Can't get through firewall with NX NoMachine client anymore (stopped working one day)

Discussion in 'ESET Smart Security' started by masslet, Jan 9, 2010.

Thread Status:
Not open for further replies.
  1. masslet

    masslet Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    7
    Hello everyone, I'm having a tough problem with Smart Security 4, it's firewall component to be precise, and the NX NoMachine Windows client.

    Can't say exactly which day it happend, but roughly two month ago Smart Security 4 started blocking NX NoMachine whenever I try to connect to a Linux computer across my LAN. It used to work perfectly for almost two years, but it just stopped one day. I'm having the same issue with my Laptop, so it's definitely Smart Security.

    The initial connection (encrypted) always goes through port 22 (SSH), afterwards it also uses a port between 5000-5200 if the rest of the traffic is unencrypted, otherwise it just uses port 22.

    The interesting thing is: If the firewall is disabled, it connects just fine. Enabling the firewall after the NX client has successfull connected doesn't break it either. It just keeps working fine. Obviously I don't want to disable the firewall everytime I need to connect to the Linux computer, which is why I'm trying to find a solution.

    The firewall runs in interactive mode (always has), all components of NX NoMachine have been granted full access to LAN and Internet. I'm running Windows 7 Professional x64. All other programms work just fine.

    So the big question: What is the firewall doing during the connection phase? All required ports are open, there are no log entries or anything. No popup, no warning, no nothing - it just doesn't work.

    Any suggestions/help would be most welcome!


    EDIT: Just added two wireshark pcap files.
     

    Attached Files:

    Last edited: Jan 9, 2010
  2. eemie

    eemie Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    1
    same here :(
     
  3. masslet

    masslet Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    7
    Just tried the latest beta version (4.2.22.0): Now the NX NoMachine client doesn't get connected at all, even with the firewall disabled. :eek:
     
  4. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
  5. masslet

    masslet Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    7
    Thank you for your reply. Unfortunately I've already enabled the log and hinted in my initial post that nothing appears there.
     
  6. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
  7. masslet

    masslet Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    7
    This I've already done as well.
     
  8. bruno701

    bruno701 Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    6
    Hi masslet,

    i'm having exaclty the same problem. I tried to disable almost every option (IPS etc.), granted access to all components of the nx-client - it simply work only if i disable filtering completly... logging says nothing.

    any new thoughts?
     
  9. ls1

    ls1 Registered Member

    Joined:
    Jul 3, 2008
    Posts:
    4
    I've frustrated myself with this one too.
    I'm forced to disable the local firewall each time, or it hangs after the auth process has completed. I've made firewall allowances for each sub component executable and wasted too much time on it.
    I don't have any complaints from my XP users though, I expect it might be specifically a Win7/Vista experience.
     
  10. masslet

    masslet Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    7
    Well, to be honest I simply gave up. After fiddling around for several month and since there is no indication from this place that my problem is being worked on in any way, I used the time to find me suitable a replacement. I'm pretty much throwing away half a year of my remaining Smart Security subscription just to get this problem fixed.
     
  11. dsnooks70

    dsnooks70 Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    9
    A suitable replacement? Do tell :) Does a company exist that makes anti-virus software, and also has good support?
     
  12. masslet

    masslet Registered Member

    Joined:
    Jan 9, 2010
    Posts:
    7
    Well, I wouldn't know until I do have a problem, right? :rolleyes: Using Norton IS2010 now, which isn't so bad. There are some review that claim that Norton has a surprisingly good support, but I guess some say that of Eset as well...

    What I don't like though: once the subscription runs out, IS2010 is just going to shut down and do nothing anymore. Until you get a new subscription of course. Oh, and if you happen to insert a new key before the previous subscription ends, it won't add the remaining days of the old subscription. You would need to extend that very specific key instead. This of course is only possible through their website, and there all prices are about twice as high than other (web)shops. I just love how every company tries to screw you in their unique way.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does setting firewall integration to "Only scan application protocols" help or it must be set to "Personal firewall is disabled completely" for the problem to go away?
     
  14. bruno701

    bruno701 Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    6
    Hi,

    that seems to help. With that setting the connect is successful.
     
  15. Bombaxx

    Bombaxx Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    4
    Yes it does, but there is a better option. I don't know the options in english, because I am using the german version, but you should see, what you have to do in this screenshot:

    http://img403.imageshack.us/img403/7321/esetl.png

    After that you can switch from "Only scan application protocols" back to full firewall.
     
  16. bruno701

    bruno701 Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    6
    i just tried that (i have also the german version) but it doesnt change anything. i have to put off filtering again to get an connection...
     
  17. Bombaxx

    Bombaxx Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    4
    Make sure Windows Firewall ist turned OFF. When you change the firewall settings in Eset, the Windows Firewall turns ON by itself.

    Please let me know if it worked.
     
  18. bruno701

    bruno701 Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    6
    your are right, the windows firewall switched back to "on". I disabled it again and restarted the computer. Unfortunately it changed nothing - only Marcos tip seems to work until now.
     
  19. Bombaxx

    Bombaxx Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    4
    Ok ... strange. Let's try it step for step.

    1. Go to the options as seen on my screenshots and add both, nxssh.exe and nxservice.exe.
    2. Go to "Systemintegration" and change to Full Protection.
    3. Make sure both, nxssh.exe and nxservice.exe, are allowed by Eset.
    4. Disable Windows Firewall completely.
    5. Open Taskmanager and end all nx processes.
    6. Start nx and connect to a server

    If it works, reboot your computer and try again. If it doesn't work, make sure all previously changend options are still the way you left them.
     
  20. bruno701

    bruno701 Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    6
    thanks again for your suggestion. I tested your list yesterday twice - i also reinstalled eset completely but it doesnt change anything.

    by the way: these section "modification of applications" - isnt that only to exclude the checksum check of the application-file? IMO that has nothing to do with network scanning?! Can you reproduce that that really causes your eset to allow the nx-client?
     
  21. Bombaxx

    Bombaxx Registered Member

    Joined:
    Feb 2, 2010
    Posts:
    4
    Well ... yesterday I could. But something really strange happend. After checking evertthing again I realized, that Eset turned off the Firewall completely, altough I set Full protection AND I wasn't even notified, the taskbar icon didn't even change it's color to red, what it usually does if the firewall is disabled.

    Then i did turn it back on and deavtivated the windows firewall again and after a restart my Eset firewall was "destroyed" and I hat to reinstall ESS completely. After that I did all the changes again and I could us nx again, but the eset firewall had disabled itself again, without any hints. Then I did all of the above again and after a restart the firewall was "destroyed" again. Then I deinstalled ESS and I don't think I will install it again.

    Sorry for giving you false informations, but I had no idea, that the firewall had disabled itself ...

    btw, I only have this problem with Win7. With Win XP everything works fine.
     
  22. bruno701

    bruno701 Registered Member

    Joined:
    Jan 28, 2010
    Posts:
    6
    LOL, i had the same thing: like "Some compentents are corrupted, reinstall ESET" (i have the german version).

    i'm really frustrated with this product. thanks anyway ;)
     
Thread Status:
Not open for further replies.