Pardon my idiot question, but...

Discussion in 'other firewalls' started by SG1, Oct 27, 2007.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    a) Sorry that I didn't take screenshots of this, at the time.

    b) But... and, as best as I can recall at the moment, my question is this: Sygate security log mentions router IP address here and there, and it being blocked at times.

    Well, while (hardware firewall aka) the router is designed to keep the poachers-bad guys out, I'd guess/assume (for good or ill), that on the other hand the router and PC have to "commune together" for the main part in order to function properly.

    How do I better judge exactly what's being blocked?

    As the query indicates, you can tell that I'm not really up on all this but I would like to learn more/better "smarts" on this, so I can tell what works/doesn't, and so on. Don't want one firewall blocking the other, at wrong time, or not doing what it should when it should.

    Many thanks, for info/help.
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi SG1 :)

    The communications must be authorised between your Router and your Firewall.
    All these communications are done in local only (no Internet access...).

    I don't have any knowledege of Sygate and I can't give you the exact rules for this but some hints about FW / Router communications:

    1- At the ethernet level the access to and from MAC addr. of the PC and the router must be allowed

    2- At the IP level the local IP addresses in the UP range used by the router must be allowed. E.g. : 192.168.0.0 to 192.168.255.255

    192.168.0.1 = Router local IP
    (check your router documentation: sometimes it's 192.168.1.1)
    192.168.0.0 = the network itself
    192.168,255.255 is the network broadcast addr.

    The static IP for each PC in the LAN may be choose in any other IP of this range.

    The best for an home or small enterprise LAN is to set static Ip addresses and in the router setup you may confgure each of these static IP addr. with the corresponding MAC addr.

    3- UDP packets must be authorised between the PC and the router.

    4- IGMP packets must be authorised between the PC and the router.

    Did the router IP addresses blocked by Sygate form time to time are in the same range than the one used by your config.? This can happen if your FW authorised only some local IP not all the local IP range...

    2 possible solutions here: change the rule to authorise this range or set your local IP to static IP and configure the FW rules accordingly...

    Is it possible to upload here a FW log sample showing the blocked packets?

    Hope this help.
    :)
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Could you post the info contained from the "blocked" packets.

    If you are not having connection problems, then dont worry. It may simply be (as example) uPnP traffic from the router.

    Post the info, such as type (UDP/TCP etc), and ports used would be a start, and give some idea of what is happening.
     
  4. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Climenole, and Stem;

    These logs may not jibe time/date-wise; just posting the blocked sections of the logs, to ask help in better understanding working of firewall/s.

    In the Traffic log: blocked items fell under a block_all rule, in Sygate firewall.

    In my case, or most I guess, 192.168.1.1 is # I'd type into address bar of browser, to access our Linksys router for setup, etc.

    Many thanks, again, for info/help.
     

    Attached Files:

  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The only comms from your router being blocked are from port 4107 to local port 123. Local port 123 is for windows time. It would appear that the router is attempting time sync.

    Do you have firewall rules to allow or block windows time?
     
  6. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Stem;

    Um... dunno', for certain; but, Event Viewer shows this on a routine basis. So, what exactly what type rule would I insert in (Sygate) f'wall, to allow that if the router can't sync itself to time? And I gather that it's OK to allow that?

    Thanks,
     

    Attached Files:

  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,
    You need to allow svchost.exe to connect ... permanently.
    But the question is do you want to do that? Why do you need the time to be synced.
    Mrk
     
  8. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes

    Probably the same reason I Do, its because of this Daylight Saving Crap :blink: Also I'm Paranoid, and all the clocks in my House are to the Exact second :cautious:
     
Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    531
Thread Status:
Not open for further replies.