CHX-I setup

Discussion in 'other firewalls' started by mannagills, Mar 18, 2006.

Thread Status:
Not open for further replies.
  1. mannagills

    mannagills Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    37
    Location:
    Michigan
    I have read lots of positive comments on CHX-I and lots of users on this forum. However, I have no clue how set it up. Any tips would be appreciated.
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I don't have time now, but I will try to help you tonight... ;)

    Here is 15h50m...
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    This setup will work perfectly assuming you have the 2.8.2 version (NOT the BETA) and are directly connected to the internet with no router. Also, I assume you have already dowloaded the program.

    1) Download the sample filter set from Here

    2) Extract the files

    3) Open up the CHX-I Management Console which should be located on your desktop

    4) Right click on your Network Interface Card (it's a green box like looking thing located on the left under Packet filters)

    5) Click "Properties"

    6) For a bare minimum, put checks in "Enable TCP Stateful Inspection", "Enable TCP Stateful Logging", "Enable UDP Stateful Inspection", "Enable UDP Stateful Logging", "Enable ICMP Stateful Inspection", and "Enable ICMP Stateful Logging". If you want, also put a check in "Deny all incoming fragmented packets" and "Deny TCP Packets containing CWR, ECE Flags".

    7) Click "Okay"

    :cool: Right click your Network Interface Card again.

    9) Click "Import filters from file"

    10) Locate the folder that you extracted previously, and select "workstation.sfd"

    11) You are done

    If you need any help with a special situation your computer is in (like filesharing, p2p, behind router, want to be able to be pinged, etc.), don't hesitate to ask.

    Also, since CHX-I is not an app firewall, it won't filter apps that access the internet. However, you can control ports, ip addresses, etc., so if you want to restrict outbound, just ask and I will help you there as well.

    Cheers,

    Alphalutra1
     
  4. mannagills

    mannagills Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    37
    Location:
    Michigan
    That is exactly the help I needed. Thanks a ton. The only special circumstance I have is that my computer is behind a router.
     
  5. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Tell me if any thing in your log is constantly coming up and then we can see if you are blocking part of the router's function, or something that is just being correctly filtered by CHX-I

    Alphalutra1
     
  6. mannagills

    mannagills Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    37
    Location:
    Michigan
    Heres a shot of the log. It's been setup and running as you described for about 20 minutes.
     

    Attached Files:

    Last edited by a moderator: Mar 18, 2006
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Okay, CHX-I is blocking RIP (routing information protocol) which is used via port 520. This rule should fix it:

    1) Right click where all of your rules are located

    2) Click new filter

    3) Name it "Allow RIP"

    4) Make the filter action type "Force Allow"

    5) Priority = 1

    6) Packet's direction : "Incoming"

    7) Protocol = "UDP"

    :cool: Packet's source ip: 192.168.0.1
    Mask: 255.255.255.255

    9) Packet's source port: 520

    10) Packet's destination ip: 192.168.0.255
    Mask: 255.255.255.255

    11) Click "Okay"
     
  8. mannagills

    mannagills Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    37
    Location:
    Michigan
    I made the rule you suggested and it seems to have taken care of it. Thanks again for hooking me up.:thumb:
     
  9. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    No problem. I suggest reading the user manual if you want to truly be able to harness the power of CHX-I and fully understand and comprehend it. I am still learning myself.

    If you need any more help, don't hesitate to ask. By the way, there is a CHX-I forum located Here if you want to look into it further.

    Glad I could help,

    Alphalutra1
     
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    It seems that Alphalutra1 already help you very well :D

    Well done ;)
     
  11. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Thank you for the compliment. However, I owe it all to people like you, Arup, and Stephan who have helped me work my head around this firewall.

    Alphalutra1
     
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    You are welcome ;)

    We will also learn things from you... :p
     
  13. mannagills

    mannagills Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    37
    Location:
    Michigan
    Alphaultra has been a great help. Here's whats showing up in the log since I implemented the rule he suggested. Any thoughts or suggestions would be appreciated.
     

    Attached Files:

  14. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    CHX-I is now currently blocking the router broadcast(my router does the same thing). Also, DHCP is being blocked. Here are the rules

    1) Right click where all of your rules are located

    2) Click new filter

    3) Name it "Allow Router Broadcast"

    4) Make the filter action type "Force Allow"

    5) Priority = 1

    6) Packet's direction : "Incoming"

    7) Protocol = "UDP"

    :cool: Packet's source ip: Any

    9) Packet's source port: Quick list
    Then enter: "137,138"

    10) Packet's destination ip: 192.168.0.255
    Mask: 255.255.255.255

    11) Packet's destination port: Quick list
    Then enter: "137,138"

    12) Click "Okay"

    Now to deal with the DHCP:

    1) Right click where all of your rules are located

    2) Click new filter

    3) Name it "Allow DHCP"

    4) Make the filter action type "Force Allow"

    5) Priority = 1

    6) Packet's direction : "Incoming"

    7) Protocol = "UDP"

    :cool: Packet's source ip: Any

    9) Packet's source port: Quick list
    Then enter: "67,68"

    10) Packet's destination ip: 255.255.255.255
    Mask: 255.255.255.255

    11) Packet's destination port: Quick list
    Then enter 67, 68

    12) Click "Okay"

    I also forgot to add one more thing to the rule I told you to make entitled "Allow RIP".

    1) Right click "Allow RIP" and select "Properties"

    2) Packet's Destination port change from "Any" and make it "Equal to:" and enter in 520.

    3) Click "Apply"

    4)Click "Okay"

    This should help with those log entries.

    Ask if anything else keeps on occuring.

    Alphalutra1
     
    Last edited: Mar 19, 2006
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Alphalutra1,

    on the last first rule suggested, he should add a rule for 137-139 and 445, if he wants to share files or printer (NetBios)...

    About the second, the sample rules should already have it... :doubt:

    At least, the samples rules for the beta version have it...
     
  16. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I wasn't posting a rule for filesharing, I was just posting one so that his network is able to see he is on it without using filesharing. The sample set for pre-beta does not include the DHCP rule. If he wants filesharing, then yes, your rules would be better. However, I don't want filesharing on my network, so I assumed since he never has stated that he wants it, that I would not go ahead and make the rules for him ;)

    However, that is excellent advice if the original poster (mannagills) wants to have filesharing.

    Cheers,

    Alphalutra1
     
  17. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I didn't know that I should add a rule for "Allow Router Broadcast". Like I said, I will learn things from you... :p
    In my case, CHX is blocking it too, so I will add it...

    I will try to make a global rule for it...

    About the samples rules for the beta version, provided by Stefan, my samples have the Allow DHCP, and I think that you haven't that rules, because they aren't on the site...

    If you want them...
     
  18. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I do have the new filtersets, I got them from you over at SSC ;) . I think I may start playing around with payload filtering and streams and such, it might be fun :D


    Cheers,

    Alphalutra1
     
  19. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
  20. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Pretty clever, I wonder if we can coax Stefen into making it part of his default ruleset :D . I definetly will safe that picture and make my a filter for sharing with others. Thanks :thumb:

    Alphalutra1
     
  21. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I will try to make a suggestions list to present to Stefan, to see what he things about them...
     
  22. mannagills

    mannagills Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    37
    Location:
    Michigan
    I don't share files or printers on my network so the rules that Alphaultra1 provided worked fine. I appreciate the help and the followup immensely.:D
     
Thread Status:
Not open for further replies.