Application Filtering Issue?

Discussion in 'LnS English Forum' started by Dan Perez, Sep 1, 2003.

Thread Status:
Not open for further replies.
  1. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi,

    I am using the trial mode of LnS on my laptop so as to better assist a friend in setting up her licensed version but I appear to need help on my own setup first :D

    I had removed my previous firewall completely and rebooted prior to installing LnS (and did a subsequent reboot). I noticed (much later than I should have, lol) that the default NIC selection (on the Options tab) was automatically selected for a WAN miniport associated with Look nStop on a 168 address which basically disabled the firewall altogether. So I unselected "Automatic Selection" and manually selected the on-board NIC on my laptop (which has a public IP) and from that point I began getting log entries, so that is all well and good I think.

    The problems are two-fold; if I try to use an Internet Application such as Opera it just times out, there is no prompt from LnS to allow it to access the Internet. Another problem is that even if I disable "Application Filtering" module I still get no access to the internet.

    I am using the EnhancedRuleSet.

    One of the applications I tested was MSN Messenger 6 and I *did* see logs for blocked packets on UDP 1900 and TCP 1863 but I created corresponding rules for both of those and confirmed there were no longer any blocked packet logs for them but the access is still not allowed. I also manually created an application filter "allow" entry but to no avail.

    Any ideas?

    TIA

    Dan
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi Dan,
    Did the Application Filtering prompt you that "Opera would like to connect to internet" ?
    Do you observe some alerts in the logs when opera fails to connect ?
    After deactivating the Application Filtering, you said, it doesn't work. If you deactivate also the Internet Filtering, does Opera connect correctly ? If yes, does it work with Application Filtering activated and Internet Filtering deactivated. If no, does it work when Look 'n' Stop is not started at all ?

    Thanks for this additional information.

    Frederic.
     
  3. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Frederic,

    Thanks for the response!

    I have not yet received any prompt to allow an application to access the net.

    To make the troubleshooting easier, I reverted to the unchanged default StandardRuleSet and removed any application filters in place and;

    With both modules enabled I get no application prompt and no access (log shows blocked outbound UDP DNS queries, blocked by the default UDP block even though the DNS allow rule is in place, and higher in the order. The DNS queries are using the standard remote port and the source ports are in the 1025-5000 range allowed by the rule)

    With Application Filter enabled and Internet Filter disabled I have full access (still no application prompt).

    With App Filter disabled and Int Filter enabled, I still get the DNS errors. Also, I tried creating a "DNS Allowed rules" a la phant0m`` ruleset, sepcifying the two DNS servers from my ISP but that didn't help. Also, I tried changing the default deny on other DNS to a default allow and I still get no resolution I just get no further log entries regarding this.

    Everything works properly when I do not have LnS started; also, if I uncheck the Ethernet interface on the options screen (so no interface is checked) everything works also (but, of course no protection)

    Please let me know if you have any other questions or if I muddled my above description :D

    Thanks again!

    Dan
     
  4. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Thanks for the information.

    For Application Filtering issue, I suppose you are encountering the issue described here:
    http://www.wilderssecurity.com/showthread.php?t=7925;start=msg52102#msg52102

    You should try the LnSRegPatch: http://looknstop.soft4ever.com/Tools/LnSRegPatch.exe

    For the Internet Filtering Issue/DNS issue, could you try to remove the "equal my @" for the DNS rule ?
    What is the kind of IP address you usually got ? Is the "Connected to internet" box checked in the Welcome page ?

    Thanks,

    Frederic
     
  5. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Ahhh, very good!

    Yes, removing the "equal my @" in the DNS allow rule allows me to resolve correctly while the module is loaded.

    And, no, the "Connected to the Internet" checkbox is not checked . My ISP provided (via DHCP) address is in the 66 Class A net

    I will download and apply the patch you suggested in a moment, I just wanted to give you a quick reply on the other points

    Thanks again!
     
  6. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Well, I closed out of LnS and attempted to apply the patch but received the following error

    "Problem 23 to patch"

    I then rebooted and I still get no activity from the Application Filter module.
     
  7. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Ok, the problem is caused by the fact Look 'n' Stop doesn't detect your computer as connected to internet.

    When Look 'n' Stop detects the computer connected to internet, it checks the box on the welcome page and it updates all the rules containing an "Equal my @", by sending them to the driver. All these rules are not working correctly as long as the PC is considered as not connected.

    Normally 66.x.y.z is not a special address, so it is strange Look 'n' Stop doesn't detect the PC connected. In the advanced options, did you change the content of the "Network interface autodetect, IP to exclude:" field ?

    Frederic
     
  8. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    No I did not change the values in that field (and the net is not listed in those values)
     
  9. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    This means that there is a problem with the registry content.
    Could you send me (looknstop@soft4ever.com) the following keys (export to a file):
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services]
    and
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\GroupOrderList]
    Please zip the files to allow the .reg pass through Outlook.

    Thanks,

    Frederic
     
  10. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    There is a bug when interpreting the content of this field, however I don't understand how it can make one of the IP being 66.x.y.z, but perhaps it does...
    Could you try to clear completely this field, and see if your computer is then detected as connected ? You need to quit/restart Look 'n' Stop after the change.

    FYI: this bug as been fixed in the 2.05.

    Frederic
     
  11. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hmmm, I tried clearing the field, closing the window (not exiting completely) returing to the advanced page and confirmed that the field was empty, but after closing LnS and restarting it the field is once more populated with the same defaults as before.

    Is there a reg entry associated with this field that I can clear? But really, if this is slated to be fixed I can definitely work with the changing of the local IP variable to ALL. This won't impact my ability to help my friend with her config
     
  12. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Oh yes, if the field is empty the default value is put again when Look 'n' Stop starts :( sorry for that, same thing will happen with modifying the registry.
    You can try to put just a 0 instead of let the field empty. This will prevent Look 'n' Stop for resetting the field, and should avoid the bug I've seen.

    But actually I'm not sure you are encoutering this particular bug.
    This would mean that by an extraordinary chance the bug causes an IP of 66 to be excluded.

    Anyway, yes, replacing the "equal my @" by "All" should solve the issue.

    Frederic
     
  13. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Ah, okay :) Just as a follow-up, the placement of 0 in that field did persist across restarts of LnS but the Internet Connection was still not indicated in the Welcome tab. But again, this is a none issue as far as I am concerned, though if you feel this might be something that someone else might encounter and have any ideas you would like tried I would be more than happy to play guinea-pig :)
     
  14. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Frederic,

    Thanks so much for all your great assistance. The emailed workaround you suggested worked like a charm. I will not post the change here as it should only be needed for users who have a messed up registry like mine :) and people might be overly-inclined to experiment.

    Thanks again!!

    Dan
     
  15. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    When will we see that baby??

    Ruben
     
  16. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    ;)
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey Dan Perez

    This bug in reference to "Connected to the Internet" Feature; Obviously further investigation is required, it’s definitely an anomaly if "Connected to the Internet" isn’t checked and yet you had selected the correct Network Interface which connects to Internet Resources, and you owning IP with 66. for Class A surely indicates a bug someplace.

    I’m assuming with Frederic help you now have "Connected to the Internet" Checkbox Checked?
     
Thread Status:
Not open for further replies.