Wireless connection not connecting

Discussion in 'Other Ghost Security Software' started by planecrazee, Sep 25, 2005.

Thread Status:
Not open for further replies.
  1. planecrazee

    planecrazee Guest

    Re: GhostWall v1.000 - Free firewall for Windows XP/XP64/2000

    I have a wireless connection to the internet and I want to add my wireless adapter to Ghostwall's allow list. I installed Ghostwall and it blocked my internet connection out. If someone can tell me how to do this then please reply. Thanks
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Re: GhostWall v1.000 - Free firewall for Windows XP/XP64/2000

    GhostWall is really good about showing exactly what it has blocked in it's blocked window. Do you see any numbers in the block counts like in the image below? If so, click on those numbers to see the specifics of what's been blocked, (brings up the blocked log), and that should tell you what the problem is.
     

    Attached Files:

  3. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    Re: GhostWall v1.000 - Free firewall for Windows XP/XP64/2000

    I tried what you said but when you click on the numbers all you can do is see a little bit of info. I need to configure it so all of my internet connections are allowed so that GhostWall doesn't block them out. There has to be a way to do this. I can't find one and I have tried all kinds of stuff. I have never used a firewall before that is this hard to configure. Please reply if anyone can help me figure this problem out. Thanks
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Re: GhostWall v1.000 - Free firewall for Windows XP/XP64/2000

    Doesn't clicking on one of the numbers under the blocked column open up a new window with a display of the last 50 block tranactions? It's there that the information will be regarding what is being blocked. Knowing what is being blocked with tell you what needs to be allowed.
     
  5. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    Re: GhostWall v1.000 - Free firewall for Windows XP/XP64/2000

    I did that and a window did pop up. I saw all the stuff that was being blocked. My question is isn't there a way to allow the internet connections from within the firewall? All it shows you is a little info but you can do anything else. I tried left clicking on the blocked stuff and right clicking with no results. Same as what I said before there has to be a way to unblock or allow programs and internet connections from within the firewall.
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Re: GhostWall v1.000 - Free firewall for Windows XP/XP64/2000

    Well, you don't specifically allow your internet connection in this type of firewall. There is no applet like in a ZA or similar application firewalls that identifies your Internet connection method and then automatically configures the firewall to allow it.

    The reason I was asking what's being blocked is because it may well be something simple in the list of block packets that is preventing your internet connection from working. If you have not adjusted the default rules that came with GhostWall, then it could be a few different things. My first guess would be DHCP, since the sample rules that come preconfigured don't allow DHCP. But then, you haven't said what is being blocked, so I am only guessing.

    But, in any case, this is a very basic type of packet filtering firewall with no autoconfiguration utilities. If you don't want to manually craft a few rules, based upon what's being blocked and what type of network connection you have, then you won't be able to get it working I'm afraid.
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Here, this quick set of rules may help. It's a simplified set from what I'm actually running, but it provides the basics for inbound control, (at least, once you enter the IP addresses of your ISP's DNS servers in the places provided). The DHCP rule could be tighten for the specific broadcast addresses used, but this one will work. No outbound restrictions have been set.

    I put in that "Private LAN Allow All" assuming you were on a fairly normal home wireless and actually want to allow your other local systems to have inbound access. It's basically just a sample of what you could do. As you learn more about making rules, you can get really specific and add known addresses, and ports/ranges for things, as needed.
     

    Attached Files:

  8. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    I finally got it to unblock but I am not sure if the way I have it set is still protecting my computer. Here is a screenshot of how it is set now. I just don't want the setting I put in to allow everything. I want to make sure the protection is still there. So please check the attached screenshot and let me know. Thanks guys.
     

    Attached Files:

  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Sorry planecrazee, but that very first rule you have there is actually allowing everything (all incoming and outgoing, to/from any address and port on the Internet). It has in effect made the firewall completely open and no longer blocking anything at all.

    Take a look at my rules in the image above your post. The first rule allows all outgoing since at this point, I didn't want to restrict anything run on my PC from getting out. The rules that follow that one are those that allow a limited amount of incoming traffic...

    Incoming "loopback" is enabled for the PC itself, because there are many things on the PC that need to talk back to itself.

    I have two rules that allow domain name lookups, each has one of the IP addresses provided from my ISP for their DNS servers.

    The DHCP rule is probably one you need because if you PC is connecting to wireless by scanning for available wireless connections, and then "acquiring a network address", then that is likely occurring with DHCP.

    Next, my LAN allow rule is not allowing "Any" for remote addresses, as that would be the entire Internet, but is limited to the address range of my LAN, ie. 192.168.*.*

    Finally, the last rule should always be a "block everything else" rule. Effectively, this is the rule that provides all the protections in my rules configuration. Anything not specifically granted in the rules above it are blocked by this rule, which of course is the key point of a firewall.

    The rules in my image might be ones that would work for you. If you use those and still can't operate fully, then you must click on those "block numbers" and figure out what is being blocked that is preventing you from working properly.
     
  10. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    I deleted the first one I had in and tried to add in a remote IP. I'm still not sure if it is right. I left the rest as default.
     

    Attached Files:

  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I really recommend deleting all the existing rules and entering mine from scratch, and then seeing what else might be getting blocked that shouldn't be, or that might be causing you connection errors by checking the blocked packets.

    You see, the rules that come with GhostWall are more like "sample" rules, rather than valid default rules. I'll give you an example. In your case, you are running on a wireless LAN, and I assume you are getting an IP address in the 192.168.*.* range on that PC. Therefore, the first "LAN allow" rule that says "Allow All..." with 'Local IP' 192.168.*.* and Remote IP 'Any', is basically allowing anything in from anywhere on the Internet.

    All people's network configurations vary some, and therefore they all need rules that are applicable for their environment. The rules I gave are a set that work on a wireless connected laptop that I have here, which uses DHCP to acquire its IP address when first connecting to the LAN that is using the 192.168.*.* address range. Since that sounds like your setup, those should be a good starting place for you, too.
     
  12. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    I fixed it like yours except I didn't do the loopback thing because I don't know what that is and if I need it. I added two private lan rules because it was blocking two remote ip's. I also didn't know if i had to add local ports in so i left them as any for now. Please review this again please so I can fix anything else. I am sorry to keep on bothering you like this but I want to get this perfect and so I know all of this for future configurations. Thanks man.
     

    Attached Files:

  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I'm a bit confused... You said you did it like mine, but you don't have any DNS or DHCP rules in your list. First, you have the global allow for outbound, which is what I have. Then a private LAN rule which will allow all local traffic inside your network. (That also is allowing DHCP since your router is your DHCP server and it's on a 192.168 address.) That third rule is basically the loopback rule, since the remote address is your PC's own 127.0.0.1 IP.

    You don't specifically have DNS in there, but applications allowed out probably can get their replies back from your DNS servers, I suppose.

    The effectiveness of such a firewall is based on how tight your rules are. Those rules look like they cover most of what you need, but again, they could be more exact. Specific rules for DNS and DHCP, which cover the specific addresses of the known servers you are using would be tighter, but may not be critical.
     
  14. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    I know I didn't add some stuff in but that's because I am totally lost in that area because I have never had to deal with stuff like that. Can't I just have the outbound rule and my private lan one? With those two it should be fine. The loopback and the others you have in you don't really need right? All I want to do is configure the firewall to protect my computer and for me not to have to remember tons of rules and spend hours figuring them out. Also is there a way to suggest additions for the firewall to the maker? I want to see if he would be able to add in app controls because I don't understand how you can have a firewall without it. Thanks
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Oh, wait a second! You removed the final block rule. Without that you have no protection again!

    Most rules based firewalls require that every condition be account for in the list of rules. Without a final block all (with 'Any' across the board in the columns), you again have no protections from this firewall.
     
  16. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    I'm afraid this firewall may not be for you then. :doubt:

    Now, the rules in my screen shot probably will give you what you want, but, they may still need a little tweaking. Once done, then you may never need to think about them again. But, you can't just free-wheel with the rules without doing a careful analysis of what's being allowed and blocked. The fact that the quick scan I just did above, and failed to notice you removed the block rule, shows that you must work through these rules at least once with care.
     
  17. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    I fixed the last rule. But I want to wait till you reply to my previous reply. So all I really need is Allow All Outbound, Private Lan, and Block All - right? Those are all I understand and maybe the loopback one. Thanks
     

    Attached Files:

  18. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    All right thanks man for all your help. I will probably just find some other similiar free firewall. Do you know any real good firewalls that I can use along side Zonealarm? If so then please let me know.
     
  19. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    Oh I forgot that I only use free firewalls so if you know of any please reply. Thanks
     
  20. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    I finally got it for real and it actually works affectively. I just have one more question pertaining to the loopback rule. When you look into the blocked lists and you see the local ports that are being blocked. When you enter the local ports under the loopback rule you take the lowest number then use - to represent all the other ports in the middle then enter the highest number last right? I am assuming this because you have to do it this way other wise it will block out all the local ports you need to be allowed. Please just reply to let me know if I am entering the local ports in the loopback rule correctly. Thanks again.
     
  21. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    Another thing to add to my previous message. When you are entering the loopback rule is the 127.0.0.1 remote IP the same for all computers? Once you reply to my previous message and this one I should be set. Thanks
     
  22. planecrazee

    planecrazee Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    13
    Location:
    Cinnaminson, NJ
    This is my current setup for Ghostwall. Everything seems to work and it is blocking other stuff out like it is supposed to.
     

    Attached Files:

  23. chrizzle

    chrizzle Registered Member

    Joined:
    Oct 9, 2005
    Posts:
    1
    It may be too late to respond to this but I just had to respond because I had the same configuration above and it still wasn't working for me. I looked all over the internet for a solution to this problem and could not find one. Maybe this solution will help others.

    I am pretty sure he has a similar setup like I do, I am using my desktop computer as a soft access point and running internet connection sharing. I spent quite a while trying to figure out how to get the wireless connection working and below is what I came up with. My problem was that I could not get an IP address with my wireless card on my laptop. I added the top line and everything works great and I feel secure. Hope this helps someone.

    http://home.alltel.net/cetheridge30/untitled.JPG
     
Thread Status:
Not open for further replies.