CHX-I SPI messed up my LAN and internet.

Discussion in 'other firewalls' started by mrpringle, Feb 21, 2007.

Thread Status:
Not open for further replies.
  1. mrpringle

    mrpringle Registered Member

    Joined:
    Mar 8, 2006
    Posts:
    14
    Hi,
    I've happily been using CHX-I on my dial-up modem for a year or so. I just used the basic ruleset and added a few extras to allow applications I needed specifically.

    Just tonight I got ADSL, and set up my modem. Even though the DSL modem has SPI, NAT, ACL's, etc, I would still prefer to have CHX-I running as well since it doesn't use up much memory anyway, but when I moved all my rules from the dial-up section of the packet filter page, to the LAN section and then turned on SPI for tcp, udp, and icmp, it seems to stop me talking to other computers on my lan, and stops msn from working.

    Can anyone please tell me what I'm doing wrong and how to fix it. if I turn off SPI under LAN connection it all works fine, but if I turn on SPI under LAN connection (even with no rule list) it breaks my LAN and internet.
    I remember even when I had my 56K modem and tried to turn on SPI for my LAN it caused trouble back then, so I doubt it has anything to do with the adsl modem.

    Any suggestions would be appreciated. Is there any point just leaving SPI turned off? or is there something I'm doing wrong.

    Thanks
     
  2. mrpringle

    mrpringle Registered Member

    Joined:
    Mar 8, 2006
    Posts:
    14
    just a follow-up. I turned of SPI under "dial-up or vpn" and it seems to have fixed the problem. Not sure why this was stuffing up my network. Can someone tell me if I should be using the same ruleset I was using with my dial-up for adsl? if now, what base ruleset should I use?
     
  3. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    If your router has SPI then theres really no need for software SPI imo.
     
  4. mrpringle

    mrpringle Registered Member

    Joined:
    Mar 8, 2006
    Posts:
    14
    ok, thanks. My remaining question still is, whether there's a different ruleset base I should be using for my adsl as opposed to the dial-up I was using? I can't get onto the website that chx-i belongs to, so I can't find any rulesets besides the one I downloaded for my dial-up connection.
    Is there even any advantage of me using chx-i because I ran the shields up tests on grc and they all came back fine, without chx-i installed.
     
    Last edited: Feb 21, 2007
  5. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Why don't you post your logs and see what is being blocked, that might help us in helping you ;) and by the way, turning off SPI with the default ruleset means that the firewall will permit every single thing, except for inbound TCP SYN, so running CHX-I with the default ruleset is pretty worthless without SPI

    Cheers,

    Alphalutra1
     
Loading...
Thread Status:
Not open for further replies.