ICMP to ISP blocked by Kerio ??

[djg05]

I have recently changed ISP and am now regularly getting this pop up in Kerio 2.1.5

20/Sep/2005 21:59:45 Outgoing ICMP blocked; Out ICMP [3] Destination Unreachable; localhost->dns0.metronet.co.uk [213.162.***.***]; Owner: Tcpip Kernel Driver

Don't know whether this should be allowed or not. MetroNet is my ISP

[BlitzenZeus]

This might not be the case, but if your use any kind of hosts file or program to block you from accessing certain sites it will send a icmp 3 packet to your dns server attempting to reinquire about the destination. This is a very common thing with using a hosts file, so I block all icmp 3 to my dns servers as I use a hosts for ad blocking.

[noway]

Normally it's ok to allow Out ICMP [3] Destination Unreachable to your ISPs DNS servers only.
I would assume that dns0.metronet.co.uk is one of these.

[djg05]

Thanks

Yes I do use Proxo so maybe that is the reason. At times it is slow to connect. Don't know if this would be the cause. There router does not appear to have dropped the connection.

[BlitzenZeus]

If you block sites with software like proxo your software has to wait to timeout, if you use a hosts file with a program like edexter to act as a faux server on your localhost your pages will load much faster as they are not waiting for a conneciton to timeout.

[djg05]

Quote:

Originally Posted by BlitzenZeus

If you block sites with software like proxo your software has to wait to timeout, if you use a hosts file with a program like edexter to act as a faux server on your localhost your pages will load much faster as they are not waiting for a conneciton to timeout.

I used to use Edexter a few years ago but seems to have fallen by the wayside. Are there any links to get this and the hosts going again please?

[Kerodo]

A quick Google search yields this: http://accs-net.com/hosts/eDexter.html

[noway]

Quote:

Originally Posted by BlitzenZeus

If you block sites with software like proxo your software has to wait to timeout...

If you use the URL-Killer header filter, the remote server is not even contacted. There is no timing out.

Quote:

Originally Posted by djg05

...Yes I do use Proxo so maybe that is the reason. At times it is slow to connect. Don't know if this would be the cause...

Blocking Outgoing Destination Unreachable to your ISPs DNS Servers could be the cause. Try disabling the firewall (or try permitting ICMP Outbound Destination Unreachable to your ISPs DNS servers) and test it out. Only YOU can do this. If there are still slowdowns, try using DNS servers other than your own ISPs. You can list them in preferred order in Network Connections properties. What happens when you disable Proxomitron? If it is faster, maybe you are using too many filters...do you know exactly what each filter does and whether you absolutely need them? Have you tried unchecking the active filter boxes on the front of the Proxomitron GUI to rule out filter problems? To troubleshoot these kind of problems you need to be able to rule out the causes and you can't do that by running everything at once or switching software packages. It may require that you be methodical and keep a log...start simple and if you have no problems add things back until you find the problem. If it is your ISPs fault re slow DNS servers and other problems, these problems can be intermittant. You may need specialized diagnostic software to identify them. Anyway.... if whatever you are using for an operating system is fully patched, you could start with the following:

Open Kerio GUI and uncheck to run at Windows startup. Open your browser's properties and uncheck "use a proxy server.." Then reboot. How are things running now?