How to allow "local" Internet access but deny "real" Internet access?

Discussion in 'LnS English Forum' started by mattad, Oct 6, 2009.

Thread Status:
Not open for further replies.
  1. mattad

    mattad Registered Member

    Joined:
    Mar 1, 2006
    Posts:
    66
    At first I installed the well-known, free Oracle SQL Developer tool which allows the user to peek into and manage a Oracle database.
    In my case the Oracle database is a locally (on my computer) installed free (=Express) version of Oracle.

    When I start now SQL Developer tool LnS (v2.06) pops up a prompt:

    SQLDEVELOPER.EXE
    This software would like to connect to Internet.
    Do you authorize it to connect?

    Automatically I deny all outgoing traffic because I thought that SQL Developer want to transfer some user installation information to Oracles home server.

    But much to my surprise this was not the case.
    After detecting that SQL Developer does NOT work after denial I investigated the situation and found out that SQL Dev just wanted to access the Oracle Database listener on local port 1521.

    The prompt is very misleading. If I remember it well the "Internet connection" alarms just local network adapter access appear from time for other programs as well.

    How can I allow all already existing programs and all programs which I will install in future to connect all local "Internet" ressources but deny all "real"
    connection which are located outside of my computer?

    Matt
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Yes, this is because Look 'n' Stop alerts as soon as a connection is detected without knowing yet if it will be used locally, or really for internet.
    You can't do it when the prompt appears. You can do it after the application is added to the list of applications. Double-click on the application in the list (or use the Edit button), and enter 127.0.0.1 for the IP address the application can connect to (for UDP and TCP). This feature is available only when the Advanced mode is selected (in the advanced options).

    Regards,

    Frederic
     
  3. mattad

    mattad Registered Member

    Joined:
    Mar 1, 2006
    Posts:
    66
    Hmm, this is bad.

    When the prompt appears what should I do?
    Allow -> Program can connect to its home server (at least once)
    Deny -> Installation is not possible

    Is it possible to setup a general rule? Something like:
    "Allow all programs to access 127.0.0.1 (or 192.168.*.*) regardless wether another rule exists which deny internet access."

    If not: This is a real problem. You should find a solution for the next release.

    Matt
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    If you enabled 'Advanced Mode' listed in 'Advanced Options' (Look 'n' Stop 'Options' Tab/screen, 'Advanced Options' button). This will allow you to control Applications IP and Ports through 'Application Filtering' Tab/Screen when double-clicking on an added application entry in the list of applications. It doesn't matter if you Authorized the application or denied the application first.


    Regards,
    Phant0m``
     
Thread Status:
Not open for further replies.