CHX-1

Discussion in 'other firewalls' started by Diver, Feb 6, 2005.

Thread Status:
Not open for further replies.
  1. Stefan_R

    Stefan_R Registered Member

    Joined:
    Dec 12, 2004
    Posts:
    47
    September sounds good - not 2005 though... ;)

    Seriously - we are doing our best to iron out all driver issues before signing it and releasing a stable.
    Meanwhile try the latest beta - quite stable as far as we can tell.

    Best Regards,

    Stefan.
     
  2. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    ok, thx for the reply, not trying to rush you into a release, just curious! ;)
     
  3. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    I tried CHX-1 beta 3 and I couldn't connect to the internet using 2.6 filters and bind pe filters. I understand I am meant to use something else what and where can I get this?

    Ah, this is it below.

    - If Allow or Deny All was used in the previous version's policies then an additional packet filter rule MUST be added allowing ARP traffic.

    How do I allow ARP traffic?
     
  4. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Here is how your ARP allow rule should look like:
    http://www.fluxgfx.com/ssc/attachment.php?attachmentid=22&stc=1

    It is basicly allowing all arp from any source. Depending on your network/router, sometimes are too finicky to set ARP restrictions! Normally it would be set from any address, ie: ff:ff:ff:ff:ff:ff

    Regards
    Jazzie
     
    Last edited: Oct 25, 2005
  5. Arup

    Arup Guest

    Khazars,

    You only need BIND PE filters if you are using Treewalk, otherwise the 2.6 filters are enough to stealth you or you can use the alternate WAN filters at IDRCI site. I would like to know exactly what interface did you import the filters for and also did you turn on SPI for TCP/UDP/ICMP?
     
  6. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    cheers guys for the replys!

    I have SPI on for Tcp,udp and icmp .

    What do you mean by interface? Interface is cable modem local area connection!

    So I only need the 2.6 filters and not
     
  7. Arup

    Arup Guest

    Yep, you only need 2.6 and not the BIND PE, by interface I meant the two physical address of LAN, in your case, the filters should be attached to the LAN where your cable modem is installed. BTW: did you have any other firewall installed before CHX?
     
  8. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    yes, I have Jetico, I tried installing CHX 1 again and added those rules and it still blocks the internet. If I delete all the rules including the filter rules I can connect to the internet!

    CHX-1 2.8 and Jetico run together no problem!

    Any ideas?
     
  9. Stefan_R

    Stefan_R Registered Member

    Joined:
    Dec 12, 2004
    Posts:
    47
    If you are using the Allow base rule set you must add a rule allowing ARP:

    Allow Incoming Eth Type= ARP any any

    The general rule of thumb is that if something is not working the pf logs are your best friend when debugging pf policies.

    Best Regards,

    Stefan.
     
  10. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    cheers Stefan, I got it, changed allow to force allow and that did it! ;)

    Any news on CHX-1 3 release, maybe Xmas?
     
  11. Stefan_R

    Stefan_R Registered Member

    Joined:
    Dec 12, 2004
    Posts:
    47
    Good things come to those who wait.... ;)
    XMas sounds good !


    Best Regards,

    Stefan.
     
  12. Arup

    Arup Guest

    Xmas would be a nice gift from CHX Santa:)
     
  13. GHost357

    GHost357 Guest

    I really liked this program, but it brought me back to the reality, that Im not as smart as I thought I was. Getting it to work, required me to pull half the hair from my head. :D

    1) will the Final 3.0 version remain FREE, or is it tiled to for paying peeps? If so, will the 2.0 remain out there for free?

    2) Will the Final 3.0 version come with preset filters configured already? As it will take alot of time for me to learn how to make what I need.

    I have recently tested alot of software firewalls and will say this one looked the best, used the least amount of ram/pagefile. This small FootPrint on the system will be a large benefit to us all.

    Thanks for all your hard work. Hoping when the 3.0 Final rolls that there are some n0oB guides out there, so I can learn how to manage this awesome tool.
     
  14. Stefan_R

    Stefan_R Registered Member

    Joined:
    Dec 12, 2004
    Posts:
    47
    Hello,

    As far as I know - there is no reason non-commercial license CHX policies should change with the 3.0.

    We'll try to include as many sample sets/guides as we can.

    Best Regards,

    Stefan
     
  15. GHost357

    GHost357 Guest

    >> As far as I know - there is no reason non-commercial license CHX policies should change with the 3.0 <<

    Ahh, good news, Free is great, but could easily see how its attractive to the commercial peeps as well.

    Thanks Stefan, looking foward to trying the next version out, once a guide more suitable for my use is availible
     
  16. Arup

    Arup Guest

    It has made me turn off my router's firewall and NAT, I now run it bridged with CHX, thats how impressed I am with it.
     
  17. GHost357

    GHost357 Guest

  18. GHost357

    GHost357 Guest

    Stefan_R, I have a request.

    You know in WinXP, you can have an icon (two computer monitors that flash with traffic flow) for each connection made in windows. Regardless if its 56k or BroadBand.

    I like to have a clean system tray, no additional icons as possible. Wondering if you would consider adding your firewalls CONTEXT MENU to the windows icon, in notification area? Allowing quick access to needed portions of your GUI, through the windows icon, rather then having your own icon, with its context menu. I just think this would be alittle more streamlined. Not sure if it would reduce you currently low footprint (ram/pagefile useage) further, but it might.

    Your thoughts & Ideas on this?
     
  19. Andmed

    Andmed Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1
    CHX-1 dial-up interface problem

    I have a problem with CHX-I packet filter 2.8.2 running on w2kASsp4eng+critical&important updates.

    There is no dial-up (WAN) adapter available in CHX management console.

    I have two LAN adapters (VMWARE virtual networks) and both of them are there and work fine.

    I have a modem and remote access to Internet provider. It works also. Of course, WAN adapter is ok (checked hidden devices), but I can not see it in CHX-I console and can not manage it.

    How can I solve it? I need to make packet filter rules for dial-up Internet connection.


    Thanks!


    p.p.s. Before CHX-I I was using Visnetic, and WAN was there, so I think the problem is with the CHX-I.
     
  20. Arup

    Arup Guest

    Re: CHX-1 dial-up interface problem

    Dial up will only show when its active, so dial up first and then open the CHX console to see if its shown.
     
  21. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.