View Full Version : local loopback and hosts file

19 Oct 2004, 06:47
Ok help me to understand if you will. I created a hosts file that i use to block sites and route it back to my local loopback In any event, when reading the secure connection recommendations for outpost it states to turn off localloopback and do it at the application level which is what i ahve done. Here is my question how can I get the host sites to resolve to the localloopback if its globally blocked? Do I add it to firefox cause if so it is not appearing to work. Thanks for the help

19 Oct 2004, 08:51
Disabling the Loopback rule in Outpost will not affect the hosts file at all - it simply prevents programs from communicating with each other via Windows' network subsystem without a specific rule to permit them (which prevents any malware on your system from exploiting local proxy software to gain Internet access).

19 Oct 2004, 10:29
Maybe I'm missing something or I asked it wrong here is more specifically what I'm asking how to resolve. If i disable the local (global loopback) it shows up in the blocks as system localloopback as it should thats all fine. But the problem is this
I have the host files mapped to
so if i go to www.ihatespam.com it goes to the loopback of
well since the loopback is blocked then firefox popups up saying hey bud i can't connect to that site. Where if i allow the loopback then i get no popups at all. thats what i'm trying to fix. thanks

19 Oct 2004, 12:51
You can create a rule in Firefox allowing it to access, but its normal ruleset should already cover this. Have you created a global rule blocking access to and made it a priority rule? If so, I would suggest removing it - it should not be necessary.

19 Oct 2004, 15:22
that has been done same problem.
only way i can solve the problem is put a check it allow loopback under global rules. cause i have loopback enabled in firefox, but whats strange it firefox allows it but then i look at the blocklist and it says like ad.doubleclick.net or whatever and it says system tcp inbound localhost block all activity

only reason i'm even concerned about it blocking is because if it blocks to loopback i get annoying popups in firefox when it blocks a site off the ad list.
where if loopback is enabled it resolves instantly and i get no timeout errors.

19 Oct 2004, 15:27
Some people need to create a rule for incoming traffic from for Firefox. See Outpost 2.5 - what to expect (http://outpostfirewall.com/forum/showthread.php?t=11836) - Known Issues.

20 Oct 2004, 13:55
Okay, I just added the Global loopback back until this issue is sorted. Thanks for the help. I have done everything you have recommended and I really enjoyed your guide and recommendations. Firefox isn't blocking LocalLoopback which is good cause I did as you said however websites that go thru the host files that I'm using appear to use system and system does have it blocked. Anyway, thanks and I'll check back if i find something that fixes this problem. ONce again thanks.

20 Oct 2004, 17:08
Okay this has been buggin me so I will ask sorry for the repeat just wanna make sure i'm clear on this.

Are you saying that if i use a host file with firefox and disable about the global allow local loopback rule that i will get the annoying can not connect popups constantly? EVEN IF i add the incoming and outgoing localloopbacks to firefox? Sorry to be a pest just trying to understand cause I constantly get the alerts saying it coudln't connect to ads.clicknet.org or whatever which is in my host files as
and i look in the block list and i get the following.

12:17:24 AM SYSTEM IN REFUSED TCP localhost 2129 Block All Activity

21 Oct 2004, 00:50
Hi bigT,

I use fx .0.10.1 and have a hosts file.
1) System Global Rules: Allow loopback is UNCHECKED, Allow LocalHost UDP Connection is CHECKED
2) Application Firefox rules: normal browser rules. I do not have an allow inbound localhost rule (for some reason my fx works that way, but do have one for outbound localhost no remote port specified).. I'd like to mention that, in my case, whether outbound local host (in fx rules) is allowed or blocked seems to make no difference. You may need both the inbound and outbound localhost rules to be allowed.

Have you tried uninstalling fx (saving your profile just in case), then re-installing it?

P.S. I do not believe the guide says to turn off loopback at the application level, only in the System Global rules.

21 Oct 2004, 07:24
No I don't have it turned off at the application level I have only the applications that need localloopback granted. I have step one exactly like yo have it. Step two i have like you have but I have one for inbound as well. I show NO INDICATION OF FIREFOX blocking anything in relation to loopback only System. But when the system loopback is blocked firefox gives me this annoying pop saying it can't connect cause its pulling the dns from of the site i'm trying to go to from the host file which resolves as the local looopback.

21 Oct 2004, 07:56
I do not have the problem you describe and I do NOT have a global loopback rule at all. I just deleted it from the list, I could have left it unchecked. Have you modified this rule from allow to block? I am asking because of the word 'blocked' you used. The guide says to either disable it (by clearing the checkmark next to the name of the rule in the list) or delete it.

21 Oct 2004, 16:05
Well am going on the assumption that when you take the check out of allow the opposite of allow is to block. That is why I use block. So when you use the HOST FILES you get no connection alerts from firefox? Very interesting. I don't think its firefox I think its how the host files work. The host files (not sure on this but just theory of mine) work as global system so if they resolve to the local loopback and the check mark is taken out of the global rule of allow loopback then it gets blocked. Once it gets blocked then firefox sees it as an invalid address and prompts the alert.

22 Oct 2004, 00:31
From what I have been reading, for example here (www.mvps.org/winhelp2002/hosts.htm), the HOSTS file is checked before any dns resolution is made , so it should not have anything to to with a firewall.
I know my hosts file is blocking stuff because I use eDexter (www.pyrenean.com/edexter.php) in conjunction with it and it keeps a log of what is being 'blocked'.
I guess we need more info (by Agnitum) on how this whole loopback thing works.
Meanwhile, could your hosts file be bad? Have you tried re-installing fx?
With or without eDexter, I get no alerts from Firefox (unless, of course, I type a blocked site's url directly in the address bar) and none from OP.

I will try and get a clarification on the global Allow Loopback rule (or any rule) because I do not think that unchecking the rule means it is blocked.

22 Oct 2004, 03:51
About the allow loopback system rule:

If you are in Rules Wizard mode and you uncheck the global rule for allowing loopback, it does not mean Deny. You will simply be asked on a "per application" basis to create a rule for loopback. (Thanks go to David for this clarification.)

22 Oct 2004, 05:11
Ok and you just basically answered my question in your previous post where you stated unless of course I type a blocked site's url directly in the address bar. Well I'm not typing it directly in the adress bar but still get the annoying popoup. like for instance if i go to suprnova.org i get cjc1.java.net or whatever its called popup saying it can't connect to that. but if i allow loopback on the global scale it works fine (and yes firefox has both inbound and outbound loopback enabled) and i have no rule in global to block.

22 Oct 2004, 06:24
I understand exactly what you are describing and that has to be very annoying indeed. I am wondering if this pb has something to do with firefox, some extensions or configuration. Have you tried a new profile? or re-installing fx? What version of fx are you using?
I'll try and search the mozillazine forums...

EDIT: forgot to ask:
what happens if you exit and shutdowm OP temporarily? Are you sure your hosts file is ok?
Running out of ideas, but have you checked for malware ?

22 Oct 2004, 07:18

Please check your Outpost Blocked logs - if Firefox has any traffic to loopback blocked, these should give the reason why. Also check that this address is not showing as being blocked by the Attack Detection plugin.

23 Oct 2004, 00:15
Hi bigT,
Have you tried another browser? If so, do you still get the prompts for sites 'blocked' by your Hosts file?

23 Oct 2004, 12:36
Sorry for the Delay in response was Hunting since its Opening Weekend :) IN any event:

Please check your Outpost Blocked logs - if Firefox has any traffic to loopback blocked, these should give the reason why. Also check that this address is not showing as being blocked by the Attack Detection plugin.
I looked in the log and I see no mention of firefox traffic being blocked by outpost local host is only listed as being blocked with system.
The attack Detection plugin
Checks clear. I have the settings set to low and nothing checked in there.

Minoka in regard to using another browser I tested it with IE and instead of getting the annoying popup I do still get the block on the system level
8:27:43 PM SYSTEM IN REFUSED TCP localhost 2353 Block All Activity

Thanks again

24 Oct 2004, 02:48
Hi bigT,

When you created your hosts file, did you make sure the first line is localhost
I assume you did, but it does not cost anything to double-check!
I am truly out of ideas (and assume you tried some or all of my suggestions), let's hope someone comes to the rescue...

24 Oct 2004, 02:57

Are you using any local proxy software (like Proxomitron, WebWasher or AdSubtract) with Firefox? If so, then all the comments about creating a rule to allow outgoing access to the loopback address apply to the application rules for these also.

As for your log entry, for incoming connections it is the local port that is important - please right-click on the main log window, select Columns... and check the Local Port entry to display this. Then check Outpost's Open Ports section to see which application has that port and was therefore the intended destination.

24 Oct 2004, 05:48
Paranoid I have tried 2 times to do exactly what you stated. Here are the results. The funny thing is I see no open port for HTTP I checked open ports several times to make sure I wasn't over looking it.

1:42:56 PM SYSTEM IN REFUSED TCP localhost 3858 HTTP Block All Activity
1:42:54 PM SYSTEM IN REFUSED TCP localhost 3855 HTTP Block All Activity
1:42:35 PM SYSTEM IN REFUSED TCP localhost 3852 HTTP Block All Activity
1:42:33 PM SYSTEM IN REFUSED TCP localhost 3845 HTTP Block All Activity
Open ports show nothing for http 80-83

Also thanks for your help guys i appreciate it.

24 Oct 2004, 12:35
Well something in your Firefox setup is expecting you to be running a web server or proxy. Did you have any of the programs I mentioned previously installed? Have you altered Firefox's proxy settings at all? What extensions are you running? (one of them could be responsible).

24 Oct 2004, 12:59
Proxie Programs is a negitive
Extenions: I use adblock but its turned off now that i use outpost and host files
Proxy Alter in Firefox: Yes I did change it to manual and had it use for all ports however I have it set on Direct connect to Internet. I took and cleared all the information under manual and ensured the radio button was on Direct connect to internet and tryed the test again with the same results. Thanks again!

26 Oct 2004, 13:02
Paranoid: any Idea? I have ran out of options but you seem to always bring something out of that magic hat of yours :)

28 Oct 2004, 12:43
I can only conjecture that there is something amiss with your setup that is causing Outpost to misidentify Firefox traffic as System traffic or that other software is somehow involved. Try accessing a domain in Firefox again and in the Blocked logs, check to see if the local ports (the ones with varying numbers) are also reported in the Open Ports section as belonging to Firefox. Also try accessing the directly in Firefox (just to ensure that there is no issue with DNS lookup configuration messing things up).

If the local ports do belong to Firefox, then try updating Windows's MDAC drivers (MDAC 2.8 is downloadable from here (http://www.microsoft.com/downloads/details.aspx?FamilyID=6c050fe3-c795-4b7d-b037-185d0506396c&DisplayLang=en)) - see Making Outpost Smooth (http://outpostfirewall.com/forum/showthread.php?t=9600) for the symptoms and cause of possible MDAC problems. If they belong to another program then check its rules - and consider disabling it if it is "interfering" with Firefox.

Another possibility is other software interfering with Outpost - if you have anything that provides low-level networking functions (this includes other firewalls, packet sniffers, port monitors, network diagnostics and VPN software) then try disabling them.

29 Oct 2004, 16:19
Paranoid in the open ports I see no listing at all for any verifying numbers all i see is System blocked HTTP I look in the open ports and i see no HTTP listing at all. When I type in the address bar it can not access. any other suggestions. I have thought of just adding a rule to the system to allow localloopback where http is the port to solve this problem, just don't know how secure that would be.

29 Oct 2004, 19:31
You won't see an HTTP entry in Open Ports unless you're running a webserver. What I meant was looking for the other ports listed since these should have a corresponding entry in Open Ports which should provide the name of the application.

Adding a rule of the form Protocol TCP, Incoming, Local Port HTTP, Remote Address, Allow shouldn't pose too much of a security risk as long as you access the Internet via a router with its own firewall. If you rely on Outpost only, then there is a possibility that this rule may allow spoofed packets (with a faked sender address of to slip in.