Page 1 of 5 12345 LastLast
Results 1 to 10 of 49

Thread: internet connection is not working with ARP protection enabled in one LAN

  1. #1
    miamia Guest

    Default internet connection is not working with ARP protection enabled in one LAN

    Hello,
    I would like to ask you one question. I have usually ARP protection enabled. But when I am in one LAN (only in one lan) I can
    open only first web site (url does not matter) and when I want open another site internet connection seems to be blocked - so I cannot open another website. When I disable ARP protection everything works perfect again.
    Why?

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Hi Mia

    Wow! You are keeping me busy!
    But I have to tell you I really enjoy your questions!
    A little more challenging than the usual posted questions in the forum.

    If there is only the one computer on the LAN and it is wired connection with no wireless or wifi AND there is some sort of hardware NAT firewall in front of the computer (either a router or a NAT able DSL modem for example), then the ARP protection is not even needed.

    The ARP protection is only needed if there are other unsafe or unsecured on the same LAN OR is the LAN is a wireless network.
    Because those two instances are the only times when it is possible for an attacker to launch an ARP attack and thus take over that computers connections either through by assuming the role of the usual DHCP server OR by grabbing the ongoing packets to and from that computer.

    ARP is not used beyond your computer's connection to your internet providers network or it does not go any further if using a public wireless access point (for example).
    The ARP itself is using broadcast (255.255.255.255) and the correct MAC of the networked devices to establish and maintain the connections for the flow of the packets between the connected devices.
    Your own network, say for example is a modem plus a router and the computer.
    The ARP is only established between the router and the computer - this is one network by itself (private network based on the route table of the router). It is only the computer and the router that actually share the ARP (for lack of better wording).
    Your next connection is the router to the modem - these two share their own ARP but this network is seperate from the router and computer. Hence the network between the router and the computer is using a different ARP than that of the router and the modem.
    The modem is connected to the internet providers network and this network is another "ARP" - and this network is client to the provider network but it is seperate from the actual internal network of the provider which is another "ARP" . That internal network of the provider is seperate from it's border network which connects to the backbone or usual access internet server..... and the main backbone servers of the internet are using their own ARP.
    All done by the continuos IP address/network connections by using the ARP and the MAC (and using BGP for the internet backbone servers).
    A continual series of "mini" network connected to each other until your packets reach the final destination. The entire internet does not work just by addresses and ports alone but also by the lower layer of the "Link Layer" (just the everything else including the home users local area network) which means the main server are connected to and interconnected using the MAC and ARP and the various protocols.

    http://en.wikipedia.org/wiki/Media_Access_Control

    http://www.comptechdoc.org/independe...de/netarp.html

    http://en.wikipedia.org/wiki/Border_Gateway_Protocol

    http://en.wikipedia.org/wiki/Link_Layer
    <hr>



    If enabling the ARP protection in the ZoneAlarm means there iare web sites not loading, then is more than likely the correct DHCP and DNS servers are not entered into the Zones of the Firewall of the ZoneAlarm. Doing so should remedy the problem.

    Please keep this quality of questions coming - I very much enjoy these!
    Best regards.
    Oldsod.
    Best regards.
    oldsod

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Best regards.
    oldsod

  4. #4
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Hi Oldsod,
    first of all I am sorry I didn't answer sooner, had exams..
    Usually I try to find some information about my
    questions in ZA help and
    on the internet.I know my questions are funny for professional like
    you and I am
    sorry about that but I learn with every word :-) So thank you very much for your thorough explanations and links (in all my forums).
    Today I configured my another router Cisco-Linksys VRW 200 and the same thing happened again - I worked only over wire PC-&gt;router (connection
    to WAN was unplugged) and from time to time my pc didn't get answer from router (in my first post in this thread I wrote It usually happens only in one network but this is the second). But what is interesting when I connect to my second (separated) network with
    Zywall 2WG I have never had this troubles (ZA config is without any change). Hm, but the truth is
    (I think)
    it happens when I am connected via wire and not wi-fi.
    My second step (after connecting VRW200 in my second LAN)
    will be ZA DHCP Expert Firewall Rule configuration like you did here: http://forum.zonelabs.org/zonelabs/b...=113275#M52287
    Hopefully it will resolve my troubles.
    At the end I have a question: I am using setting &quot;This computer is not on an ICS/NAT network&quot;. May I leave it unchanged or should I switch it to &quot;This is a client of an ICS/NAT gateway running ZoneAlarm security software &quot;?
    When I switch it to &quot;This is a client of an ICS/NAT gateway running ZoneAlarm security software &quot; ZA automatically fills in gateway address - but here is another question -
    when I will be in another network with different gateway does ZA recognize change of gateway address and refresh it automatically again?
    Thank you for your huge effort and patience.

  5. #5
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    I 've just fount this topic http://forums.zonealarm.org/zonelabs...ssage.id=54344
    so first option is for me as well. :8}

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Thanks for the appreciation.

    If you lock in the MAC and IP of the gateway/router in the desktop (presuming), then make sure the windows has that particular assigned IP locked in the properties of the network connection. And make sure the router/gateway that gave the assigned IP to the computer, that the assigned IP is static (the IP is locked in) and no longer dynamic.
    The lease for the computer IP should no longer expire (or get renewed and remain the same IP).

    This could be part of the problem you are experiencing - the router keeps assigning a new IP to the computer.
    After locking in the permanently assigned IP, then disable the DHCP Client in the Services of windows - it is no longer needed.

    You will however need to use the DHCP Client service if this is a laptop - there will be other old and new gateway/dhcp servers needed for the away-from-home LAN connections and of course for obtaining an IP for the laptop.
    Also if this is a desktop and the gateway is the DNS server (or if your DNS server's IP are constant and never change) you can lock in the dns server(s) in the Properties of the network connections and then also disable the DNS Client Service.
    Doing so both with a desktop does enhance security and saves a little on computer resources.

    Oldsod.
    Best regards.
    oldsod

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Yes for a computer behind a router/gateway, you select "This computer is a client...".

    If using an unsecured LAN with risk computer/networked devices sharing the network, then select "This computer is not on an ICS/NAT network".

    However, I rely on the selection in the lower part of the same panel in the "Network settings" to predetermine the settings before the laptop leaves the 'safe" LAN at home.

    And yes the ZA will detect any new network it encounters and handle these accordingly and safely.

    Oldsod.
    Best regards.
    oldsod

  8. #8
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Hello Oldsod,
    may I have a question?I saw this thread http://forums.zonealarm.org/zonelabs...ssage.id=53594
    and there is &quot;ZA | Firewall | Trusted Security Zone | first set the slider to Medium not High. Then open the Custom button. Select the &quot;Medium security settings for the Trusted Zone &quot;....
    Why should I use Medium setting for the Trusted Zone only? When I use High setting my connection is lost after time. But I would like to leave my Trusted and Internet Zone Setting on High.
    My current settings: Internet Zone- High,
    Trusted Zone-Med., unchecked &quot;Automatically check for security enf...&quot;, checked &quot;This comp is not on an ICS...&quot;. It seems it works but I will see how long time...

  9. #9
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    oh no, it happend again - lost connection. I tried to change Firewall - Zones: IP 192.168.1.0/255.255.255.0 Zone to Trusted and it works again now. How can I force it to work with zone=internet?

  10. #10
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    I have headache with arp setting.. I do not understand why in my first LAN with sisco-linksys router I have troubles and in my second LAN with Zyxell everithing works great without any special configuration in ZA.

Page 1 of 5 12345 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •