firewall rule created but ftp still blocked and other

Discussion in 'ESET Smart Security' started by CrocAUS, Nov 5, 2009.

Thread Status:
Not open for further replies.
  1. CrocAUS

    CrocAUS Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    3
    ESET SS v4 win7 with early release software option ticked in updates settings so i get the latest modules that work with win7

    now this is driving me nuts for a while, I created rule as follows protocol: TCP, ports: 20-21, application: filezilla server.exe and alow traffic both ways.

    i can see in filezilla server logs that client is connecting ok but it gets stuck while sending LIST command

    when i disable eset firewall all works fine

    other issue, i work remotely via windows remote, VNC and netsupport.
    sometimes i access couple of servers and workstations at same location at once, but eset smart security will start blocking me when i open more connections, what i noticed is that it is domain name that stops from being resoloved, this is so odd it took me a while to figure out what on earth is going on but sure enough when i disable eset firewall all works perfectly.

    call me silly but i always though firewall should stop incoming dangers and not block me as a user from doing my work :(

    any pointers how to fix this issues would be great
    TIA


    EDIT: i forgot to mention that wilder security forums notifications like activate membership got ticked off as SPAM by eset smart security itself and considering i didn't make any rules at all that seem little odd as well.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    There's an option "Log all blocked connections" in the IDS section of the firewall setup. Try enabling it for the time necessary to reproduce the problem and then check the firewall log for details about the rule that blocked the connection. You can also try enabling Learning mode in which rules are created automatically.
     
  3. CrocAUS

    CrocAUS Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    3
    i figured out ftp server problem, "smart" security was blocking some outgoing data used in pasive mode, i never had to add this ports to my router so why on earth things getting blocked on outbound side is bit odd at best.

    as for trying to access multiple services on same domain address where smart security blocks domain name resolving once you have one connection active it is DNS poisoning attack detection.
    considering i'm opening only 2 or 3 connections to same address (different ports) and i'm doing it by hand and not scripted where my system would submit dns queries very quick this is really badly done. is there way to tweak it so i don't have to disable DNS poisoning attack detection?
     
  4. CrocAUS

    CrocAUS Registered Member

    Joined:
    Nov 5, 2009
    Posts:
    3
    is forum considered one of the offcial support channels??
     
Thread Status:
Not open for further replies.