a FIREWALL issue ...

Discussion in 'ESET Smart Security' started by MasterTB, Mar 6, 2008.

Thread Status:
Not open for further replies.
  1. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    I´ve been using ESS for quite some time now, but a couple of weeks ago I came up with a problem ... I bought a notebook and I installed a wireless modem/router at home. the router connects my desktop pc vía lan and my notebook via wi-fi, and of course it provides internet access for both of them.
    the problem is that, when I first created the the connection I set ESS to Strict Protection for the 10.0.0.0 lan created, resulting in no acces between the machines.. of course I went back on my tracks and when the pop up appeared again I chose Allow Sharing on both machines, BUT and here is where l found myself lost .. I'm having a lot of problems with the internal lan, even thow I set the firewall to allow sharing, and I still don't know if I'm protected in this setup ...
    The only solution so far is to disable the firewall... and I don't like this solution...
    Can any one givme imput on how to solve this??
     
  2. ASpace

    ASpace Guest

    My standart suggestion would be do make sure you use v 3.0.642 and then turn to Interactive or Policy-based modes .

    I know ESS had issues about this in 3.0.62x versions but it is supposed to be fixed in 3.0.642

    If you don't want any pop-ups and automatic work (semi-Automatic mode) , choose Policy-based . Create two rules (one for allow all outgoing communication and one to block all incoming communitcation) . ESS will accept them as "too general" rules , which means that it will follow them but will allow you exceptions (expections are rules which are not for "in general").

    Interactive Mode will allow you manually create rules but will also ask for each and every thing that needs either incoming and outgoing communication . You'll need to answer the questions .


    So , choose yourself , I am writing you instructions for both:


    *INTERACTIVE MODE*

    Open the user interface (GUI) . Enter the Advanced Setup Tree (F5)

    1. Navigate to Personal Firewall. Choose Interactive Mode

    2. Navigate to Personal Firewall -> Rules and zones . In the right (at the Trusted zone part) , click Setup and choose "Allow sharing"

    3. Navigate to Personal Firewall -> IDS and Advanced options
    Make sure all services are allowed (a.k.a 5 options)

    4. In Personal firewall -> IDS and advanced options , enabled logging . Press OK.


    Then, open Personal firewall > Rules and zones > Zone and rule setup
    Choose "Toggle detailed view of all riles" (if already not set to this)
    Uncheck every rule that has in the name Block. Press Apply button now. Confirm with OK.

    5. Start creating new rule (use the button called "New")


    Name : your choice
    Direction : Both
    Action : Allow
    Protocol : TCP & UDP

    Additional action:
    check Log


    In Local tab - do not touch here . If there is no info entered , ESS will allow communication from and to any port (a.k.a all ports)
    In Remote choose - here enter just the IP address of the machine(s) which you want to allow access to and from - example 10.0.0.2 .

    Confirm with OK . Try again.




    *POLICY BASED MODE*

    Open the user interface (GUI) . Enter the Advanced Setup Tree (F5)

    1. Navigate to Personal Firewall. Choose Policy-based mode

    2. Navigate to Personal Firewall -> Rules and zones . In the right (at the Trusted zone part) , click Setup and choose "Allow sharing"

    3. Navigate to Personal Firewall -> IDS and Advanced options
    Make sure all services are allowed (a.k.a 5 options)

    4. In Personal firewall -> IDS and advanced options , enabled logging . Press OK.


    Then, open Personal firewall > Rules and zones > Zone and rule setup
    Choose "Toggle detailed view of all riles" (if already not set to this)
    Uncheck every rule that has in the name Block. Press Apply button now. Confirm with OK.

    5. Start creating new rule (use the button called "New")


    Name : Allow all outgoing traffic
    Direction : Out
    Action : Allow
    Protocol : TCP & UDP

    Additional action:
    check Log


    In Local tab - do not touch here . If there is no info entered , ESS will allow communication from and to any port (a.k.a all ports)
    In Remote choose - do not touch here . If there is no info entered , ESS will allow communication from and to any port (a.k.a all ports).

    Confirm with OK .


    6. Start creating new rule (use the button called "New")


    Name : Block all incoming traffic
    Direction : In
    Action : Block
    Protocol : TCP & UDP

    Additional action:
    check Log


    In Local tab - do not touch here . If there is no info entered , ESS will block communication from and to any port (a.k.a all ports)
    In Remote choose - do not touch here . If there is no info entered , ESS will block communication from and to any port (a.k.a all ports).

    Confirm with OK .


    Accept with OK when ESS asks you because of the "too general rules" .


    7. Start creating new rule (use the button called "New") . This one is to accept your peer's traffic


    Name : your choice
    Direction : Both
    Action : Allow
    Protocol : TCP & UDP

    Additional action:
    check Log


    In Local tab - do not touch here . If there is no info entered , ESS will allow communication from and to any port (a.k.a all ports)
    In Remote choose - here enter just the IP address of the machine(s) which you want to allow access to and from - example 10.0.0.2 .

    Confirm with OK . Try again.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Setup -> Personal firewall -> Change the protection mode... -> select the desired subnet -> change the protection mode to "Allow sharing" instead of "Strict protection"
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    your router has no firewall?If so your protected and you can always use alternative stand alone firewall.
     
  5. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Done that, did not work. If I set the subnet of the Router to Strict Protection and allow sharing to the specific IP of both my machines I get a terrible internet connection speed, and If I set it to allow sharing the firewall in Eset assumes that all traffic is good or trusted and sometimes accepts connections that shouldn't.

    the other problem is DHCP: if I set the router to serve DHCP, then the firewall in ESS has to be configured every time I boot either machine, because the IP address asigned to it tends to change on every new connection to the router, so I disabled DHCP and set an IP to every machin which is now static IP all the time, It helps on IPv4 for sharing, which tends to work OK, but ESS is allways telling me that IPv6 is Internet, when it is not... you know how vista is with this IPv6 things...


    TO HiTech_boy:
    I am using 642, and the issues is still there. I did exactly what you suggest for Interactive Mode, In fact I allways use Interactive (kinda reminds me of old Kerio ...) and I like to set the rules myself, but as I explained above, the firewall in ESS tends to get confused. First it allways put 10.0.0.0/255.255.255.0 as an Automaticly Untrusted Zone, so even If I allow sharing, the subnet is no allways trusted, then I have to set a Static IP on each machine and tell each firewall to trust the IP of the other machine, but that is IPv4, since IPv6 is allways automatic in vista (I don't know how to set a static IPv6 address) so... when one of the machines uses IPv6 to connect to the other, ESS assumes the connection is IN or OUT from the Internet and flagges an alert...
    The other problem is that a Notebook is portable ... so every time I go somewhere else, ESS flashes an alert Allow or NOT and then when I come home it is back to school again... and it is really starting to bother me ...
     
  6. ASpace

    ASpace Guest

    This can be fixed with an option of the program but I can't tell you how at the moment (because I am not sitting at machine with ESS right now)
     
  7. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina

    Yes you can, but come on.. the Windows Vista Firewall is far more intelligent in this case than Eset's, and I don't think it would be to hard for Eset to make the firewall learn that even when the WiFi (or LAN) addapter is the same, the network you're loggin' in is not, ergo different rules should be allowed to the user..

    I have to edit this:

    I did a reset of all my ESS configs. Restarted my PC, Uninstalled and cleaned, Restarted the PC, installed latest ESS, restarted (just in case Vista was stupid as always..) connected both machines to the router... and not only I had problems to see them (even though I had chosen "Allow Sharing" but I also had a 169. something IP on the local side that I DON'T KNOW WHERE IT CAME FROM, since the router does not serve DHCP and both my Descktop and Notebook use Static IP's, SO ... for the great finale ... I'm starting to think there is something wrong with ESS in the way it handles network connections... I have never had a problem with the windows firewall (vista or XP) but this baby is driving me crazy.

    Right now I'm using EAV and Vista's firewall .. but I'm not pleased with loosing ESS, so guys PLEASE FIX THIS !!!
     
    Last edited: Mar 9, 2008
  8. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    As I said above, I'm uninstalling ESS for the time being and reverting to EAV and Windows Vista Firewall...

    My network is working as it should and no more issues with viewing other computers in the network... I am sure it its an Eset Firewall Issue and not something else...
     
  9. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Since there's not been an answer from anyone, I'll try to be more clear about this: ESS is detecting as My local IP this one: 169.254.255.182, which is IMPOSSIBLE because my private IP is fixed on 10.0. ... and my external IP is on the router, and not 169..something... ergo, there is something absolutely wrong with this... and it is either ESET or something on my pc which I cannot identify.
    The problem starts when I do an ipconfig, because even with an /all, there is no 169... something there, and I don't know where the hell ESS gets that ip.

    So, can anyone give me some help about thiso_O

    PS I also started this thread at the EAV forum: https://www.wilderssecurity.com/showthread.php?t=202685 because HijackThis keeps telling me that my svchost is infected with a trojan, even though ESET tells me it is all OK, so I'm starting to doubt ESET, because this IP cannot magicaly appear, and if I am infected and it is being created by the trojan, then HijackThis is OK and ESS is wrong, which is terribly WRONG!!!


    BTW, I said this above but I say it again, I do not use DHCP at home so...
     

    Attached Files:

  10. quagmire

    quagmire Registered Member

    Joined:
    Feb 21, 2008
    Posts:
    6
    IP addresses in the 169.254.x.x range are default private addresses assigned by Windows when the system can't otherwise get an IP address. (This is known as "Windows Automatic Private IP Addressing".)

    You say you're using static IPs. However the private 169.254.x.x IP address assignment from Windows, AFAIK, can only happen from a failed dynamic assignment. I think you've got a configuration problem somewhere, either on your router, or the laptop, or both.
     
  11. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina

    Yes, I know, but windows should not be looking for an IP when you have set a static one ...
     
  12. Bushwacked

    Bushwacked Registered Member

    Joined:
    Apr 23, 2008
    Posts:
    2
    Is it possible, that since you change between your home system and an outside system, your system reverts back to the 169 until it can locate the network, and thus stores the 169 as a commonly used Ip address?

    Also, What is with all the IPV6 listings? What kind of a network are you on?

    I found it odd to have my Trusted Zone list included IPV6::1, since I don't have a direct connection with an IPV6 network.
     
  13. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina

    What you suggest is possible, and I think was the answer, I reinstalled ESS, now ver. 3.0.650 and even though I see that 169..IP I have no more issues on my machine so I guess they finaly fixed their Network Sharing bug.
    As for the IPV6::1, is a Vista thing, it is the same as the 127.0.0.1 Loopback in IPV4, you wont see that on XP, I know because I have XP as a Gaming boot and I have never seen an IPV6 on trusted zone.
     
Thread Status:
Not open for further replies.