Crazy M ... I need some help please.

Discussion in 'other firewalls' started by dog, Apr 28, 2004.

Thread Status:
Not open for further replies.
  1. dog

    dog Guest

    Hi Crazy M, :)

    I need a little firewall help please … I’ve reference your site and D/L the pdf. file and gone thru the sticky but I’m still confused, o_O and need some help from an Expert. Thanks in advance for your assistance

    Background Info - I’m using NIS 2004 … I’ve got it configured the same way as your site suggested. I don’t have automatic program control enable, but I have never manually configured any rules, as the default rules created the first time you launch a web enabled app have always been sufficient (Permit etc,). I have three apps that NIS doesn’t seem to have default rules for (Firefox, TDS & PE). The NIS web control popup options are … Enable DNS connection, Disable, or Manually Configure. I have the connection enabled.

    Problem – I ran an SOS stealth scan, and received an OPEN port result for the Source Port. (This only happens when running the scan with Firefox … the same scan using IE receives a stealth result) I wasn’t sure if the results from SOS were correct so I did a user defined scan at Shields Up and got the same results, using Firefox … IE is remains stealthed. I assume that enabling the DNS connection isn’t a proper rule, and is the cause of the result. I just started using Firefox … really like it, and wish to continue using it. But this result really worries me. The OPEN status for the Source port, is a problem isn’t it? Will a custom rule fix this issue, if so … could you post some newbie friend directions … I’m not a newbie PC user … but I don’t really understand this at all.

    Also … if setting manual rules will fix the aforementioned, could I get rules for both DCS apps?

    Your sites a Great Resource (Thanks for that) … but I guess the quote “All the answers to the questions you were to embarrassed to ask” … doesn’t apply to me, I’m embarrassed to ask, but I’m asking for help just the same.

    Please Help. o_O

    Thanks Again

    dog - *puppy*
     
    Last edited by a moderator: Apr 28, 2004
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi dog

    You mention DNS a couple of times. Do you have proper DNS rules in your system wide/general rules?

    Allow, UDP, Inbound, remote service/port 53, remote Address [you ISP's DNS servers], local service/ports 1024-5000
    Allow, TCP/UDP, Outbound, remote service/port 53, remote Address [you ISP's DNS servers], local service/ports 1024-5000

    Your rule for Firefox would be similar to the browser rule on the site:

    Allow, TCP, Outbound, remote service/ports 80 and 443, remote Address any, local service/ports 1024-5000

    TDS and PE will require:

    Allow, TCP, Outbound, remote service/port 80, remote Address any (you can create a list of IP's if desired), local service/ports 1024-5000

    This will allow for updates. You may require others depending on what features you use in these applications.

    When prompted for rule(s) by NIS for something it does not have automatic rules for, select the manual option, and then work through the wizard. It will pre-fill most of the fields required for you based on the existing connection attempt for the application. Pay attention to the remote address, as this will likely be filled in and in some cases you may want to remove that and allow any remote IP (as in rules for browsers/Firefox).

    Hope this helps, if not, ask away :)

    Regards,

    CrazyM
     
  3. dog

    dog Guest

    Hi CrazyM, :)

    Thanks for the help! :D

    I'm totally lost with this DNS thing ... How do I check to see if I Have proper DNS rules?


    I'll manually config the apps ... as your directions state ... then test and report back.

    Thanks again

    Dog - *puppy*
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Status & Settings > Personal Firewall > Configure > Advanced > General Rules

    You should find the DNS rules there. If you have not modified anything, they will be prefixed with "Default", unlike the attached image.

    Regards,

    CrazyM
     

    Attached Files:

  5. dog

    dog Guest

    Hi Crazy M;

    OK, I created the rules like the Quote in the previous post ( the ISP's address seem to be there ... well it's an address anyway ... is there a way to check?) ... But again no local ports option ...

    After I created those rules ... It now shows the Permit ... Block pop up ... I selected permit, and retested several times ... but it continues to show OPEN for Source port.

    Thanks again.

    dog - :'(
     
  6. dog

    dog Guest

    Hi Crazy M,

    I got it!

    I deleted the rules ... I created ... My mistake was selecting permit! Instead of following your directions exactly. :rolleyes:

    I followed your rules to a T ... 1st popup - the allow inbound rule / 2nd popup - the outbound rule / 3rd popup the Firefox allow outbound rule.

    This is exactly what you were saying ... lol ... it just didn't register in my THICK Skull. :D Man, I'm Stupid! (How embarassing) :blink:

    Seeing as there's no more Karma Cookies here ... I've sent you 10 million KC's thru Canada Post! Knowing them you'll never see them, though ...

    Thanks - Sorry, I can be SO thick ... Thanks a million!

    dog - *puppy*
     
    Last edited by a moderator: Apr 29, 2004
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Glad to hear you got it working :)

    As for determining your DNS servers, at the command prompt run "ipconfig /all" without the quotes. You should see your ISP's DNS servers IP's listed there.

    Regards,

    CrazyM
     
Loading...
Thread Status:
Not open for further replies.