 2 possible Network Interface: the automatic selection then choose the one not excluded.
When there is only one choice, the exclude list is not relevant. Look 'n' Stop choose the only one possible.

Frederic" }-


I do some test.......this is report.....

I have test LNS 2.06 with following condition:

turn off "internet filter" due to prevent my Phot0m-rule block anything.

"automatic selection" enabled.


[1]. exculde ip only setting "127.0.0.1", re-start LNS
before connecting to internet:
VM NIC got 192.168.1.200
WAN Miniport got nothing.
Welcome page show "connected", "192.168.1.200"

after connected internet:
VM NIC got 192.168.1.200
WAN Miniport got 61.192.xxx.xxx.
Welcome page show "connected", "192.168.1.200"


[2]. exculde ip only setting "127.0.0.1;192.168.1.200", re-start LNS
before connecting to internet:
VM NIC got 192.168.1.200
WAN Miniport got nothing.
Welcome page show "dis-connected", "192.168.1.200"
(this is really problem that I confused. LNS already mark "dis-connect")

after connected internet:
VM NIC got 192.168.1.200
WAN Miniport got 61.192.xxx.xxx.
Welcome page show "connected", "61.192.xxx.xxx"

I logout internet manually:
VM NIC got 192.168.1.200
WAN Miniport got nothing
Welcome page show "dis-connected", "192.168.1.200"




LNS 2.06 "automatic selection" will lgnore "Exclude IP list" setting.
this is really a "new feature".



RetupmocSoft

Ok, I confirm when the "Exclude IP list" list is completely empty, Look 'n' Stop at startup put again "10;169.254;192.168.0.1;127.0.0.1".
So it was not a good idea to propose to clear it completely :thumbd:

The report you posted is the expected behaviour when "Automatic Selection" is set. By default,when only one adapter is eligible, Look 'n' Stop selects it. As soon as there is at least two eligible adapters with a choice, Look 'n' Stop selects the first one which is not in the exclusion list.

The purpose of this mode was really to choose the best network interface, and the "Exclude IP list" was there to help the choice when several adapters are possible.
This was not working as expected in the 2.05, and users with only one possible adapter having an IP 192.168.0.1, had Look 'n' Stop not filtering by default, which was not good.

I understand by fixing that, it caused a change for you. I'm sorry for that. You need now to force the adapter manually, since you have at the begining one eligible adapter only.

Frederic

I understand.

"Automatic Selection" is NEED to disabled for me.