Firewall question - zone labs free software

[sinij]

I recently reinstalled my system (moved OS to my new raptor harddrive) and that when Zonealarm started to fuck up on me. It used to work fine before reinstall but now it will lock my browser after long periods of inactivity and won't unlock it unless I reboot or turn firewall off. I also have my PCs behind Dlink DI-604 router, so I'm not too worried about having firewall down, but still would like to fix this issue. Any suggestions, help or pity appreciated.

[Nija]

I've always considered being behind a NAT router to be fine security for most things.

Maybe the problem is that you have XP's built-in firewall and zonealarm fighting over every packet.

Personally, I don't run any software firewalls.

[Viin]

I agree with Nija, software firewalls always seem to just cause problems and slow stuff down. Even when you give access to programs (MMOs, online games, whatever) it still never seems to run as well as without them.

I also agree that NATs is usually enough. The only thing you might do is have a virus/spyware scanner run every once in awhile, but it doesn't need to be running when you are actually using your computer for CPU/Disk intensive actives like playing games.

[Evangolis]

I like running Zone Alarm even behind a NAT (and hardware firewalls should also do stateful packet inspection, I can't explain it clearly, but I'm convinced by the reasoning I have heard for it), because it gives me some hope that I will be able to block outgoing traffic if something does get into my system.  It is the same reason I don't auto-remember passwords on email accounts and such; if it is going out of my PC, I'd like to be aware of it.

Not that that is enough.  I recall we were having a problem getting a new 3rd-party designed webpage to work.  I was talking with the page author and our firewall administrator.  We finally discovered that our firewall, which was set to refuse connection by default and require specific authorization to hit any IP address (have I mentioned I am a network nazi?), was blocking a hidden link to page at Microsoft regarding Direct-X.  None of us, including the guy who did the web page, knew that it was going there, or why, but once we allowed that link, the page worked.  So you can't be completely sure, unless you are constantly watching the datastream, what is really happening out there.

[Shockeye]

So you can't be completely sure, unless you are constantly watching the datastream, what is really happening out there.

I prefer to think of your story as once again proving that Microsoft is behind every evil in the world.

[Pococurante]

The current rootkit fiasco with Sony music discs is all the confirmation you need that a firewall on each PC is useful too.

[Shockeye]

The current rootkit fiasco with Sony music discs is all the confirmation you need that a firewall on each PC is useful too.

What a software firewall on the PC have stopped it though? Wouldn't the hiding of the application itself hid it from the firewall?

[HaemishM]

This looks like as good a place as any to ask my puzzling router/game question.

I have a cheapo FMI/CompUSA router, the one that doesn't even have a label or firmware upgrade. 4-port DSL router. Now, it works fine with little fuss. I'm able to connect to every MMOG available on the market except 2, Second Life (which may be a problem at their end since others have had similar issues since their latest patch) and the Everquest 2 Trial of the Isle. No, I'm not trying to play EQ2; the wife wants to try it out. I had no problems with EQ2 in beta as far as running the game on the current connection (which was using ICS and not this router).

But when I try to run EQ2, I can login, patch, and get to the character selection screen. But as soon as I try to enter with any character anyplace other than that damn boat tutorial (and sometimes that), it won't connect. It'll just send me right back to the character selection screen. No error messages (or at least not one that stays on the screen long enough to read it), just plop, right back to character select.

I've read their SHITTY SHIT SHIT SHIT FAQ Knowledge Base thing. It is no fucking help. Raph, if you read this, shoot everyone in SOE's CS department that is writing stuff like this idiotic article or this gem of retardation. Also, shoot any jacktard that wrote the statement "We don't support NAT routers" because he forgot the line after it which should say "Even though every other goddamn commercial MMOG has no problem with them whatso-fucking-ever."

I've tried setting up my router to do port forwarding on the ridiculous amount of ports that article claims needs to be open. I've tried setting up both ZoneAlarm and WindowsXP Firewall with the settings given there. My wife has talked to tech support on the phone, which was useless, since all they do is mouth the same bullshit answers found in the FAQ back at her like Mr. Ed with peanut butter on his lips.

Seriously, has anyone had this kind of problem? Does EQ2 really not support DHCP-equipped routers? Isn't that a large portion of the people who have home networks? WTF?

[Sky]

I've played EQ2 from behind my NAT router, though I don't use DHCP. I also like software firewalls so I can at least try to keep rogue apps from accessing the network.

But I don't have any solutions for any of these problems 

[Trippy]

The current rootkit fiasco with Sony music discs is all the confirmation you need that a firewall on each PC is useful too.

What a software firewall on the PC have stopped it though? Wouldn't the hiding of the application itself hid it from the firewall?

The Sony music player that installs itself with the rest of that crap connects to the Internet to download banners. A software firewall would be able to catch (and prevent) something like that. The latest version of Zone Alarm includes some protection against malware installing itself but I don't know if it offers any protection against Sony's XCP rootkit install.

[Trippy]

I played the EQ2 beta behind my router using NAT with no problems and I don't recall having to open up any ports on my router. Is your router/firewall/ISP blocking ICMP packets to your machine?

[HaemishM]

I played the EQ2 beta behind my router using NAT with no problems and I don't recall having to open up any ports on my router. Is your router/firewall/ISP blocking ICMP packets to your machine?

I don't know. The software that comes with the router is a bit barebones. I don't think that it does, or if it does, I think I tried that already.

[Nija]

http://www.newegg.com/Product/Product.asp?Item=N82E16833124010

Zone alarm and every software firewall in existence sucks.

[SurfD]

http://www.newegg.com/Product/Product.asp?Item=N82E16833124010

Zone alarm and every software firewall in existence sucks.

That is the same router that i am currently using.

However, untill they design a hardware firewall that will warn me when "program x" which i have never heard of, and dont recall installing, is trying to open an outgoing connection for reasons i dont understand, I will stick to running ZoneAlarm just in case.

[Nija]

Well, I thought I saw a wrt54g custom firmware that let you set BigBoy firewall rules, but I can't find it.

You could deny all outbound traffic and just add the ports needed, if you want to be Captain SuperSecure. I do this now at work, and it's a hassle.

Guess you could do it at home if you really wanted. Get a cisco pix 515 or just throw m0n0wall or pfsense on a spare box and go nuts.

[Shockeye]

You could deny all outbound traffic and just add the ports needed, if you want to be Captain SuperSecure. I do this now at work, and it's a hassle.

Problem with that is some suspicious malicious program could use a common port to get through a firewall.

[Viin]

.. router issues ..

Did you happen to try it without the router? Just to see?

If that still doesn't work then i would look at the settings for zone alarm and your windows firewall - start by turning them both off to see if that helps.

[HaemishM]

I was trying the game BEFORE I ever installed either of the software firewalls. I was using them to try to force ports open, figuring I might have gotten the port forwarding wrong on this router. I haven't gone directly into the PC, as that's just a PITA to do. It also shouldn't be necessary, since you know, EVERY OTHER COMMERCIAL FUCKING MMOG WORKS. Pigfuckers.

Not bitching at you, just at this stupid, shitty shit shit shit game that I don't give a flying fuck about playing, but I do give a fuck that it should be working without any input from me if my wife wants to play it. Fucking SOE.

[Yegolev]

When pants become this complicated, everyone is going to see my ass.

[Viin]

Heh I hate problems like that.

Does your router support putting an IP into a "dmz"? That's suppose to remove any filter/etc affects the router might have, but it doesn't sound like that's the case. It's possible that your router just doesn't support NATs quite as well as it should and the MMO is doing funky stuff that trips up the router.

Borrow a buddy's router (different brand, preferrably) and see if that helps. I usually have 2-3 old routers just laying around, so if you lived in Denver I'd have a couple for you to try.

[HaemishM]

It does have a DMZ filter. I'm supposed to put the IP of the computer I'm playing in that field?

[Viin]

Yah, that's how you do it. Put the IP of the computer you want to be in the DMZ into that field.