Page 5 of 5 FirstFirst 12345
Results 41 to 49 of 49

Thread: internet connection is not working with ARP protection enabled in one LAN

  1. #41
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Maybe a description like this will help?
    Be free to ask about any of the following screen shots and we will fully discuss:





































    Message Edited by Oldsod on 02-26-2009 05:33 PM
    Best regards.
    oldsod

  2. #42
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Hello Oldsod,
    thank you for your very nice screenshots. I tried everything what you wrote but nothing changed.As ohjeez wrote it his thread:http://forums.zonealarm.org/zonelabs/board/message?board.id=cfg&amp;message.id=53543<blockquo te>&quot;The problem with this protection mechanism is such that it causes the lost of connectivity after a certain amount of time.
    I have looked into this problem and it seems that my router/gateway periodically send ARP Request packets directly to my MAC address yet ZoneAlarm is blocking this, despite that it is coming from the gateway's MAC address. Since my router is not getting any ARP replies back, it does not know where to send packets back and therefore causing a lost in connectivity.&quot;
    </blockquote>this happens periodically to me too.
    there must be some interference between ZA and Skype because when I set skype status to offline or shutdown skype connection works again

    Message Edited by miamia on 03-05-2009 11:17 AM

  3. #43
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN


    <blockquote><hr>miamia wrote:
    Hello Oldsod,
    thank you for your very nice screenshots. I tried everything what you wrote but nothing changed.As ohjeez wrote it his thread:http://forums.zonealarm.org/zonelabs/board/message?board.id=cfg&message.id=53543<blockquote>" The problem with this protection mechanism is such that it causes the lost of connectivity after a certain amount of time.
    I have looked into this problem and it seems that my router/gateway periodically send ARP Request packets directly to my MAC address yet ZoneAlarm is blocking this, despite that it is coming from the gateway's MAC address. Since my router is not getting any ARP replies back, it does not know where to send packets back and therefore causing a lost in connectivity."
    </blockquote>this happens periodically to me too.
    there must be some interference between ZA and Skype because when I set skype status to offline or shutdown skype connection works again

    Message Edited by miamia on 03-05-2009 11:17 AM
    <hr></blockquote>


    I would suspect the skype is involved - skype can break the router's firewall and obtain a connection to the computer and break the software firewall and get a connection to the skype application.
    This is done basically with spoofed packets by the skype server showing the connection is not incoming but is an actual return connection to an already established connection.

    (If people seriously believe any router's hardware firewall is absolutely infalliable they should think again - routers can stop maybe 98% not 100 % of the incoming connections.
    The difference of the two percent is the exception and it may never happen but the router itself is not perfect.
    One of the reasons why I use an invisible bridging hardware firewall and two double NAT routers at the perimeter for protecting my home LAN - to keep out a dedicated hacker from breaching the home LAN. Even though I use the ZA as a software firewall and use a dedicated IP blocker at the same time.)


    It uses a default 192.168.0.0 - 192.168.255.255 IP destination to find any computer and this may include a broadcast, which would include then have the router's MAC involved.
    If this is so, then the ZA maybe 'over protecting' and dropping these packets and at the same time then dropping the usual broadcast and ARP connections.

    Try it with the ARP protection 'Off' in the ZA, reboot, and sees if it still happens.

    Oldsod.
    Best regards.
    oldsod

  4. #44
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    When I stich off ARP protection everything works perfect.But when I have ARP protection enabled I turn off pc then turn it on (skype is not started) and it happens again - ZA blocks ARPin from router (this is the reason why it happens). But what's more when I move
    zone slider
    up and down it works for a while again. strange behaviour.

  5. #45
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Hello Mia.

    ARP protection is only needed if using an unsecured wire less router/LAN (to protect from war drivers or somebody attacking your computer using the same wireless access point) OR if the LAN network is wired and there are possible unknown or risk users sharing the LAN.

    The ARP protection is not needed if the wireless is not used (wired only) and if there are no known risky users on the wired LAN.

    Since you have Expert Rules for the correct dhcp server for the broadcast and the MAC, these expert rules have now replaced the ARP Protections by themselves.
    In other words, the ZA's ARP protection has been replaced by ypur own hard rules and ARP protection is not needed for these LANS for which you have created the specific expert rules.

    So do not use the ARP Protection in the ZA, as there is no real need to use the ARP Protection in the ZA since your replaced the possbile ARP spoofing by the Expert Rules.
    And the skype will work okay and the network will maintain it's connection at the same time.

    There probably is a special rule to be used to allow the skype and maintain the connection, but the issue may be seen in the logs (logging set to high for everything) to give some indication of what is needed to be allowed.

    Oldsod.
    Best regards.
    oldsod

  6. #46
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Hello Oldsod,
    please I have one more question: Is there any way how could I turn off ARP protection in ZA for specific network (for example for currently used LAN with ARP problem) and leave it enabled for all other networks? (One way is set access rules for all LANs but when I will be in new LAN I think I forget to set the new rule for this LAN. I would like to have ARP protection enabled for all other and new LANs but disabled for currently used LAN. is it possible?)
    thank you
    have a nice day
    P.S. Maybe I will post here my log files so If you have time you can check it please :8} or could I send it to you
    via email?

    Message Edited by miamia on 03-10-2009 09:16 AM

  7. #47
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN


    <blockquote><hr>miamia wrote:
    Hello Oldsod,
    please I have one more question: Is there any way how could I turn off ARP protection in ZA for specific network (for example for currently used LAN with ARP problem) and leave it enabled for all other networks? (One way is set access rules for all LANs but when I will be in new LAN I think I forget to set the new rule for this LAN. I would like to have ARP protection enabled for all other and new LANs but disabled for currently used LAN. is it possible?)
    thank you
    have a nice day
    P.S. Maybe I will post here my log files so If you have time you can check it please :8} or could I send it to you
    via email?

    Message Edited by miamia on 03-10-2009 09:16 AM
    <hr></blockquote>


    Hi Mia.

    Unfortunately the ZA setting for the ARP protection is an either On of Off arrangement.
    I think this is a feature introduced years ago when desktops were nost common and laptops were nowhere as common as it is today, thus the computer never left the desk and used the same gateway all the time and the arp protection was then and still now a On of Off setting.
    Maybe this will change soon in the ZA and there will be more customizeable networks in the Zones of the Firewall...with the masses of laptop and portable computers we now have in use that use so many different networks (even in the ame day).

    I understand your point completely and agree - the special settings should be in the Zones per gateway for custom ized arrangements.

    Post your logs?
    Do you have any other unresolved issues or just certain particular questions about the logged events, then yes, please post the log with your added questions.
    But if things are all okay and the connections are all legitimate, then no there should be no need to post the logs.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

  8. #48
    miamia Guest

    Default Re: internet connection is not working with ARP protection enabled in one LAN

    Hello Oldsod,
    thank you for your reply. More customizable options for every gateway would be great feature! I will keep my fingers crossed

    Hope to
    see this feature in
    ZA
    soon.
    at this point I have no other unresolved issues.
    Thank you for your help and please give my regards to ZA developer team.

  9. #49
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: internet connection is not working with ARP protection enabled in one LAN


    <blockquote><hr>miamia wrote:
    Hello Oldsod,
    thank you for your reply. More customizable options for every gateway would be great feature! I will keep my fingers crossed

    Hope to
    see this feature in
    ZA
    soon.
    at this point I have no other unresolved issues.
    Thank you for your help and please give my regards to ZA developer team.
    <hr></blockquote>


    Hello Mia.

    Thank you.
    I was glad to be able to help with a few things.
    Best regards.
    Oldsod.
    Best regards.
    oldsod

Page 5 of 5 FirstFirst 12345

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •