Jetico making me crazy.

Discussion in 'other firewalls' started by aigle, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. mpeg

    mpeg Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    2
    Hi Stem,

    Thanks so much for trying to help. I did as you suggested but I'm still getting the same kind of error:

    datetime reject Block All not Processed IP Packets 44 TCP incoming packet <IP of my VPN server> 192.168.1.100 1723 3065

    I wonder if there's something about the source/destination ports 1723 and 3065 that I must somehow set a rule for? (I tried connecting again but the destination port changed this time)


     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi mpeg,
    This is due to inbound connections being required, you can for now, change the IP rule Event from "outgoing packet" to "any", this will allow the inbound, and as this is from a trusted source, it should be o.k.
    Check this new rule, and if all o.k. we can always tighten up by adding a set of rules for the inbound needed (if you want to)
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    @Jetico users,
    I have been testing Jetico using a large "block" file to block the IP`s from known spyware. I did this due to the possiblity of the "HOSTS" file being bypassed using an IP rather than the site url. I have been running this for a few days with no slow down or problems, so I thought I would upload the file for any who wish to use this. The current file contains an updated list of spyware IP`s (717,438 sites), the original list is from http://www.bluetack.co.uk which I have converted, so Jetico can use it.
    First you should run the Jetico "configuration wizard" and note the "trusted zone" IP`s (which you may need to re-enter)........ download the attached file, remove the .txt extention, and copy to the Jetico / config folder (save the old one first, if needed). Then re-run the "configuration wizard" and re-enter the IP`s in the "trusted zone" if needed

    Safe surfing,...
     

    Attached Files:

  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Oh, I forgot, if you want to view the above file, using your browser, before putting it in your Jetico/config folder.....you will need to take a copy of the settings.xsl (stylesheet) from the jetico/config folder and place it in the same folder as the settings.xml
     
  5. DarkX

    DarkX Registered Member

    Joined:
    Apr 9, 2006
    Posts:
    21
    Location:
    Germany
    Hi Stem,

    I have been trying your block ip list and no probs, no slow down so far everything was ok :thumb:
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi DarkX,

    Good to hear,...thanks for the feedback.
     
  7. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    Hi, Stem

    There is an ip address should be in the whitelist, which is 67.15.192.17, Happy Baytes's Weblog.
     
  8. Fumens

    Fumens Registered Member

    Joined:
    May 5, 2005
    Posts:
    23
    Stem,
    I don't know what to say about the block list just created for Jetico. I thought that I lost blockpost plugin when switch to Jetico but you found the solution.

    I also installed BlockList Manager but don't know which format I have to convert to after finished downloading the source file. Can you explain it?

    thank's before
     
  9. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  10. trojan

    trojan Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    123
    Location:
    london
    I have used jetico on and off for some time, mostly resorting in the end out of lazyness to firewalls like outpost that "do it all for you" But now having at last managed to spend enough time with jetico to learn how it works and fully configer it for my system, giving jetico the time and respect it deserves, i can see that all my previous gripes with jetico were just down to my lazyness and bad practice having got used to firewalls like outpost etc. Now i can say how pleased i am with jetico, it runs so light and so secure and once configerd to my own system it runs quiet with very little pop ups. Anyone that uses jetico should be warned that this firewall requires a little time and patience from the first time user but that effot will be rewarded with 1 of the best if not the best software firewall thier is and did i mention its also free lol :D
     
  11. larzeb

    larzeb Registered Member

    Joined:
    Apr 28, 2006
    Posts:
    10
    This post has been very helpful to me. I'm trying to learn how to configure jetico.

    I installed it on a computer with a Tyan motherboard. There is software to monitor the motherboard. When you launch the software it requires you to login locally or remotely. Of course, I just click the login button and I gain access to the software.

    When I run the firewall, it interferes with the software during its launch. The software insists on asking for a username and password. Not being able to configure it to work while the firewall is running, I start the software first, then the firewall.

    I have enclosed an abbreviated screen-shot of the application (there are really 2) which the firewall sees as it was started before the firewall.

    Can someone help me configure this?

    TIA
     

    Attached Files:

    Last edited by a moderator: May 2, 2006
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    larzeb,
    First of all I see you have the nVidia <networkAccessManager/apache.exe> running on your system. I have in the past found some problems with this, when I ran this with the nVidia "anti-hacker" and Jetico, but do not know if this is causing problems in this case.
    I would suggest first that you check to see if there are any "blocked" packets in your jetico log that may relate to this. If not, then there may be a conflict. To check this, set Jetico policy to "allow all" and then try to connect to the web interface, if this is still not possible, then you will know that there is a conflict.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Fumens,
    There is no quick way to perform the conversion, as the blocklist manager will not convert to a format that can be used directly by Jetico. What you need to do is to output your blocklist (from blocklist manager) into the CIDR format and save as a text file, you then need to use a text editor that has the function to `replace` at the beginning/end of all lines with
    "<value>" at the front of each line and
    "</value>" at the end of each line

    Once done to can copy and paste this into the source code of the Jetico "settings.xml" file, under the <var id="Blocked Zone"> heading.
     
  14. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    I have loaded Jetico onto one of my hard drives and got it going. It did take a while to configure it.

    The GUI interface is awkward to use compared to TPF but Jetico does have many positive features.

    Under TPF I always get PORT 137, 138 hits.

    I configured Jetico to reject and log PORT 137, 138 hits- but I don't see any hits.

    Maybe I am doing something wrong- Just wondering how to configure Jetico to reject and log PORT 137, 138 hits.
     
  15. Fumens

    Fumens Registered Member

    Joined:
    May 5, 2005
    Posts:
    23
    Hi Stem,
    thank's for the explanation. I just did it and made a new blocklist. So far Jetico runs smooth. I don't know how big Jetico can handle "big" blocklist, just for the info I added around 5000 lines.

    regard
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Fumens,
    No problem,
    I have not yet tested to see if Jetico as a limit on this, I will give it a test later.

    Regards,
    Stem
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Jetico, by default ruleset should be blocking and logging any packets to these ports, as netbios is not allowed by default...
    Go to "Shieldsup" https://www.grc.com/x/ne.dll?bh0bkyd2 and perform a "All service ports" scan, and you should see the packets being blocked in the log as "Block all not processed packets"(as long as you are not behind a router??).
    If no log is being produced, open Jetico / options / log... and change the directory for the saved logs,... then try again.
    Please, post back your findings
     
  18. larzeb

    larzeb Registered Member

    Joined:
    Apr 28, 2006
    Posts:
    10
    Stem,
    I set the protection to allow all and the problem application was no longer an issue. So I guess the nvidia app was not a contributing factor. Any other suggestions?
     
  19. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    While you are in "optimal protection" you say you cannot connect to the interface,....Have you checked the log for blocked packets??(ref post#137)
     
  20. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Hello Stem,
    How can I see a log for port 137, 138 events?
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    As I have mentioned, these ports are blocked by default, have you performed a "shieldsup" scan as I suggested, and then checked your log??.
    I have attached a pic showing part of my log after completing a "shieldsup" scan on a PC connected directly to the internet (No router-firewall / tcp/ip hardware filter)
     

    Attached Files:

    Last edited by a moderator: May 14, 2006
  22. Mr. Y

    Mr. Y Registered Member

    Joined:
    Jan 11, 2006
    Posts:
    257
    Yea and Jetico passed with full stealth. I was just wondering if there was a way to see the "hits".

    Jetico could improve on their interface by showing all hits in the log by default and making a feature where "right clicking" on an undesirable hit you can change the rule.

    TPF has this feature although it won't show the hits by default.

    Thankyou
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    All blocked packets are shown in the log
     
  24. larzeb

    larzeb Registered Member

    Joined:
    Apr 28, 2006
    Posts:
    10
    Stem,
    I think I didn't respond to your original question about the log because there was nothing much in it. I went to both executables in the config tab and set their logging from disabled to error.

    Then I launched the application, and it worked. I must not be watching carefully enough. Anyway, it's OK.

    What logging levels do you leave set for your apps? If you leave them disabled then you will not see the dropped packets? Why are some entries blue and others red?

    Thanks again for your help, Lars
     

    Attached Files:

    • fw2.gif
      fw2.gif
      File size:
      112.3 KB
      Views:
      3,437
    Last edited by a moderator: May 14, 2006
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi larzeb,
    Showing in your log is "go to another table", this, I have found, is generated by the use of a local-host proxy, in your case <networkAccessManager/apache.exe> (this is part of the problem I mentioned in my earlier post), Jetico does not process the packets correctly, I did not make a lot of tests on this, but found that the IP filter was bypassed. (so this is not the best of combinations)
    I dont log allowed connections within Jetico,..... I place a block-all rule at the end of the App-ruleset and have logging on this.
    The color of the entry depends on the logging level you have selected "info / notice / warning" etc for that app/rule

    No problem,...... is the interface now connecting correctly while Jetico is active?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.