Help> two problems with LooknStop

Discussion in 'LnS English Forum' started by crazykidj0e, Aug 25, 2005.

Thread Status:
Not open for further replies.
  1. crazykidj0e

    crazykidj0e Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    7
    I have two problems with LooknStop. I can no longer log into my netgear router. I assume that it's a rule issue with LooknStop. My second problem is that I keep losing my connection to the internet and have to continue to reboot my modem and router. This usually happens when I'm downloading from newgroups. I just read through some information and downloaded and install club_internet_adsl.rie. My main issue is that when I lose my connection, I can't go into my router to reboot setttings, so I have to reboot my computer. Can anyone help with these issues. Thanks Joe

    link to logs:

    www.uncledrunk.com
     
    Last edited: Aug 25, 2005
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    did u put rules for ur router?
     
  3. crazykidj0e

    crazykidj0e Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    7
    Hi, not I didn't put any rules for the router. I'm not sure how to do it. Could you help me with the rule? I have a netgear router. Not sure if that makes a difference. Thanks c
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  5. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    1.) In your logs RIGHT click on one of the entries
    "UDP: Any other UDP...Port Dest: 1900"
    Then choose "Add rule UDP..... client"
    Move this rule below somewhere above the rule block all other UDP

    2.) You also have this IGMP log. For this carefully read the thread FSFuser suggested:
    https://www.wilderssecurity.com/showthread.php?t=9474
    This gives a good description of creating a rule for these IGMP packets.

    3.) There is one more log about UDP: dest. port SNMP.
    Not sure about this log, though....
    Is 192.168.1.5 your machine, which you are using with LNS ??

    You could try creating rules for my points 1.) and 2.) and see if it works. If not, issue 3.) may also need to be addressed...

    Good luck,
    Thomas :)
     
  6. crazykidj0e

    crazykidj0e Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    7
    Thanks for the response. This IP address 192.168.1.5 is my laptop from my office. I would like to starte with 1)In your logs RIGHT click on one of the entries "UDP: Any other UDP...Port Dest: 1900" Then choose "Add rule UDP..... client" Move this rule below somewhere above the rule block all other UDP.
    Here are two jpegs. http://www.uncledrunk.com/rule one folder/ This shows the changes made. Is this correct? I have problem with number 2). because I don't know where to get the addresses (source and destination) and such from. Thanks again for the help.
     
  7. crazykidj0e

    crazykidj0e Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    7
    It seems that the IGMP must be the problem because I'm still having the same problem. Here is the link to the newest logs.

    http://www.uncledrunk.com/looknstop new logs.jpg

    Can't I just double click the log and make up a rule permiting the information on that log? Thanks again.
     
  8. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    crazykidj0e,

    Yes, your new rule regarding port 1900 looks good :)

    Regarding IGMP: I never used such a rule, but from what I read in this other thread, here is the important part:

    "
    Name: IGMP packets
    Direction: Internet >> PC
    Ethernet type: IP
    Protocol: IGMP
    Frag. Offset: Is equal to 0
    Source: Is equal to 00:04:5a:f2:0f:74 (enter the MAC address of your router!)
    Destination: Is equal to 01:00:5e:00:00:01 (enter the address which is provided in your log!)
    (IP address: Is equal to 224.0.0.1 ->not absolutely necessary, you need to understand how Multicast IP addresses are built to have the right address!) "

    For "source": You can find and copy/paste the MAC addess of your router, when you check one of your logs, where UDP: port 1900 was blocked. Doubleclick and look in the second row of the window, left field. Here is your MAC address of your router. As a control, below you should see the IP address of your router (192.168.1.1)

    For"destination" I don't know :(
    What confuses me is that the address in your logs: 192.168.100.1

    What IP is this o_O

    You could try your own MAC address, which can be seen in the logs from your UDP: port 1900 entry. This time open the log entry and check the right side, second row entry.

    This picture might help, too
    https://www.wilderssecurity.com/attachment.php?attachmentid=996&stc=1

    Hope this helps :)

    Thomas
     
  9. crazykidj0e

    crazykidj0e Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    7
    Thanks again.. I did the rules for numbers 1) and 2). I'll have to check and see what my laptop does. I guess I'll have to make up a rule for that, but I thought it would be fine with the other rules. Thanks
     
  10. crazykidj0e

    crazykidj0e Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    7
    BAck again. It seems that the IGMP rules is causing the same log over and over again. The log that it is causing is at the link below. Should the IGMP new rule be at the top, middle or bottom? It seems to be effecting the "all other packets" rules that is at the bottom internet filtering list. The log below is from that rule. Some how the rule that I made up for IGMP is effecting "all other packets rule. I'm getting more confused..lol. Thanks
    http://www.uncledrunk.com/looknstop newest logs.jpg
     
  11. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    crazykidj0e,

    Since no one else is responding: Are these blocked ETH packets still affecting your connection to the router? Can you now log on to your router?

    If you can connect, just ignore the log for now and wait until Frederic or some other expert are back.

    If you still get disconneted, try temporarly deactivating this last (but very important rule!) in your ruleset. Can you log on to your router under these conditions? Don't forget to reactivate the rule afterwards ;)

    Can you mark the 2 new rules with the exclamation mark. The you should see in your logs, when they are used and if they are working...

    Thomas :)
     
  12. crazykidj0e

    crazykidj0e Registered Member

    Joined:
    Aug 25, 2005
    Posts:
    7
    Hi.. Yes I can log into the router now with the settings that were changed. I disabled the logs for the last rule that is constantly logging. So far so good. Thanks for all the help. Joe


    Also, my internet connection hasn't locked up anymore, since making the changes, which is great. I was getting tired of rebooting twice a day..
     
  13. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I didn't import those rules to my LnS rules and I can connect to the router fine and I don't loose connection. Is it still necessary to import them when using a router?

    dja2k
     
  14. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    dja2k,

    If your ruleset is configured to block ALL traffic except for your specific applications/addresses/ports, then you don't have to import these rules.

    Thomas :)
     
  15. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    What do you mean "configured to block ALL traffic except for your specific applications/addresses/ports" - I just have it normal with phantom ruleset, no custom rules except for p2p apps.

    dja2k
     
  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Hi there WS I was wondering if you have to put in rules? Because I never did and everything is Running fine Behind my Router!!

    TIA,
     
  17. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    just refer to Thomas' response (post 14). if it works fine and ur internet works i think u may not need it but i dont have a router or LnS.
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada

    That's what I thought!! I think (Patrices) Setup is alittle out of Date!!(May 2003.)

    I have to add that LNS is fine piece of Software!!

    Thanks WS,
     
    Last edited: Sep 13, 2005
Thread Status:
Not open for further replies.