How do I get Kerio to allow an application?

Discussion in 'other firewalls' started by DougWeller, Jun 24, 2006.

Thread Status:
Not open for further replies.
  1. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    I've got a program called Bassline which uses WInpopup (I think) to send messages over my home LAN. Kerio blocks it so I can't see any other users.
    How do I get this unblocked?
    Thanks
    Doug
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Have you enabled netbios, and created rules to allow this?

    baseline FAQ
     
  3. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    Netbios is enabled, Bassline works fine with Kerio disabled, but I don't know how to create a rule to allow it.

    Thanks

    Doug
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I dont currently have Kerio installed,... but if no-one post you the info,.... I will install (later) and post the info on how to do this.

    Edit: Which version of Kerio are you using?
     
    Last edited: Jun 24, 2006
  5. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I'm not sure what version your running, however why don't you look at your logs when you try to use the program, and then configure the program around those blocked communications?

    If this does require full lan access you might as well configure your firewall to allow all netbios traffic to/from the other computers on your lan, however that might not be necessary.

    You have to realize that your configuration is blocking this communication, and you need to figure out how to allow this application without making a great big gaping hole in your firewall if possible... That is why I suggested you look at your logs, and see which rules/settings are blocking these packets first.

    If you run 4x, good luck, I don't touch that version anymore, if you run 2x the order of your rules is the key, the first rule to effect a packet will be the last....
     
  6. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    I'm running 4n, and cannot figure out how to allow netbios over my lan -- and I did search the help pdf, it didn't mention netbios. I don't know if I have logs enabled, only the debug log seems to have any content.

    Thanks
    Doug
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    open Kerio: Network security / Applications,.... here you will see a rule for "Microsoft file and Printer sharing" select "permit" for in/out in the "Trusted". Then select the "Trusted area" tab and make sure that your Lan IP/subnet is entered.
     
  8. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    This is getting weird. Microsoft file and printer sharing is not shown.

    BUT -- suddenly, netbios is. I do not understand this at all. It isn't as though I missed it, it definitely wasn't there before.

    I've set it up to permit in and out in trusted, made sure my LanIP/subnet was in the 'Trusted Area', and it works.

    I don't know, Kerio has a nice small footprint, I'mstill not sure I want to buy it. But I probably will. I just wish I was sure it had a future.
    I've had ZA and had problems, Outpost and lots of blue screens with XP. This seems to work.

    Thanks everyone.
    Doug
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Must be some change in rule names, the version I installed onto a VM is a version (4) I downloaded from kerio some time ago, this as the rule name as "Microsoft file and printer sharing". The version from "sunbelt",.. looking at the Sunbelt website third pic down on the right, this also shows the rule as "Microsoft file and printer sharing", but, you found the setting, and now it works.
     
  10. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    Ah, it's rules for applications that have tried to connect to the Internet, obviously netbios did, but Microsoft file and printer sharing didn't! That makes sense.

    I really appreciate the help from you and Blitzenzeus. I think I'll buy it and one for my wife, this month I can get the 2 for $24.96 and that seems a good deal!
     
  11. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    I'm glad Stem was able to help you, however if you have some time you might play, and I mean play with the program in a safe environment behind a router, etc... Find out what stuff does, when it comes to tcp/ip terms they can be like speaking another language, and sometimes they are not always easy to understand. There are tcp/ip whitepages out there, but they are not the most exciting thing to read. Most manuals do get across what certain things do without getting technical, however sometimes you need to see exactly how the packets are exchanged to understand what is going on if you are making manual rules.

    I'm not sure if your logs were useful or not, however I will say that when I first started learning how to configure firewalls I logged all traffic, and then formed rules around what what needed to be allowed. This is also where I saw possible holes in standard configurations that people were using everyday, at least in the early years when software firewalls were first marketed to consumers, however they were almost all rule based so they were usually easy to prevent. This was years before Zone Alarm was even in beta, and Steve Gibson had not made 'Stealth' the FUD it is today, I don't think grc.com was doing more than selling spinrite at that time either.

    Anyway I'm getting off track, the more time you play, have to learn, the more you will understand. Also never under estimate your logs, but also don't go total paranoid thinking everyone is attacking you, in reality as long as your not preventing things you should be allowing and allowing things you should be blocking most people can use their computer without being bothered by any alerts, that is unless have new software on your system which needs to be allowed/configured.
     
  12. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    Thanks blitzenzeus, that's good advice.

    I am behind a router at home and have now set up Kerio to log everything.
    I used ZA when it first came out through several versions, but in the end it was more trouble than it was worth. When Outpost came out I tried that, bought it in fact, but I could never make it stop crashing XP so gave up. I'm behind a router and run Nod32 and Counterspy, plus my mail supplier filters out stuff, but I still caught a trojan earlier this month.
    Which is why I'm trying Kerio. I'm buying it tonight for my PC and my wife's. And I'll be upgrading my router when we move. Hopefully between all of these precautions we will be safe!

    Doug
     
  13. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Upgrade your router? In reality the cheap routers are just as good as the expensive routers, so unless you going from wired to wireless, there is no point. If you are going wireless make sure to look up a few guides on how to use the security features so your neighbors/war drivers are not getting free broadband.
     
  14. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    Sorry, we are going to go wireless when we move and may have to go ADSL instead of cable. I know about wireless security problems so will make sure it can't be hacked.
     
  15. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, DougWeller

    Right Click netbios[or NETBIOS]> from the dropdown>mouse over>Displayed application name>Left click>Full path=netbios, File Name=NETBIOS, and Description=Microsoft File and Print Sharing.

    Take Care,
    TheQuest :cool:
     
  16. DougWeller

    DougWeller Registered Member

    Joined:
    Jun 17, 2004
    Posts:
    25
    Oh! I see! When I click on description, it shows up as Microsoft... if I click on Full path, it shows up as netbios. And Filename, as you say, NETBIOS.

    Thanks, it's getting clear.

    Doug
     
Loading...
Thread Status:
Not open for further replies.