ICMP to ISP blocked by Kerio ??

Discussion in 'other firewalls' started by djg05, Sep 20, 2005.

Thread Status:
Not open for further replies.
  1. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have recently changed ISP and am now regularly getting this pop up in Kerio 2.1.5

    20/Sep/2005 21:59:45 Outgoing ICMP blocked; Out ICMP [3] Destination Unreachable; localhost->dns0.metronet.co.uk [213.162.***.***]; Owner: Tcpip Kernel Driver

    Don't know whether this should be allowed or not. MetroNet is my ISP
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    This might not be the case, but if your use any kind of hosts file or program to block you from accessing certain sites it will send a icmp 3 packet to your dns server attempting to reinquire about the destination. This is a very common thing with using a hosts file, so I block all icmp 3 to my dns servers as I use a hosts for ad blocking.
     
  3. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    Normally it's ok to allow Out ICMP [3] Destination Unreachable to your ISPs DNS servers only.
    I would assume that dns0.metronet.co.uk is one of these.
     
  4. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks

    Yes I do use Proxo so maybe that is the reason. At times it is slow to connect. Don't know if this would be the cause. There router does not appear to have dropped the connection.
     
  5. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    If you block sites with software like proxo your software has to wait to timeout, if you use a hosts file with a program like edexter to act as a faux server on your localhost your pages will load much faster as they are not waiting for a conneciton to timeout.
     
  6. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I used to use Edexter a few years ago but seems to have fallen by the wayside. Are there any links to get this and the hosts going again please?
     
  7. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
  8. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    If you use the URL-Killer header filter, the remote server is not even contacted. There is no timing out.

    Blocking Outgoing Destination Unreachable to your ISPs DNS Servers could be the cause. Try disabling the firewall (or try permitting ICMP Outbound Destination Unreachable to your ISPs DNS servers) and test it out. Only YOU can do this. If there are still slowdowns, try using DNS servers other than your own ISPs. You can list them in preferred order in Network Connections properties. What happens when you disable Proxomitron? If it is faster, maybe you are using too many filters...do you know exactly what each filter does and whether you absolutely need them? Have you tried unchecking the active filter boxes on the front of the Proxomitron GUI to rule out filter problems? To troubleshoot these kind of problems you need to be able to rule out the causes and you can't do that by running everything at once or switching software packages. It may require that you be methodical and keep a log...start simple and if you have no problems add things back until you find the problem. If it is your ISPs fault re slow DNS servers and other problems, these problems can be intermittant. You may need specialized diagnostic software to identify them. Anyway.... if whatever you are using for an operating system is fully patched, you could start with the following:

    Open Kerio GUI and uncheck to run at Windows startup. Open your browser's properties and uncheck "use a proxy server.." Then reboot. How are things running now?
     
Loading...
Thread Status:
Not open for further replies.