Argh... need help with NetVeda Satefy.Net

Discussion in 'other firewalls' started by supox, Oct 28, 2005.

Thread Status:
Not open for further replies.
  1. supox

    supox Registered Member

    Joined:
    Oct 8, 2005
    Posts:
    10
    Hullo,

    My LnS trial was about to run out, and I'm not quite yet sold on it due to the limited control over application internet use, so I decided to try satety.net. So far so good, except I can't for the life of me figure out if it's possible to restrict applications to certain ports (ie. I'd like to allow svchost to only use DNS and DHCP).

    Just for the heck of it, I tried making an advanced rule which blocks firefox from connecting to port 21, but it doesn't do anything - I can still log on to my ftp using it.

    If it's possible, please post some foolproof instructions (if applicable :D).
     
  2. pcalvert

    pcalvert Registered Member

    Joined:
    May 21, 2005
    Posts:
    203
    I'm not sure that it's possible. I haven't used NetVeda Safety.Net since June, but I do remember that making rules for it was a real pain. It has a weird way of setting up rules that takes some getting used to.

    Now that I've thought about it, it might be possible to do that. But don't expect it to be easy or intuitively obvious. I'm going to install NetVeda Safety.Net on a "new" computer pretty soon. I'll let you know if I figure out how to do this.

    I feel the same way that you do, which is probably why I won't be using NetVeda Safety.Net as my firewall. If it behaves itself on Windows 98 SE, though, I will probably install it on the computers of friends and relatives who need a firewall that just works "right out of the box."

    Phil
     
  3. squibbon

    squibbon Guest

    This is a reply I received from NetVeda Tech Support to a problem I posted in their forum some time ago about a rule I was trying to create to restrict UDP port 123 to SVCHOST.EXE for time synchronization:

    "There is a bug in 3.61 version, where the 'Apply' button for Advanced Firewall does not update rules using 'Application Groups' (Only applies to 'Advanced Firewall' section).

    As a workaround, in addition to 'Apply', click on 'Allow All' and immediately 'Enforce' to force rule updates.

    This is a problem only during definition of 'Advanced Firewall' rules. Subsequent restarts would not affect the rules."

    I tried their workaround and it didn't work for me, so I uninstalled NetVeda and went on to check out other free firewalls. Currently I'm using GhostWall in conjunction with a NAT router.
     
    Last edited by a moderator: Oct 29, 2005
  4. supox

    supox Registered Member

    Joined:
    Oct 8, 2005
    Posts:
    10
    Squibbon, I tried that workaround just now, but it didn't work for me either.
     
  5. squibbon

    squibbon Guest

    Ironically, I had posted elsewhere in Wilder's about my inability to fully 'stealth' my ports from the Sygate Online Services stealth scan while using NetVeda. It turned out the problem was that I had set up an advanced firewall rule restricting access to my DNS servers on outbound UDP port 53 to a specific application, SVCHOST.EXE. Once I edited the rule to eliminate the reference to the application, everything was fine. So the bug actually bit me twice!
     
    Last edited by a moderator: Oct 30, 2005
  6. supox

    supox Registered Member

    Joined:
    Oct 8, 2005
    Posts:
    10
    Well, so much for netveda I think. I removed it in order to try filseclab - which crashed in a couple of hours - and then re-installed, only to find out that it simply refuses to set rules properly. I accidentally blocked Opera from connecting, and when I tried to allow access for it, nothing would happen. Even a reboot didn't help. Sigh.

    I suppose I'll just suck it up and use Outpost 3.0 trial for the mean time, although I hate creating rules in it. They must have hired someone to specifically design the most counter-intuitive interface ever... click this to enable that, yada yada... just give a damn table where I can enter whatever info I want and then enable the rule. :p
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    Sounds like you need the old Kerio 2.1.5. It has faults, but at least it's intuitive in it's rule making.. :)
     
  8. supox

    supox Registered Member

    Joined:
    Oct 8, 2005
    Posts:
    10
    Heh, I used Kerio 2.1.x for a long time. But seeing as it has problems with fragmented packets, I'm not too eager to install it again. Anyway, I've gone back to LnS now, I just couldn't stand Outpost. It seemed to have some issues with Firefox, causing it to take forever to start.
     
  9. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    Firefox(and Thunderbird) need TCP loopback for inter-program communications. Some people disable the global loopback rule in Outpost but do not add it back for the application. Without allowing that communication those programs will start very slow.
     
  10. supox

    supox Registered Member

    Joined:
    Oct 8, 2005
    Posts:
    10
    That's just the strange part - I had loopback rules for Firefox. Maybe I just messed them up, heh. :)
     
  11. fannymites

    fannymites Registered Member

    Joined:
    May 7, 2005
    Posts:
    93
    * Message deleted by author because he didn't read the first post properly and gave a useless reply *
     
Loading...
Thread Status:
Not open for further replies.