Problems setting up Jetico V2

Discussion in 'other firewalls' started by djg05, Sep 16, 2006.

Thread Status:
Not open for further replies.
  1. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Re: JPF v2 beta progress.

    Just thought I would take a look at the latest version (2.0.0.9). I am using Win 2k sp4.

    When if first booted it said it could not connect to server. Initially I had the router unplugged but after plugging the cable in and re-starting Jetico it still could not connect and it sent off a bug report. A second boot had it up and running and seems ok.

    I am getting a plethora of pop ups (using proxo, Mozilla, Firefox, Poco) and services is the main one that keeps coming up with each app. I am never sure how to treat "services". If I block it then there is no connection. Should the rule be edited to allow all ports and if so I cannot see where it should be edited.

    Thanks
     
  2. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    Re: JPF v2 beta progress.

    If you get popups for services.exe with remote port 53, check Use template: DNS Client. services.exe must be allowed to send DNS requests if you don't disable DNS Client service on Win 2000 machine.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: JPF v2 beta progress.

    Hi David,
    To start,.. go into groups(trusted) and edit the defalt LAN address to your own. (this will allow the comms needed to your router).

    You can tighten up with rules later.
     

    Attached Files:

  4. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Re: JPF v2 beta progress.

    Thanks Stem

    Those are already as you have shown.

    With my email and browsers each time a new connection is made "services" comes up with various ports in the 1050 plus or minus, usually in the 1000 plus range. I keep accepting them but they continue.
     
  5. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    Re: JPF v2 beta progress.

    Maybe you missed my previous post #267. Have you enabled DNS Client for services.exe?

    Also you should set up IP address of your LAN (if you are connected to LAN or router) in Trusted Adresses. Not the same IP shown in Stem's picture.
     
  6. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Re: JPF v2 beta progress.

    Thanks

    I am a bit lost here. Cannot find DNS client reference in Jetico, but the DNS servers are correctly identified. Secondly all the queries are for ports above 1000
     
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: JPF v2 beta progress.

    Hi David,
     

    Attached Files:

    • DNS.JPG
      DNS.JPG
      File size:
      49.3 KB
      Views:
      755
  8. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Re: JPF v2 beta progress.

    Thanks Stem

    Yes I see that now, but I seem to have by-passed that by clicking on "show the rule that sent this pop up" and changing the "ask" to "allow". Now I wonder if I have compromised anything. If I start up another un registered browser then it asks for an allow but nothing further.

    On another point. When I started up this morning it allowed my mail prog to connect but not the browsers. A reboot seemed to sort that.

    Also it is taking several minutes before it allows windows to shut down.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: JPF v2 beta progress.

    Hi David,
    If you have changed the "network activity"->"ask" rule (which is at the bottom of the table) to "allow", then yes, you have compromised the firewall, as any/all network activity will be allowed (once the application is allowed "access to network"). You should change this back to "Ask"


    Due to you allowing all "network activity", you will only be asked for "access to network"

    You may have processes running that are blocked. An example for W2K: (\system32\)Internat.exe will run on startup, if this is blocked from indirect access and is running, then your browsers will not connected out.

    this could be due to something you have blocked, or something you have not allowed (yes it is a little confusing,.. the fact the firewall is still beta (with bugs) does not help.)

    What I suggest:
    First, you should change back the "network activity"-> "ask" rule.
    Go through the "Network activity" rules, and remove any rules for "services.exe" that contain a "local port number" and a remote port of 53-(you should then be prompted again for services.exe to make DNS lookups,.. you can then create the rules as shown above,.. Services.exe->use template-"DNS client"
     
  10. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Setting up Jetico 2.0.0.9 and on

    I have got in a muddle with this. There are too many entries under "network activity" so think I will go back and re-install it and see if I can get it right this time.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Re: Setting up Jetico 2.0.0.9 and on

    O.K. What I will do is re-install onto W2K (with DHCP/DNS client enabled). I am behind a router, so the popups etc should be similar (possibly the LAN address will be different). I can then post the problems I find and how to handle, and I will then take screen shots and show you the popups I get, and how I handle these. Would this help?
     
  12. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    I have re installed Jetico over itself and have done message 7. Now I have the following popup
     

    Attached Files:

  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This is proxo,... you should "use template"->"Browser"
     
  14. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks

    Presumably that also applies to Avast proxy. What about BOClean when it checks for an update? Does that also go as a browser?
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Most updaters will connect out to remote port 80 (just keep your eye on the "remote address/port"). So in this situation, then yes,..... Some do attempt update with FTP,.. you will know this by checking again the remote port, which would be 21, in this case, for FTP(remote port 21), you would "use template"->FTP client.

    .
     
  16. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    BOClean update is going out on local 1359 and remote35792
     

    Attached Files:

  17. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    If it always updates on remote port 35792, create custom rule with remote port 35792, local port should be empty (uncheck it) and you can specify remote IP (I suppose that it always updates from same server)

    EDIT: when you create rules for applications requesting outbound connect, you should look at the remote port info here and it will be more clear what to do.
     
    Last edited: Sep 17, 2006
  18. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks

    Don't know how consistent it is but will try and see how it goes.
     
  19. pcaca

    pcaca Registered Member

    Joined:
    Sep 11, 2005
    Posts:
    62
    I edited previous post, after you posted. Maybe it would be usefull for port informations.
     
  20. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks

    Re BOClean it seems to be various port numbers
     
  21. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Did you allow a remote port 21 connection at any time during update? If you did then this is the start of an FTP connection. After the first connection (remote port 21) random local/remote ports are used (between 1024-65535). Check the rules you have created.
    There is no trial for Boclean, so cannot install to check.
     
  22. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Thanks

    No I didn't. Did not see where there was an opportunity to do so. I have set this rule for BOClean (see pic). I am also getting this with Avast and setting a custom rule has no effect. I keep getting bombarded until I allow "Permanently", then it is quiet until the next time.
     

    Attached Files:

  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Untick the remote port, then any can be used.
     
  24. djg05

    djg05 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    1,504
    Yes I did try that and same non effect. Perhaps I ought to go back through all my rules for browsers and downloader and uncheck address and port but not sure if that is the right way to go.
     
  25. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    hmmm,... I cannot install Boclean to check,.... but I can install Avast. I will install now to check on connections made.
     
Loading...
Thread Status:
Not open for further replies.