LnS & router -> connection problems

Discussion in 'LnS English Forum' started by na sceiri, Jun 21, 2007.

Thread Status:
Not open for further replies.
  1. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    Hello all,

    I recently had my broadband activated and got a BT Voyager 210 router. After I removed McAfee Security Center that had been pre-installed by pc vendor, I installed i.a. LnS.

    I'm experiencing some connection problems at the moment (after eg. 1 hour of using Internet web pages are unable to load & connection fails). I assume it may be related with the router and the fact that my LnS ruleset is not compatible in these circumstances.

    Please have a look at log contents:
    Those are most recurrent entries.

    I'm new to using a pc with router and don't know how to modify the ruleset, so asking for your kind advice. What should I do in this case?

    Cheers.

    P.S. I searched the forum but didn't come across a solution for that.
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi na sceiri :)

    You're right: the basic rules do not include Router rules therefore somebody have to create it... So look at each type of packets shows here:

    This is an IGMP packet used to established communication between the router and your PC. I have a "sample" rule for this but this rule required some works from you to adapt it to your configuration...

    {A. 60}; [Local] [IGMP] {{ Router }} (see the attached file)

    You have to find the MAC addresses of the router and the PC with the ipconfig /all command and modify the rule accordingly...

    The rules samples are included with this post. Download the file, rename it by removing the ".TXT" at the end and import in LnS.


    IPv6 Hop-by-Hop Option. Ref.: http://tools.ietf.org/html/rfc1883
    What's this ? No idea. So let this on the side for the moment.
    This will be solved later. Ok ?

    Here's a UDP packet. Try the sample rule for UDP and adapt it according to the information shows in the log... That's requiered some job from you ;-)

    Start with the sample rule:
    {A. 80}; [Local] [UDP] {{ Router - PC }}

    This is an ICMP signal: Fragmentation needed but a flag Don't Fragment is set. This is a normal signal within a local network and this must be allowed by a rule fir this... For the moment we can ignore these ICMP packets...

    This is related to the Windows service; Simple Service Discovery Protocol (SSDP). Is it required or not? May be. This required a rule in UDP and port 1900. This service is listening on that port (in UDP) . Is it required for your router? May be...

    There was a sticky post from Patrice explaining router configuration with LnS.
    It was removed : very bad idea...

    Also: the rule for Ethernet packets is a raw rule.
    {A. 20}; [Local] [ETH] {{ Router - PC }}

    Put the fields display in hexa byte split to add the MAC addr.
    See the screen captures...

    Hope this help. Sorry to give you so much job but I don't have any router here to make tests and no way to create "keys in hand" rules for you.

    Let me know if it's working. When you give sample for the log please upload a copy here in text format.

    Have a nice day.

    :)
     

    Attached Files:

  3. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    BIG thanks Climenole, I'm much obliged for your helpful & comprehensive reply! Also, I'm not expecting a tailor-made solution, so nothing to be sorry about giving myself much job to do :))

    So as to adapt those sample rules I started to read about MAC addresses on Wikipedia, but gave up after a while.

    The thing is that I don't know which is a relevant MAC address for pc and router.

    I made a screenshot from ipconfig:

    http://img255.imageshack.us/img255/2398/ipconfigscreenfn1.jpg

    Please help!
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
  5. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    Hello,

    I know that thread, it's not been deleted. I read it before I sticked my thread, but was quite difficult to understand. Shall I feel sorry this is the case? I don't think so, and for that reason I'm asking for kind advice of forum members.

    Regarding my last post I reckon there is only one part that refers to my query.


    Well, I haven't found a blocked IGMP packet in my log, so as to retrieve MAC addresses of pc & router. Can I make it our from any other blocked packet? As you can see, I'm a little lost and need a slight push in right direction.

    If anyone is willing to help, I'd be more than grateful.

    I attached below screen shots with details of two exemplary packets blocked and logged. Maybe it gives indication, which one is the router MAC address and the pc one.

    http://img207.imageshack.us/img207/7613/screen1ne6.jpg

    http://img383.imageshack.us/img383/5463/screen2qu5.jpg

    Regards.
     
  6. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi na sceiri :)

    1- For the MAC address of the router:

    a)
    Start | run | cmd /k
    C:\> arp -a

    b)
    in your web browser type the local IP address of your router in the addr. field like 192.168.0.1
    (this local IP vary from a router to an other: it may be in the 172.16. range or 10.x.x.x. range: check your documentation...)

    C) check the router itself: sometimes the manufacturer put a sticker on it...

    2- For the UDP packet for SSDP:

    You have to create a rule to allow SSDP like this:

    Protocol : UDP
    Packets: in and out

    In the left side of the editing window:

    IP address: Equal my@ (this is the local IP of your PC...)
    Port range: in Local

    In the right side of the editin window:

    IP: Equal 239.255.255.250
    Port : 1900

    Applications... : Generic Host Process for Windows

    and put the rule with the other UDP rules ...

    3- For the ICMP packet type 4 code 3:

    You have to create a rule to allow this:

    Protocol: ICMP
    Packets: in and out

    code 4
    type 3

    and put this rule with the other Icmp rules...

    save, apply and reboot.

    Hope this help. Let us know.

    :)
     
  7. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    @Climenole Thank you!

    Since your last post I've been fighting with these fu[xxx]n' rules. I had connection problems after applying the IMGP one. I got quite pissed about the firewall, but don't want to give up so quickly.

    Anyway, I think that the best solution would be creating rules gradually, one by one, so I can diagnose any potential problems without doubt, which rule those are related to.

    I suggest to start with the following packets, being blocked by LnS:

    I created the following rule:

    http://img120.imageshack.us/img120/4331/screenssdpupnpyy2.jpg

    However, the result is that the above given entries are still present in log + the new ones appeared:

    How shall I tackle this?

    Regards.
     
  8. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
  9. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi na sceiri :)

    Change the rule for this (see screen capture) and tell me if it's working.
     

    Attached Files:

    • ssdp.jpg
      ssdp.jpg
      File size:
      54.3 KB
      Views:
      586
  10. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    No, still logging (the old one) like crazy.

    I marked this new rule for inclusion into log (to see if it's working) but nothing has come up.

    I don't know but my simple logic tells me that, to allow particular packets blocked by a rule, one should reverse the rule. Means maybe we should try out with details included in the packet's content (see below)?

    Regards.
     
  11. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi na sceiri :)


    Funny... o_O

    Make a copy of your rules set + a copy of your log and upload it here.


    :)
     
  12. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    OK, here it goes.
     

    Attached Files:

  13. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi na sceiri :)


    You have these packets in your log and I create rules for this.

    06-24-07,00:05:19 D-833 'UDP : Any other UDP pack' 192.168.1.1 UDP Ports Dest:SSDP/UPnP =1900 Src:SSDP/UPnP
    06-24-07,07:42:41 U-42 'UDP : Any other UDP pack' 239.255.255.250 UDP Ports Dest:SSDP/UPnP Src:49221

    06-24-07,00:05:19 D-834 'All other packets ' 192.168.1.1 IGMP Data:148 4 0 0

    06-24-07,00:11:10 U-880 'UDP : Any other UDP pack' ff02::1:3 UDPV6 Ports Dest:LLMNR=5355 Src:49496
    06-24-07,00:11:10 U-881 'UDP : Any other UDP pack' 224.0.0.252 UDP Ports Dest:LLMNR Src:49497

    LLMNR queries are sent to and received on port 5355. The IPv4 link-
    scope multicast address a given responder listens to, and to which a
    sender sends queries, is 224.0.0.252. The IPv6 link-scope multicast
    address a given responder listens to, and to which a sender sends all
    queries, is FF02:0:0:0:0:0:1:3.

    Responders MUST listen on UDP port 5355 on the link-scope
    multicast address(es) defined in Section 2, and on TCP port 5355
    on the unicast address(es) that could be set as the source
    address(es) when the responder responds to the LLMNR query.

    http://tools.ietf.org/html/rfc4795


    06-24-07,07:40:49 D-2 'ICMP : All ICMP types 192.168.1.1 ICMP Type:3 Code:4


    Load the modified rules set and try again.

    Hope this help. Let me know.

    :)
     

    Attached Files:

  14. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    Hi Climenole.

    Again thank you for engagement in my problem.

    As advised, I loaded that ruleset. However, it seems those packets are captured by the firewall as before.

    Kindly see the attached log.

    To be honest I don't know what to do next.

    Regards.
     

    Attached Files:

  15. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    Frederic,
    I'd appreciate support from the LnS developer to find a solution in my problem.
    Regards.
     
  16. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi na sceiri :)

    Here some packets samples:



    06-25-07,12:48:39 U-3 'UDP : Any other UDP pack' ff02::c UDPV6 Ports Dest:SSDP/UPnP Src:49154
    06-25-07,12:48:39 U-4 'UDP : Any other UDP pack' 239.255.255.250 UDP Ports Dest:SSDP/UPnP Src:49157
    06-25-07,12:48:39 U-5 'UDP : Any other UDP pack' ff02::c UDPV6 Ports Dest:SSDP/UPnP Src:49154
    06-25-07,12:48:39 U-6 'UDP : Any other UDP pack' 239.255.255.250 UDP Ports Dest:SSDP/UPnP Src:49157
    06-25-07,12:48:42 U-12 'UDP : Any other UDP pack' 239.255.255.250 UDP Ports Dest:SSDP/UPnP Src:49157
    06-25-07,12:48:42 U-13 'UDP : Any other UDP pack' ff02::c UDPV6 Ports Dest:SSDP/UPnP Src:49154
    06-25-07,12:48:43 U-14 'UDP : Any other UDP pack' 239.255.255.250 UDP Ports Dest:SSDP/UPnP Src:49157


    So the only remaining problem is with this SSDP M$ stuff...
    Uploading only (U-3 , U-12 : u means upload and the minus sign blocked)

    LMNR problem was solved; right? ;)

    The easiest way to create on the fly a rule is to check your log, right click on a line corresponding to the blocked packet , choose to authorised to port SSDP (1900) as client.

    This will put a new rule line at the top of the rule set...

    Save, apply. Start with this...

    Hope this help. Let us know.

    :)
     
  17. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Is the problem just to have a clean log ? or is there still something blocked and a windows service or application not working ?

    Thanks,

    Frederic
     
  18. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    Hello Gentlemen,

    @Climenole, uffffffff, I hope it may not be necessary to further fight with the ruleset (kindly see below).

    As I stated at the beginning of this thread, I started to have connection problems after installing LnS (with enhanced rules set). It was almost clear to me that the firewall is blocking packets that should be allowed in case of connection pc <-> router.

    Well, I think I've eventually found the culprit. Most probably my adsl microfilter (at phone socket) was causing difficulties. Now I'm running without that filter, have unplugged phone for testing purposes [:)]. Since today's morning everything's been fine, so hope that's it.

    Re. blocked traffic by LnS, shall I then disregard the above presented log entries?

    Cheers.
     
  19. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi na sceiri,

    Yes, if:
    1- the number of packets is not so high
    2- the sound it generates it not too annoying
    3- no service/application is blocked, everything works fine
    => then there is no need to create a special rule.

    In case 1-, 2- is not true, you can:
    - create a special rule that will drop these packets silently
    or
    - remove the ! for the current rule cathing the packet

    Frederic
     
  20. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    HI na sceiri :)

    All these packets was generated by a defective Adsl filter at phone socket?

    o_O

    I'm very happy to read your post because since a week I have some doubts about the level of my intelligence
    ( :eek: alzheimer symptoms? :blink: )

    ;)

    1- Makes sure the filter + Adsl cable + phone cable are connected the right way. If this is the case then:

    2- If this filter is provided by your ISP ask for a new working one...

    3- For the other packets follow the Frederic's intructions.

    :)
     
  21. na sceiri

    na sceiri Registered Member

    Joined:
    Jun 21, 2007
    Posts:
    11
    Exactly :p
    At least right now I don't have to be particularly concerned that those packets have bad influence on network performance.

    All the best, bye now.

    [na sceiri vanished in space]

    :):)
     
Thread Status:
Not open for further replies.