Jetico making me crazy.

Fumens,
Once you have removed the .txt extension, open jetico...select file (top left) / open ... and browse to the Jetico / config folder and select the "Yahoo" config file. This will then load another "optimal protection". now see attached image:-

When you have completed this, go to the yahoo app (the one you say you have selected as trusted) and change this from "trusted" (in the drop down menu) to Yahoo

 

Hi Fumens,
I have attached a policy containing the yahoo, and now the MSN messenger ruleset. (MSN ruleset should be o.k. for both msmsgs.exe and msnmsgr.exe). Once again, follow the previous instructions to delete the txt extention, load into Jetico, and move(drag) the rules over to your "Optimal protection" policy.

If you, or anyone want to use these rules within Jetico have any problems with dropped packets from the rules, please post (with log (all rules will have a "block all" at the end of the ruleset, to produce a log for dropped packets)).

Have added a ruleset for "Download Manager" and for "BitTornado"(bittorrent). The inbound rule for bittornado will have to be edited to suit your setup (currently set at "allow inbound localport 10000"


EDIT
Rulesets attached to post 106

 

Hi Stem,
I don't encounter any problems with Yahoo ruleset you attached in post #100. It works great, I don't even see any ads in YM.

I don't know about the rule of webcam if it works coz I don't use one. I assume the new rule set for MSN will work.

I'll try out the bittorrent rule set for BitTornado, especially I heard that BitTornado is rather difficult. I'll post the result and if there is some probs.

Thank's Stem

 

Good to hear,

Just untick the rules you dont need, or delete them. (I just wanted to post a full ruleset)

They should do, these are rules I have used in other firewalls. But post if any problems.

Its the only bittorrent client I had on hand,.... the ruleset worked o.k.

Your welcome.

Regards
Stem

 

I have been asked for a Jetico ruleset for Emule. The ruleset I have made is for the default installation (inbound tcp.udp ports) So if you change the inbound ports within Emule, then you will need to edit the rules to suit (see pic).

I did test the rules,...... there are a number of blocked packets, (mainly due to packets to incorrect ports, so I have disabled logging on the block rule) but no problem getting high ID. (New rulesets attached to next post)

 

Attached are the rulesets for:-
Bit tornado: (user to edit tcp inbound rule, to suit own setup)
DC++ (the two inbound rules (tcp,udp) are set for the default installation (DC++ uses random ports between 1024-32000 (so edit these if you change the settings within DC++))
Download Manager
Emule See last post for instructions
MSN Messenger
Yahoo Messenger

EDIT
Note: see posts 100/101 for instructions on how to load/transfer the rules to your rulesets.

Ruleset on post 307

 

What rules require for Home network.

Client => Server (with Jetico) => Internet

 

I am not sure by the setup you mention,.... Server? (post info)

(Do you mean ICS (Internet connection sharing) Client => Host =>Internet ?)

 

yup I meant ICS

 

Jetico cannot "see" the Client IP, so it is not possible to create rules for the client.
When the client attempts a connection, jetico sees this as a connection attempt from the host (the shared IP), and as there is no App associated with the connection, the packet is dropped (blocked).

 

I made and saved my rules with Jetico under admin account so far seems ok but have another problem when i use my xp under limited account Jetico asks same rules which i already made under admin account.

According to my experince, if you use your xp with different accounts that means you have to make same rules for every single account.

Is there a way to import same rules to different accounts?

 

Every user has his set of rules that you can find under C:\Documents and Settings\UserName\Application Data\Jetico Personal Firewall\1.0 and then you can copy and paste Optimal.bcf to the other user

 

Hi DarkX,
Just to confirm, (I have just checked), the policies can be imported to the user (see attached image, easier than to explain.... just remember where you saved them.)

Hi MaB69, nice to see another Jetico user..

 

Thanks for replies MaB69 and Stem

 

Had some problems with KAV6 and Kerio 4.2.3, so i figured i'll give Jetico a try...
I must admit, i was sure i'll get enough of it really soon (having read all the horror stories regarding the hundreds of pop-ups, weird configuration etc.).
However, i must admit that once you get a hang of it, it's really fairly easy to configure
So, although the topic of this thread is "Jetico making me crazy." - i'm satisfied with it

* EDIT *
OK, one problem...
Currently i'm connected to the net via another computer (some sort of ICS software), so my i.p. address is 192.168.0.2 and the address of the network card i'm connected to in the other computer is 192.168.0.1.
Now, i want to make the other computer trusted so i enter it's full adress (ip address/mask) in the configuration wizard.
However, when i'm running the wizard again, i see the Jetico insist on adding the entire network (192.168.0.0) to the trusted zone, in addition to the address i've entered manually, which is of course something i would not like.
It says "192.168.0.0/24 Local network (added by default)".
Ideas anyone?
Thanks in advance, Adam.

 

Hi Adam,
Due to seeing your edited post (and your other thread on ICS), I re-checked and realised that the settings for the network with jetico are taken from the windows config. So if you do want to restrict your network to just the 2 IP addresses, then you will need to go into the windows settings,.. Start / control panel / network connections....(see pic)
Entering a subnet mask of 255.255.255.252 will restrict the network to the 2 IP range you require.
Then use the Jetico "config wizard" to remove the network range of 192.168.0.0/24 if it hasnt already. The new config should of been picked up by Jetico from windows (192.168.0.0/255.255.255.252 = 192.168.0.0/30)

 

First of all, thanks again, Stem.
As for your suggestion - could you please explain to me, why changing the subnet mask will allow me to restrict the network to just the 2 IP's i need?
Needless to say, the network really does contain only 2 computers, and the reason i wanted to seperate the server IP from the general network is, i'm used to do it from other FW's.

 

Hi Adam,
Network masks:-

Netmask .................... Netmask (binary) ..................... CIDR

255.255.255.255 11111111.11111111.11111111.11111111 /32 Host (single address)

255.255.255.254 11111111.11111111.11111111.11111110 /31 Unuseable
255.255.255.252 11111111.11111111.11111111.11111100 /30 2 useable
255.255.255.248 11111111.11111111.11111111.11111000 /29 6 useable
255.255.255.240 11111111.11111111.11111111.11110000 /28 14 useable
255.255.255.224 11111111.11111111.11111111.11100000 /27 30 useable
255.255.255.192 11111111.11111111.11111111.11000000 /26 62 useable
255.255.255.128 11111111.11111111.11111111.10000000 /25 126 useable

255.255.255.0 11111111.11111111.11111111.00000000 /24 "Class C" 254 useable

I am hoping the chart will explain how the mask works. The mask 255.255.255.254 cannot be applied to a network, as this would only give you one possible address (and you need min 2 PCs for a network)

If you do not understand binary, take a read http://en.wikipedia.org/wiki/Binary_numeral_system to see if it helps.
You may also need to do a google for "Bits" and "Bytes"

 

You're the best, Stem

 

Hi,

I'm having some troubles getting my VPN client to connect properly to my office VPN. What rules do I need to set in Jetico's System IP Table to have this work? Right now, it seems to timeout.

The VPN Client I'm using is the default one that Microsoft ships with WinXP. All the settings are left at default when I configured this client.

I noticed in the log that there's a warning created for Block All non Process IP packets. I tried two things:
- set the rule to accept instead of the default reject. Connection still hangs & times out
- deleted the rule altogether. Connection still hangs and times out.

So this tells me that there must be some kind of explicit rule I need to create to allow a VPN request, and a VPN reply but the ports are a mystery to me.

Unfortunately, there's no popup when I try to connect so I can't go the easy route and accept it.

Can anyone help?

Thanks

 

I have not used the windows VPN connection, but I will help if I can.

As the IP that you would of set up (using the connection wizard for VPN within windows) is that of your employer/works, then this is an IP that you trust. So rather than trying to sort out the windows Apps that are required, and the specific rules (the protocols are PPTP and GRE for windows VPN), you can simply set a rule to allow all outbound to your works IP (Jetico SPI will sort out the inbound replies...If inbound connections are required, then we will have to add rules).

First, you must replace the "Block all not processed packets" rule that you removed, as we can get info from this for any blocked packets, which can help in resolving any connection problems.

Next add a "System IP" rule to allow all outbound to your works IP, this is the IP that you have entered in the VPN setup within windows (see pic)

 

Now I see Jetico Firewall seriously rocks and fun to play exactly my type of tea.

I will try it but will still need a pro like Stem to guide out

if I am right the ruleset you made for

Could be used under Utorrent , limewire using direct ports for outbounds and inbounds right

 

You can use the Bit tornado rules for "Utorrent" (have just tested). Dont forget to change the "allow inbound rule" local port number to suit your setting.
Have just downloaded "limewire" to test, will post details later .................................
EDIT
Have installed and had a quick look at limewire, this pgm only requires the one inbound port, so you should be able to use the bit tornado ruleset (I would advise that you disable the UPnP within limewire,... even if you are using a UPnP router, you should manually port forward)

 

I tried playing LNS but it takes quite slow for the connection to reach turbo charge which is Limewire " sharing frequency to tell how how good is their server currently online and which level of connection you are in " Normally the best is turbo charge since it increases the search rate.

I think Limewire requires a outbound too to communicate with the server to tell it how ready it is and to send search out much faster.

 

There are outbound connections allowed within the bit tornado ruleset,....