Firewall issues

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by kfans, May 7, 2011.

Thread Status:
Not open for further replies.
  1. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    Installing ESS V5 beta, you can not access router settings page(192.168.1.1),but after uninstalling ESS can enter the page,can not even turn off all protection to solve the problem
    Resolved as soon as possible!
     
    Last edited: May 7, 2011
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Did v4 work fine? Maybe the router produces attacks which are subsequently blocked by firewall. Could you enable logging of blocked connections in the IDS section of the firewall setup, reproduce the problem and post here the relevant entries from the firewall log?
     
  3. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    v4 work fine! Using the interactive mode, no pop-up boxes
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ok, so we'll wait for the firewall log records.
     
  5. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Same problem here.

    The firewall log only shows such entries :

    Code:
    07/05/2011 12:50:50	Communication denied by rule	192.168.1.1:1900	239.255.255.250:1900	UDP	Block incoming SSDP (UPNP) requests	C:\Program Files (x86)\Opera\opera.exe	IcesLaptopV3\IcePanther
    07/05/2011 12:50:50	Communication denied by rule	192.168.1.1:1900	239.255.255.250:1900	UDP	Block incoming SSDP (UPNP) requests	C:\Program Files (x86)\Opera\opera.exe	IcesLaptopV3\IcePanther
    07/05/2011 12:50:50	Communication denied by rule	192.168.1.1:1900	239.255.255.250:1900	UDP	Block incoming SSDP (UPNP) requests	C:\Program Files (x86)\Opera\opera.exe	IcesLaptopV3\IcePanther
    07/05/2011 12:50:50	Communication denied by rule	192.168.1.1:1900	239.255.255.250:1900	UDP	Block incoming SSDP (UPNP) requests	C:\Program Files (x86)\Opera\opera.exe	IcesLaptopV3\IcePanther
    07/05/2011 12:50:50	Communication denied by rule	192.168.1.1:1900	239.255.255.250:1900	UDP	Block incoming SSDP (UPNP) requests	C:\Program Files (x86)\Opera\opera.exe	IcesLaptopV3\IcePanther
    07/05/2011 12:50:46	No usable rule found	192.168.1.15	239.255.255.250	IGMP		System	
    07/05/2011 12:50:16	No usable rule found	192.168.1.15	239.255.255.250	IGMP		System	
    07/05/2011 12:49:53	No usable rule found	192.168.1.10:64832	255.255.255.255:8612	UDP			
    07/05/2011 12:49:53	No usable rule found	192.168.1.10:64832	255.255.255.255:8612	UDP			
    
    I enabled the log all options in the advanced setup. These happen every minute or so, it's because my router is UPnP enabled, I guess. But this doesn't explain why I can't reach it : no HTTP connection is reportedly being blocked. Firewall is in interactive mode, my browsers (Opera and FF) have outgoing TCP connection to port 80 access to all adresses enabled.

    Opera says "connection closed by distant server" (Firefox just shows a blank page), but it could be that the ESET proxy closed the connection. Never had this problem with v4, AVIRA, or no AV. Disabling protection doesn't seem to help either.

    Additional details :
    192.168.1.15 is my PC, and 192.168.1.10 is the networked multifunction printer (Canon MX 870)
     
    Last edited: May 7, 2011
  6. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    2011-5-7 19:06:15 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What if you switch fw to automatic mode with exceptions and disable the rule "Block incoming SSDP (UPnP) requests" which is enabled by default?
     
  8. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    Firewall is in interactive mode
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ok. So does disabling the above mentioned rule make a difference?
     
  10. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    Can not
     
  11. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    I disabled the rule by switching the rules view to list all connections independently of the application ("toogle detailed view of all rules"), but still, doesn't work.

    I had a firewall pop-up though, that Opera wants to use the SSDP (I guess because of the Unite feature). I allowed communication temporarily for the application, but still, no go. HTTP to 192.168.1.1 still gives a "connection closed by distant server" error, and a blank page under Firefox.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What about allowing IGMP as well as UPnP in the Trusted zone in the IDS setup?
     
  13. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    can not
     
  14. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Nope, enabled both and it still returns the same error message.
    I also tried rebooting the router and PC, to no avail.
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Whenever you adjust firewall rules and subsequently reproduce an issue, please always post your current firewall log records so that we can see what communication is being blocked.
     
  16. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Okay. I'll do from now on.

    With both UPnP rules disabled AND IGMP and UPnP allowed in trusted zone, I get less errors, only saying it doesn't find a rule, instead of blocking.

    Code:
    07/05/2011 14:51:16	No usable rule found	192.168.1.1:67	255.255.255.255:68	UDP			
    07/05/2011 14:51:16	No usable rule found	0.0.0.0:68	255.255.255.255:67	UDP			
    07/05/2011 14:50:47	No usable rule found	192.168.1.16:5357	192.168.1.15:1371	TCP			
    07/05/2011 14:50:40	No usable rule found	192.168.1.16:68	255.255.255.255:67	UDP			
    07/05/2011 14:50:38	No usable rule found	192.168.1.16:5357	192.168.1.15:1370	TCP			
    07/05/2011 14:50:37	No usable rule found	192.168.1.16:68	255.255.255.255:67	UDP			
    07/05/2011 14:50:32	No usable rule found	0.0.0.0:68	255.255.255.255:67	UDP			
    07/05/2011 14:50:29	No usable rule found	0.0.0.0:68	255.255.255.255:67	UDP			
    07/05/2011 14:50:25	No usable rule found	0.0.0.0:68	255.255.255.255:67	UDP			
    07/05/2011 14:49:05	No usable rule found	192.168.1.15	239.255.255.250	IGMP		System	
    07/05/2011 14:48:34	No usable rule found	192.168.1.15	239.255.255.250	IGMP		System	
    
    But the HTTP connection to 192.168.1.1 still doesn't work.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    One more thing to try - switch fw to learning mode for a while so that the appropriate rule is created automatically.
     
  18. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
    2011-5-7 21:10:14 Communication denied by rule 192.168.1.1:1025 239.255.255.250:1900 UDP Block incoming SSDP (UPNP) requests
     
  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's impossible you'd get this error after disabling the "Block incoming SSDP (UPNP) requests" rule as I advised.
     
  20. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    I've let it in learning mode since your last message. No new rule gets created, and still it's blocked.

    Log:
    Code:
    07/05/2011 15:59:34	No usable rule found	192.168.1.15	239.255.255.250	IGMP		System	
    07/05/2011 15:59:01	No usable rule found	192.168.1.15	239.255.255.250	IGMP		System	
    07/05/2011 15:58:57	No usable rule found	192.168.1.12:68	255.255.255.255:67	UDP			
    07/05/2011 15:58:55	No usable rule found	192.168.1.12:68	255.255.255.255:67	UDP					
    
    As you can see, same messages as above.
     
  21. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    Problems remain
     
  22. zloyDi

    zloyDi Registered Member

    Joined:
    Sep 2, 2010
    Posts:
    17
    Location:
    Ukraine
    Try to uncheck

    "Block unsafe address after attack detection"

    I use router TP-Link and no problem with it (XP, 7)
     
  23. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    Doesn't help here.
     
  24. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    Doesn't help here.
     
  25. kfans

    kfans Registered Member

    Joined:
    May 7, 2011
    Posts:
    13
    Eset Moderator help!!! help!!!!
     
Thread Status:
Not open for further replies.