Interactive vs automatic mode with exceptions

Discussion in 'ESET Smart Security' started by bartgrefte, Jun 15, 2013.

Thread Status:
Not open for further replies.
  1. bartgrefte

    bartgrefte Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    4
    Location:
    Netherlands
    Hi :)

    Today someone tried to connect with my BPFTP server, something which worked while I was using ESS5, but not with ESS6.

    The firewall was running in interactive mode. Everytime the client tried to connect, an allow/block popup appeared. I hit allow and enabled the checkbox to create a rule but the popups kept coming back and the client was still unable to connect.

    Then I noticed the external port was different on every popup. So I created a firewall rule for BPFTP server that allowed all traffic on all ports from that particular IP-address.
    .... No luck, still lot's of popups and user can't connect.

    Then I created a rule that allowed all traffic on all ports from all sources to the FTP server. Still no go.

    Then I switched from interactive to automatic mode with exceptions and it works.o_O

    Now I would like to know what kind of differences there are between those two modes that could cause this. The only thing I can think of is that interactive mode ignores user defined rules....

    Does anyone have any thoughts on this?
     
    Last edited: Jun 15, 2013
  2. OscarSNM

    OscarSNM Registered Member

    Joined:
    Jun 19, 2013
    Posts:
    1
    Location:
    Argentina
    Maybe if your user is not the admin of his desktop the rules can´t be saved and that´s why the thing doesn´t work
     
  3. bartgrefte

    bartgrefte Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    4
    Location:
    Netherlands
    There is only one user, with admin rights.

    Plus, I checked, the rules I made are being saved. Just don't have effect till mode is switched from interactive to automatic with exceptions.
     
  4. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    auto mode is pretty much a very simple basic firewall here is their definition:

    Automatic mode

    In Automatic mode, network communication is automatically controlled by settings defined by the user. After connecting to a network, the user decides whether it is a trusted zone. Communication in a trusted zone is not limited in both directions. Communication within a restricted zone – the Internet communication - is allowed only for applications establishing outgoing connections. Such applications are trusted also for incoming connections. This mode requires no user interaction (except when connecting to a new network).

    In short, Automatic mode uses no predefined rules, but automatically analyzes communication. Applications are allowed to establish outgoing connections. Applications that already established outgoing connections are also trusted for incoming connections.

    so generally in auto mode you will find nearly everything will work okay. when placed into interactive mode is when i find the firewall very picky at times. and with this mode it seems to only allow or not connections which have rules all others are pop ups asking for a choice until it has a rule for it.

    have you tried learning mode?
     
  5. bartgrefte

    bartgrefte Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    4
    Location:
    Netherlands
    Ehm, I said automatic mode with exceptions, not automatic mode ;) Think that is a significant difference. You say that automatic mode does not use predefined rules, but automatic with exceptions seems to use them since the FTP problem disappeared immediately, I'm thinking because of the allow all rule for the BPFTP.exe process that did not have any affect in interactive mode.

    Well, I have a habit of using interactive mode, on all computers running ESS here. This so that I can see what processes demand access to/from the web. Never ran into problems, till now. Probably because for some reason, not only ports 20/21 where used, but also a port that appeared to be random. I could have hit accept on the popups 1 random port at a time, but with over 65000 ports that would have taken some time :p
     
  6. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i wonder is there a way to create a type of wildcard rule?? ill have a look when i get to the office tomm and see what i can come up with. auto and auto with rules are imo very similar. auto with rules works like auto but with the ability to add a pre defined rule which is why i find it weird that it stops allowing it. have you tried (just to see) setting it to auto with rules and do not yet add a rule and does it allow it at that point? i usually use training mode for a while then leave it be since the systems i have are mostly configured with the same software. i also will use nod and outpost since for a good while outpost has been one of my top firewall choices. also i was simply posting what eset says about the auto mode i was not sure how versed you are with firewall rules sometimes its hard to tell that on a forum where you can have one person who is awesome with firewalls and you would not know it and someone else who is the other way around.

    the way you have it set up is the port supposed to be random just being curious? and is there a way to somehow limit it to a smaller number of ports and still be random? again just not sure how exactly you are set up.
     
  7. bartgrefte

    bartgrefte Registered Member

    Joined:
    Oct 11, 2012
    Posts:
    4
    Location:
    Netherlands
    Wildcard? Don't know, I just set it to allow everything for the bpftp process. I've never tried training mode. Just interactive (on several computers) and now auto+rules on 1 because of the ftp issue. But if it now continues to work, fine by me :)


    That FTP uses a random port seems to be normal, according to http://slacksite.com/other/ftp.html and http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html
    The random port thing seems to be by design.

    My setup is simpel:
    Fiber modem
    |
    |
    pc with IPfire -- WLAN
    |
    |
    switch -- one computer running 24/7 with ESS6, BPFTP, torrent client and some other apps.
    |
    |
    other computers
     
Thread Status:
Not open for further replies.