Pretty much nothing gets through Outpost on my system.

I suppose that's the general idea, but it is frustrating me as I can't get web pages, newsgroups or anything else through the net without switching Outpost off.

I'm running very plain vanilla Windows 98, with Internet Explorer 6.0. Apart from Outpost the only software loaded on here is Office XP, but the problem existed before Office was installed.

I've configured Outpost to ALWAYS TRUST Internet Explorer and Outlook Express. Even so, I keep getting timeout messages.

Am I doing something dumb? Maybe there is some fundemental point about OP that I've missed.

"the problem existed before Office was installed."

Hey,

Whatever happens do not pour Fosters over it.
What version of Outpost have you got running? Is it the free version or the fully paid up one? Have you previously installed other firewalls on your machine?
If you can answer these it will assist those with the know how.

I see this is your first thread. There are guys out there who can probably work it out but it's night time in the US at the moment so most replies will arrive later.

kazzi :)

Thanks.


Yes, I have tried other firewalls, with similar results. Specifically:

Mcafee, the one that comes with PC-cillin and Zonealarm. So far, the free firewalls have performed better than the commercial ones.

What's more, at least I can use the web if I set Internet Explorer as a trusted application. I'm having less luck with outlook express (which I only use for newsreading) -- it times out before downloading any messages, but it can download headers.

I've tried two versions of Outpost. The current version on my machine is 1.0.1817.1645. I can't tell you what the earlier version was as it has drifted off into digital heaven.

If it helps, I'm running 512kps ADSL, which works rather well when the firewall isn't in place.

I've just tested it with Outlook and that can't get through the firewall even when it is set as a trusted application.

Outlook works just fine with the Firewall switched off.

Hi. First of all, you don't want to put IE or OE in the trusted applications.
When you hold your mouse cursor over the Outpost icon in the system tray, do you see your correct internet IP pop up?
If you are using PPPoE and not getting the correct IP, you should try to install RASPPPoE.
When you start with a clean install of Outpost, you should be in the rules wizard mode. You will then be asked to allow IE, OE, and other programs that use the net.
Also, are you on a lan? Are you using the free or pro version?
Let me know.

I hope your nick doesn't reflect how you feel about your self. You can't be stupid if you choose Outpost. :)

Root,

"Mcafee, the one that comes with PC-cillin and Zonealarm"

Could there be some problems due to incomplete removal of old firewall files etc? Yesterday I removed quite a few ZoneAlarm things left behind in my registry from days gone by using information from an old thread.

PC Cillin has Some kind of web trap or something other than the firewall for firewall type protection doesn't it?
Yes, it is very important to make sure the computer has been cleaned of all remnants of previous firewalls, traps, etc.
Other firewalls have conflict problems too, they just don't always know it. Outpost works at a low level, so it is sensitive to other programs that are installed.

Originally posted by root
Hi. First of all, you don't want to put IE or OE in the trusted applications.
When you hold your mouse cursor over the Outpost icon in the system tray, do you see your correct internet IP pop up?
If you are using PPPoE and not getting the correct IP, you should try to install RASPPPoE.
When you start with a clean install of Outpost, you should be in the rules wizard mode. You will then be asked to allow IE, OE, and other programs that use the net.
Also, are you on a lan? Are you using the free or pro version?
Let me know.


1. I've only put them in trusted to see if anything can get through that way. As it is, I can only use the net with OP closed.

2. Yes, the IP address is correct.

3. Yes, I went through the rules wizard.

4. No, no LAN. I'm using the free version right now.

Originally posted by kazzi
Root,

"Mcafee, the one that comes with PC-cillin and Zonealarm"

Could there be some problems due to incomplete removal of old firewall files etc? Yesterday I removed quite a few ZoneAlarm things left behind in my registry from days gone by using information from an old thread.

No. This is a clean install of Windows. I did nothing before installing the comms software and OP.

Try going to options>system>global system rules and uncheck block unknown protocols.

Originally posted by root
Try going to options>system>global system rules and uncheck block unknown protocols.

Did this. Nothing changed. The blocked log gives me a whole list of messages that look like this:

ICMP Traffic n/a mail.ozemail.com.au Time Exceeded for a Datagram/1 Outbound ICMP

obviously this is for the mail server, but the web pages generate similar messages.

Are you allowing DNS out to your ISP? What is this comms software? Are you using a router?
Also RASPPPoE may solve the problem. I wish you would try that.
Most people like the RASPPPoE better after the install it.

Originally posted by root
Are you allowing DNS out to your ISP? What is this comms software? Are you using a router?
Also RASPPPoE may solve the problem. I wish you would try that.
Most people like the RASPPPoE better after the install it.

Excuse me if I seem stupid.

I've got "Allow DNS Resolving" ticked in the system settings. (If that is what you mean).

There's no router.

I'm not entirely sure what comms software I'm using -- presumably what ever comes with Windows 98.

I just followed my ISP's instructions: i.e. Install the ADSL modem driver.

System information says that RNAAPP.EXE (Microsoft's dial-up networking is running). I certainly can't find any reference to RASPPPoE in my system.

You do not seem stupid. I have learned not to assume anything when working on problems I can't see in front of me.
Your problem looks like DNS is not being resolved or there is something between you and the net that is not being allowed.
I am not familiar with DSL as I am on dialup and am trying what I can.
Try this for me. Select tools, clear all logs. Shut down Outpost. Go to the Outpost directory and move the Configuration.cfg file out and put it in a temp. directory.
Reboot. You may get an error message about no config file, thats fine we will make one.
In rules wizard mode, try to surf with IE. You should get a popup window to allow IE. Select the preset rules and try to surf. If you cannot, if you can get me a screenshot of the blocked log, that would be great. If not, then tell me what is being blocked.

Well, that seems to have the browser working....a little.

It's still loading very slowly, much slower than you'd expect. My ISP's home page loaded (minus ads -- what a great feature!) when I logged on.

When I tried to surf to another ISP page things timed out. I tried sending a reply from this forum but that also timed out. So...i'll switch off OP and send again.

I've attached a screen of the blocked screen log as there is a lot of blocking activity.

I'll try to get someone else to help with this one. May have to wait til tomorrow.
Sorry, I'm about out of ideas. The ICMP time exceeded is telling me that while the DNS is trying to be resolved, it is timing out. I don't know why your DNS is not resolving the way it should.
I'll PM David, and he can't get it we'll get Mikhail.

Hi stupidfatperson,

First, I am going to have to take root's word about the reason for the ICMP timeouts.

You started with a new configuration.cfg, so you should have default global rules and everything else for that matter. For the time being, anytime you get a popup, use the most appropriate preset rather than trying to create a rule for yourself. And, although I read through your entire thread, please forgive me if I ask you to try something that you have already tried.

First, go to Options -> Applications and make sure that you have no applications listed under the Blocked Applications section. You may have to double click on Blocked applications because sometimes programs can collapse under the heading similar to directories in Windows Explorer.

Next, go to View -> Layout and select all of the items located under Left Pane. After you do this, I want you to click on 'All Connections' and make a screenshot for me similar to the one attached below. Attach the screenshot to your next post. You may have to save the shot as a GIF. BMP may be too large and there is a 100KB attachment limit per post.

1. Nothing is blocked.

2. Attached image -- it's stored as monochrome bmp (I don't want to complicate matters by installing any new apps at this stage).

OK.....Let's see if your system is communicating with the DNS servers properly. Please follow my instruction in the previous message concerning the Left Pane.

Then, with Outpost running, open up your browser, try to load a couple of pages. What do you see in Established? Is your system able to contact the DNS servers? Please see attached pic.

1. Nothing is blocked.

2. Attached image -- it's stored as monochrome bmp (I don't want to complicate matters by installing any new apps at this stage).

Why the repeat message???

It is OK though.

I wanted you to try to look under Established items after trying to view a couple of web pages. Please read my previous threads.

By the way, what is your first name? If you do not want to give it, that is OK. You nick is too long for me to type each time. :)

Sorry about that. I posted the message once with the Firewall up and then again after it close.

I have selected everything in the left panel. Haven't !?

Try doing the following:

Go to your Outpost GUI and right click on the 'Ads' plugin.

Then UNCHECK 'block ads by image size'. Does this make a difference?

See attached pic.

My first name is Bill.

I think I've opened everything on the left panel now. Here's the establishment picture attachment.

Unchecking the block ads seems to work with some pages, not with others. I still have to switch OP on and off to use the forum.

Hi Bill,

If the suggestion that I oulined above for unchecking the 'block images by ad size' does not work, try the following. If you did not see that post yet, please read just above your last post.

1. Open the Outpost GUI and select the following from the menu. Options -> Plug-Ins Setup.

2. STOP, but DO NOT REMOVE, all of the plugins.

3. When finished stopping all plugins, try accessing the web agin.

Does this make a difference. If it does, we can re-enable each plugin one at a time to figure out which is causing your problem. At least we can eliminate the plugins as a potential cause of your problems with Outpost.

I hope that one of my two last posts here help you get somewhere. As for me, it is pretty late here and I need to get some rest before work tomorrow. But I would be happy to help you troubleshoot this problem tomorrow. In the meantime, Dmut or one of the other users may be able to continue the process with you. I will PM him.

Sorry about the difficulty that you are having with Outpost. Thanks for your patience and understanding. Some problems, like yours are more difficult than others. :)

Hello Bill
please read FAQ about making screenshots (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=3316) , use mspaint and save screens in JPG or GIF color format.

I need following screenshots from you:
1) Options/system/global rules/settings
2) Options/applications
3) Options/applications/IE rules

we going to gather all our experts gang to help you with your prob :)

Here are the requested .GIFs

Incidentally, I managed to reach the agnitum site this time without closing the Firewall, but I can't get anything else working.

Because you said "System information says that RNAAPP.EXE (Microsoft's dial-up networking is running I started thinking. I have DSL also and had a problem at one time similar. ( It kept trying to use dial-up.)

Try going to ( In IE) tools, internet options, connections. You will see about 1/2 way down "Never Dial a Connection". Make sure it is checked.
shut and restart your browser.
Let us know if that did it.
Chris

Hmm.. I can only post one picture at a time.

The rules image.

Originally posted by chrisclu
Because you said "System information says that RNAAPP.EXE (Microsoft's dial-up networking is running I started thinking. I have DSL also and had a problem at one time similar. ( It kept trying to use dial-up.)

Try going to ( In IE) tools, internet options, connections. You will see about 1/2 way down "Never Dial a Connection". Make sure it is checked.
shut and restart your browser.
Let us know if that did it.
Chris

I'm afraid not. It was already checked.

thanks for info, bill.
still haven't any helpfull ideas.

let's continue with screenshots.

please open your network settings, and make screenshot of dialog where network clients and protocols listed. i'ts possible that you are using some specific network equpment.

another request: your running processes list in taskmanager.

thanks, hope other mods coming here soon.

Running tasks is easy. You'll find these below.

I can't get the network picture as there are two many for a single screen.

ok, I see you are using rnaapp.exe, dial-up networking application, i dunno what is it but put it to trusted app list in OP.

and try to make screenshot about your network connections and devices, in hardware configuration dialog.

Network GIFs in two parts

I've put rnaapp.exe in the trusted apps list.

Bill,

1) If I understand you correctly - ie is very slow and outlook can not download messages and download only headers. Right?
2) If you switch to "Disable mode" (Option->Policy), does it help?
3) Do you have any other firewalls installed?
4) If you move ie and outlook to Trusted application (Options->Application), does it help?

Originally posted by Mikhail
Bill,

1) If I understand you correctly - ie is very slow and outlook can not download messages and download only headers. Right?
2) If you switch to "Disable mode" (Option->Policy), does it help?
3) Do you have any other firewalls installed?
4) If you move ie and outlook to Trusted application (Options->Application), does it help?

1) IE is very slow and sometimes can't download anything. Outlook finds the mail server, but doesn't download anything.
2) I'll try this when I switch OP back on -- I have to switch it off to read the forum.
3) No other firewalls. This is a clean install.
4) We've been down this route. No it doesn't make any difference.

Everything works just fine in Disable mode. Fast too.

For me it helped to add the ADSL ip range to the trusted zone, see http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=4362#post28567

Originally posted by JAgric
For me it helped to add the ADSL ip range to the trusted zone, see http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=4362#post28567

How would you go about doing that?

You need to have the pro version. Go to options, policy. trusted zone and ad the IP or IP range of your DSL server.

It might be useful to summarise this problem.

1. I'm running a plain vanilla Windows 98 system, from a fresh install.
2. There's no older Firewall software on this machine.
3. I'm conncting via ADSL. Without the firewall everything works fine.
4. Everything also works fine with the Firewall in disabled mode.
5. Otherwise traffic gets timed out. For example, if I read news with Outlook Express I get a server not responding message.
6. Switching off plug-ins makes little difference -- traffic still times out.
7. Trusting applications makes no difference.
8. OP is 1.0.1817.1645, the free version.

Does Outpost show two IP addresses in the tooltip when you hover over the icon with the mouse?

Originally posted by JAgric
Does Outpost show two IP addresses in the tooltip when you hover over the icon with the mouse?

No, just the one ip address.

Guys... do you think we're going to get this working, or should I look elsewhere for a Firewall?

I'm sorry to sound defeatist, but I'm really worried about the lack of protection on this system.

ok, then the 'trusted zone'-solution won't work for you as far as i understand.

I just looked at your running tasks list and rnaapp.exe is running.
It should definately not be. If you unchecked that "always dial a connection" Than (at least for now) go into msconfig and stop it form starting there. (This really smells funny as in trojan because there is no reason for rnaapp when you are on DSL. ( I've attached a screenshot of my runnning tasks)
If I use Dial-up I get rnaapp.exe - but only if I establish a dialup connection. Never while on DSL.
If you don't see rnaapp in msconfig, then go into your Windows\system folder and rename it so it can't start. (rnaapp.exe that is) If all works than we have to find what it is that is making it open. Who knows we might discover an unknown trojan.
Chris

What are the first two sets of numbers in the address.
Is it 192.168.x.x, 10.0.x.x, or something else?

Thanks Chris.

RNAAPP.EXE is definitely the comms application driving my ADSL connection. When I removed the program, I couldn't get a connection. Changing this for a better/different program might well be the answer. The problem is that I have no idea what settings to use in a different program.

Originally posted by root
What are the first two sets of numbers in the address.
Is it 192.168.x.x, 10.0.x.x, or something else?

You mean when I mouse over the OP icon?

I get: 203.103.x.x

OK at least thats a good Internet IP.

Obviously I'm using the software from my ISP out of the box.

What do you think about trying a different comms program? Is there one that would replace rnaapp.exe without being too disruptive?

I have an ADSL connection too and rnaap.exe in my tasks list without any problems. It is not listed in outpost.

Do you have a VPN connection? If so, what is the VPN server IP address? Double click the icon of the dialup connection in the dialup networking folder (connection should not be active yet - break connection first) to find out.

And what is your IP address? Find this by
- right-clicking the network neighborhood icon
- select properties.
- select the TCP/IP -> Ethernet card line and click "properties'.
- Your IP address should be listed there.

If you have these two IP addresses, these should be added to the trusted zone. You got to have the PRO version to do that, use the PRO 30 day trial version to test this.

If you don't have a VPN connection, then how are you connected with the ADSL provider?

Originally posted by JAgric
I have an ADSL connection too and rnaap.exe in my tasks list without any problems. It is not listed in outpost.

Do you have a VPN connection? If so, what is the VPN server IP address? Double click the icon of the dialup connection in the dialup networking folder (connection should not be active yet - break connection first) to find out.

And what is your IP address? Find this by
- right-clicking the network neighborhood icon
- select properties.
- select the TCP/IP -> Ethernet card line and click "properties'.
- Your IP address should be listed there.

If you have these two IP addresses, these should be added to the trusted zone. You got to have the PRO version to do that, use the PRO 30 day trial version to test this.

If you don't have a VPN connection, then how are you connected with the ADSL provider?

I think I'm using dial-up networking. There's no ethernet card. For protocols I've got:

NDISWAN -> Alcatel SpeedTouch USB ADSL PPP
TCP/IP -> dial-up adaptor

Use the IP of the USB adapter.

You should be able to find those IP addresses somewhere.

If you have the debug plugin installed, you should look in the "firewall" window. If it lists one line over and over again saying "rejected", this might be an indication of what the problem is. It might even show the IP addresses you need.

Right click the outpost system tray icon, click "debug" and select "FireWall".

Will probably have to download debug from here.
http://www.agnitum.com/download/OutpostDebugInstall.exe
It might give you some useful information.

I was doing my own testing earlier and loaded WinMX -- a p2p file sharing program on my system. This seems to work if I set it as a trusted application. It's the first program to let a decent amount of data through the firewall.

Does this information change anything?

Originally posted by MegaHertz
Use the IP of the USB adapter.

There's no IP address. In fact the property boxes are empty for just about everything in networking.

This might sound crazy, but could the fact that my USB ADL modem is connected via a USB hub have any effect on this?

I think what this is coming down to is there is an IP address for your modem, or ISPs lan or whatever is being used that has to be put in the trusted zone. I don't know enough to tell you how to find it. :(

I'm wary of posting my debug information in public -- given there's no protection right now.

However, I'm getting a very consistent picture. Just about every line ends with:

[FIN ACK] rejected by FFFFFFFC rejected by plugin 2 (0)

What does this mean?

Originally posted by root
I think what this is coming down to is there is an IP address for your modem, or ISPs lan or whatever is being used that has to be put in the trusted zone. I don't know enough to tell you how to find it. :(

My ISP assigns an IP address when I connect. Does this mean I would need to determine the IP address and then put it in the trusted zone each time I log on?

SFP,

This might sound crazy, but could the fact that my USB ADL modem is connected via a USB hub have any effect on this?
Not sure, but I know motorola recommends their cable modems be connected directly to the PC if possible. From personal experience I had nothing but problems when I used USB connectivity (50 others will probably tell you it works fine). My recommendation is if its possible get a network card (around $20) it really simplifies life. My other recommendation is if you can afford it I highly recommend a router (around $50 to $100 depending on several factors) it makes life even easier especially with DSL. They are getting relatively inexpensive and provide a good degree of security on their own.

Edit: Just remember when trouble shooting a problem with your PC nothing is out of the realm of possibilityy. :D

No, not that IP.
Plugin 2 is the attack detection module.
Save your configuration if you want to, because we are going to change it.
Go to options>plugins and "stop" every plugin.
Go to tools and clear all logs. Go to Options>applications and delete every application there, in all categorys.
Go to Options>system>global system rules> make sure inbound Ident is enabled. Make sure deny unknown protocols is not checked. Make sure allow DNS resolving is allowed. Allow gre and pptp and allow outgoing DHCP.
Reboot.
Try to surf with IE. You should get the popup. click ok for the preset rules. If you cannot surf, get a screenshot of the blocked log for me.
Please double check and make sure everything is as I asked.

Originally posted by root
No, not that IP.
Plugin 2 is the attack detection module.
Save your configuration if you want to, because we are going to change it.
Go to options>plugins and "stop" every plugin.

I'm about to reboot while I follow these instructions. Incidentally, all plugins were stopped (as per earlier instructions) so how come plugin 2 is rejecting everything?

Don't know but it shouldn't be.

Couldn't surf to my ISP's home page... I'm not entirly sure if the visits to Agnitum were affected by my cache or not.

You'll notice an entry for Norton Liveupdate which kicked in during the session.

I think those ALL-ROUTERS MCAS is telling us something. You are not communicating with that router and it has to be trusted.
I think you need to talk to your ISP and find out what the IP is that you need to allow access to.
Thats the only thing I can think of.

SFP,

Try adding ALL-ROUTERS.MCAST.NET (I think that is right) to trusted zone. You'll have to widen out you remote host column to make sure I got that right then test it. If that works then we can make a rule that tightens the access. Got to go for awhile I'll check back later though.

Edit: I had a problem similar to yours while trying to figure out how to get the VPN at work to work with OP. Seeing that block all activity to ALL-ROUTERS.MCAST.NET kinda sparked my memory. I'll have to check the rule-set when I get back to work on Friday.

HI root,
plug-in 2 is the main OP engine, not Attack Detection plug.

taken from filt.h, OP SDK:
#define ID_SYSTEM 0
#define ID_DPACKET 1
#define ID_FIREWALL 2
#define ID_TDI 3
#define ID_DNSCACHE 4
#define ID_HTTPFILT 5
#define ID_ADBLOCK 6
#define ID_HTMLFILT 7
#define ID_NAT 8
#define ID_POP3FILT 9
#define ID_NNTPFILT 10
#define ID_IMAPFILT 11
#define ID_MAILFILT 12
#define ID_CONTENT 13
#define ID_FTPFILT 14
#define ID_PROTECT 15

My ISP says it is using a layer 2 tunneling protocol to bypas the telecommunications carrier's own ADSL network. I suspect this might be the problem.

They can't give me an IP number yet -- I wonder why?

Ok, thanks Dmut. Got any ideas on this problem.
SFP, did you try MegaHertz suggestion?
I'm outa here for the night. Good luck with your ISP and getting us some help.

Spoke the ISP. They say that if I trust their server (presumably the first IP address on a trace route) then I'll just be opening my system to all internet traffic. In effect it disables the firewall. Is this right?

That sounds correct Bill. We need to find another solution. That is only my opinion though, unless anybody has any better ideas. Let me think about it. :)

Hi Bill,

I have just been reading this entire thread. And, I would like to try a couple of things. But, first as much as I hate to put you through this, could you please give me the following information about your current setup and then we will get started down a new path.

Are you running Outpost FREE or PRO now?

If it is PRO, do you currently have any IPs in Trusted IP section?

Are there any apps currently in Trusted or Blocked section under Options -> Applications?

Under your Global rules Options -> System, please indicate to me which of the items are NOT checked currently.

Under your Global rules Options -> System, please go to the ICMP settings and press Default.

Under Options -> Plug-ins Setup, please make sure that all plugins are STOPPED, but not removed.

Set your Outpost in whatever Policy you need to access the internet and after you answer the questions and complete ALL of the things above, reply back to me.

I know you have done these things in the past, but I have a few different ideas to try now once you follow the instructions above so that we have a good starting point.

I have my suspicions about other things and also a last resort option, but we will discuss that later. Get started Bill. :)

I installed the PRO version about an hour ago. There's nothing in the trusted ip section.

partially trusted apps (done through the rule wizard) are:

aupdrun.exe
iexplore.exe
outlook.exe
navapw.exe

rules are all ticked EXCEPT deny unknown protocols

Right now I'm using the disabled mode so I can use the forum without worries (I'm finding it sometimes works in rules mode -- but it's erratic).

When you installed pro, did you uninstall free first?

The reason that I say that is Uninstall Reinstall was one of the last options I was going to give to you. And, I have special procedures for this. It has helped many people.

Yes. I uninstalled and rebooted.

OK.....

My first idea.......maybe your network setup dislikes stealth.

Go go to Options -> System.

Under the heading Answer Type, change it from Stealth to Normal.

Click Apply

Click OK

Test your firewall in a policy like Rules Wizard to see if that helps.

I can't do anything in Rules Wizard Mode, in ALLOW MOST, things seem to work.

I deleted an earlier message that said things were getting through because they didn't get through. It was sent after I switched OP to disable mode.

OK, do not switch back to stealth for now. Stay with the Normal setting.

Go to Options -> System and then to the Global Rules Settings:

1. CHECK all rules beginning with the word 'Allow'

2. UNCHECK all rules beginning with the words 'Block' or 'Deny'.

3. Click Apply

4. Click OK

Can you get anything through in Rules Wizard after this?

OK...

One small email squeezed through Outlook.

Outlook Express timed out at the news server.

I managed to browse one page through IE... but it took about 3 minutes. I couldn't browse to another page.

This kind of squares with what I've been observing over the last few days. It looks like few kilobytes can sometimes squeeze through before everything stops. This time a bit more squeezed through.

Leaving all the settings the same.

Go to the ICMP settings under Options -> System and check all of the boxes.

If none of this works, I will help you get back to default settings.

Let me know what happens.

More mail came through Outlook. I'm hesitant, but this application might be working now.

Outlook Express still times out. The Blocked log shows the connection to the news server is stopped by the OP.

I managed to browse some web pages... a big improvment .. but this is patchy and extremely slow... much slower than with a 56k modem.

Bill,

The reason I made the suggestion i did earlier is because I have spent probably ten+ hours at work trying to get OP and our VPN software to play nice. I could only get it to work right after creating rules allowing the ALL-ROUTERS.MCAST.NET. Adding ALL-ROUTERS.MCAST.NET to trusted zone is the fastest way to see if that may be the resolution to your problem. If that solves or improves the situation we would remove ALL-ROUTERS.MCAST.NET from the trusted zone and create strict rules allowing access it.

Hi Bill,
Just back and catching up. You mentioned wondering if having the USB modem conection going through a USB hub might be the problem. I don't know but it is easy enough to check connect directly, bypassing the hub. I know USB is hot swappable but just for this time, power down first as you are dealing with network protocol.
Worth a try. At least it takes one more variable out of the way.
Chris

Hi Bill,

I am out of suggestions. I am happy that there seems to be an improvement. But, I think that we both have to admit that things still are not operating as they should. In my opinion, your efforts to work with us have been extraordinary and I appreciate it.

I am not satisfied with how Outpost is running for you. And, I have the following recommendations and comments if you have the time to try:

THE COMMENT
1. I have made a report to the developers outlining my concerns that your problem might be associated with the NDISWAN protocol bound to your adapter. And, I also asked if the USB network interface may be an issue. I will let you know as soon as I hear an answer. The reason this concerns me is because TCP/IP is bound to my internet adapter, not NDISWAN. I also saw a similar situation in another thread. I think we need to investigate this.

THE SUGGESTION
2. You can either wait until I get a definative answer from the developers. Or, if you have the time, patience, and motivation, you can visit this thread in the Outpost FAQ, print it out, and follow its directions EXACTLY. If you do this and it does not work, then my opinion is that we have no choice but to wait for the developers to comment.

Considering all that you have been through the last few days, I would respect any decision that you made at this point. Again, as far as the developers are concerned, I will let you know the moment I hear something back from them.

Or, you can try what Chris or Megahertz said while I was writing my previous reply. :) But, I want my opinion made clear on one thing. I am firmly against placing internet IPs in the Trusted IP section of any firewall IF it is possible to avoid. My opinion is that the only IPs that should ever be put in a Trusted IP section of a firewall are IPs reserved for Private Networks which will be IPs in these ranges.

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

Even then, I would ONLY put as few IPs as are necessary.

Hmmmm...

Putting ALL-ROUTERS.MCAST.NET in a trusted zone.

Some web traffic is still timing out, some is still very slow, web browsing is a lot better, but I don't think a Firewall should work like this.

I'll try bypassing the USB hub -- but in general I need a USB hub to handle all the gizmos attached to my machine. So that might fix things, but it's not really an answer.

So this is my plan. I'll wait to see what comes back from the developers -- and I'll see if I can comprehend the material in the FAQ.

If neither of these things work, then I'm going to try another firewall product -- but I want to come back to OP because I like it's approach. And there's something else, but I would prefer not to discuss it in a public forum.

Hi Bill,

Well, by now you are probably at least becoming knowledgable about all of the features of Outpost. If only it would work for you.

If it does come to you having to use another firewall, you might try a free version of one of the others. But, I hope that maybe we can find something out before that has to happen.

If you do decide to wait on Outpost, be sure to uninstall it according to my instructions in the FAQ. And, I would say that if you were to come back in the future, Version 1.1 will be the one to try.

Let's wait a couple more days and see if one of the developers comes back with anything. And, update us if you find anything that works for you in the meantime.

If I were you, I would probably set all of the Outpost settings back to default. You can re-enable the plugins also, because they are probably not the cause of your issues.

(David)
My opinion is that the only IPs that should ever be put in a Trusted IP section of a firewall are IPs reserved for Private Networks which will be IPs in these ranges.
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Bill, you could try to add these ranges to the trusted zone, just to see if this works.

J.

David
for my best knowledge:
not 10.0.0.0 - 10.255.255.255
but 10.0.0.0 - 10.0.0.255 is private network class A
10.1.0.0-10.255.255.255 is public IP's

@Bill: Could you download and install the Microsoft Dial-Up networking Update 1.4? The Alcatel may use two modes of operation PPPoE and PPPoA. If I recall correctly, one of these modes utilizes a tunnneling protocol (PP2P) which, in turn, needs a TCP control connection to port 1723 and GRE.

I am mentioning this because the MS-DUN 1.4 update is supposed to improve on PP2P stability (an improvement included also in the previous 1.3 update).

Download according to your Windows 98 Edition:

First Edition (http://www.microsoft.com/downloads/release.asp?releaseid=29412)
Second Edition (http://www.microsoft.com/downloads/release.asp?releaseid=29413)


I'll have another check on the Alcatel device in the meantime...

EDIT: Which keys exist in the Windows registry under HKLM\System\CurrentControlSet\Services\RemoteAcces s ?

And more things to answer/to-do :)

Which CPU is installed in your system? Speed?
Alcatel recently provided driver version 1.6 at their site. Is this the one you have? If not would you care to install it, AFTER reporting here the current version? Don't forget the MS_DUN update, of course.

Thanks Cos. You're the man!!:)
chris

Installed DUN upgrade.... no discernable effect with browsing.

I've attached an image of the registry showing the keys.

I'm running at Pentium II processor at 333Mhz.

(Yeah, I know, upgrade is overdue, but it's well inside the system requirements for OP).

I asked about my problem on a local ADSL site to see if other users of my ISP were experiencing difficulties. Here's one of the replies. Does this make sense?

I had exactly the same problem when I installed OzEmail aDSL. I could login and get maybe 50kb of data (although it took 5-10 mins). I disabled Norton Personal Firewall and all was well. After a little investigation, I found that the Firewall log was reporting that "Inbound IP Fragments" were being blocked. A quick check of the Norton website and I was able to go to the Firewall options and uncheck the "Block Fragmented IP Packets" option - problem solved.
I don't know about all the other firewall products you tried, but your description sounded very similar.

Yes that helps.
Lets try something.
Go to the Program files\Agnitum\Outpost Firewall1 directory. Save a copy of the protect.lst file to a safe directory.
Now open protect.lst with notepad and scroll down to where you see:
# This is the minimum fragment size for the
# PROTECT_ENABLE_SHORT_FRAGMENTS_DETECT. Fragments (excluding the last one in
# a packet) smaller than T7 will be considered an attack.
T7=128

# During the time, T8 the plug-in will try to assemble packets from fragments.
# After the time T8 has been exceeded the plug-in will abort the task.
T8=50
Write down the default values for T7 and T8. Now I'm just guessing but try doubling the values of T7 and T8. Save the file. see if that works. If not keep taking the numbers of T7 and T8 up until you get results or it gets rediculous.
Lets hopw this works.
Don't forget to save the file after each change.

hi Bill, root.
Bill, try root's suggestion, if it would not helps you, backup and delete regkey HKEY_LOCAL_MACHINE\SOFTWARE\Agnitum\Outpost Firewall\KernelPlugIns\10 - it's kernel part of attack detection plugin, it may cause blocking.
please report your success

I'm up to T7=1024 and still going, my guess is that 2048 is too big. What do you think?

I just really don't know. Have you been increasing T8 at the same time?
Also, maybe quicker to try Dmuts suggestion.
I feel like we are so close here.

I'm up to t7=2048 and t8=800.

It looks like more traffic is getting through, Outlook seems to work now, but not Outlook Express or Internet Explorer. Does this pass your reality check?

I've also taken out the regkey. Can't say I've noticed much difference.

BTW. I've been rebooting between various actions. Is this neccessary?

I'd say just keep going up until it works. We can find out some more answers later. Can't see how you're hurting anything, but we will have to learn about the security implications.
Right now the boss says its time for bed. :)

Originally posted by stupidfatperson
BTW. I've been rebooting between various actions. Is this neccessary? That's not neccesary if you didn't installing/reinstalling OP. Restarting outpost is suitable for most cases.
sorry, i'm out of ideas. let's wait for Cosmos and Muchod responces, they are guru.

@Bill have you installed the Alcatel update?

BTW, the reason I asked for your CPU was that certain ATM functions of this ADSL modem (according to an Alcatel FAQ) are carried out by your CPU, just like a winmodem does. In addition to a firewall presence, this might mean that packets are lost (i.e. not processed), which might partially explain why this happens, that is: enable Outpost and the extra CPU overhead causes the system to lose packets, disable Outpost and you are cruising ok.

Please increase T7 to a value above 10000 (12000 for example) and T8 accordingly. Any change?

I think that we are onto something here now. Bill, please disregard the changes into T7 and T8 posted earlier. Instead:

please enable Outpost then open a command window and type:
ping -f -l 1472 yahoo.com
If you receive a message Packet needs to be fragmented but DF set., retry the previous command with a smaller value by 16 bytes. That is the next value to be tried would be 1460. Repeat this procedure until you no longer receive the same message. Proceed to the next step.
For which value of the ping command did you obtain a different result? Please post it here.

Originally posted by cosmos
@Bill have you installed the Alcatel update?


Yes, I downloaded and installed the latest update earlier this week. That's a bit of a worry about the modem/processor business. I was hoping this PC would last until September.

Changing those other numbers now... though I think it might be time to reboot...OP disappeared but I don't think I closed it down properly.

You posted at the same time as my very last post so I suspect that the latter one passed unnoticed. Could you have a look at it?

Originally posted by cosmos
I think that we are onto something here now. Bill, please disregard the changes into T7 and T8 posted earlier. Instead:

please enable Outpost then open a command window and type:
ping -f -l 1472 yahoo.com
If you receive a message Packet needs to be fragmented but DF set., retry the previous command with a smaller value by 16 bytes. That is the next value to be tried would be 1460. Repeat this procedure until you no longer receive the same message. Proceed to the next step.
For which value of the ping command did you obtain a different result? Please post it here.


Yes, I did miss this.

With OP not installed, the ping works fine.

With OP in rule wizard mode I just get the request timed out message.

it works fine in allow most mode

er... I'm assuming that second char after ping is a lower case L.

Don't know if it helps, but I get the Packet needs to be fragmented but DF set message if the number goes up 16 bytes.

Originally posted by stupidfatperson
With OP not installed, the ping works fine.

With OP in rule wizard mode I just get the request timed out message.

it works fine in allow most mode

I understand. What I am suggesting is to enter the rules wizard mode and then follow the procedure outlined in steps 1-3 above. You should be able to find a smaller ping value for which you get a normal ping response, instead of the Packet needs to be fragmented but DF set message. Which is this ping value?


er... I'm assuming that second char after ping is a lower case L.
Indeed! :) When in doubt, just copy/paste ;)

I don't.

In rules wizard mode all I get is Request timed out .

Even if you try a very small ping value (like 16)?

That gets through.

I get a ping response at 1456.

But I don't see the Packet needs to be fragmented but DF message.

Originally posted by stupidfatperson
I get a ping response at 1456.

But I don't see the Packet needs to be fragmented but DF message.
That's what I call "Thanks God" :p

I assume that you are both a) operating Outpost in rules-wizard and b) that any other value above produces time-outs.

Is this correct?

Yes.

We shall try to set the Maximum Transmission Unit to the value of 1456. To do that, we have to figure out which adapter should be modified.

Open the registry and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Class\NetTrans\

How many 000x branches exist there?

Additionally, please enter ipconfig /all > result.log in a dos command window and attach the log file in your reply.

Five branches (0000 to 0004).

Log attached.

Originally posted by stupidfatperson
Five branches (0000 to 0004).


Log attached.
Seems its ethernet adapter #1 is the one that has to be searched in the registry. How can one go about locating it? Well, try this:

Open the network control panel and locate the TCP/IP properties which indicate that the IP address should be given automatically.
Instead of an automatic address, enter here 1.2.3.4, with a subnet mask of 255.255.255.0. Press ok to exit the panel and enter yes when prompted for a reboot.
After the reboot go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
es\Class\NetTrans\
Search for 1.2.3.4 in the 0000-0004 branches.
When the branch which contains 1.2.3.4 is found, search for a key named MaxMTU. If one exists, enter 1456 there. Otherwise, create a string key MaxMTU and enter 1456 as its value.
Reboot.
Go to control panel and change from a manual IP address setup to an automatic one.
Reboot.


Any changes?

It's hard to say whether that worked or not.

I managed to surf to the agnitum web site, but couldn't open my ISP's page. Some Outlook Express traffic squeezed through, but it has stopped now and keeps timing out. Outlook couldn't download.

On the other hand, the OP log doesn't show much traffic as being blocked -- in contrast to before.


To save time, I've sent a picture of my registry. Is this what you expected to see?

Instead of a screenshot, try this: with regedit open and the 0001 branch selected on the left pane, select File->Export (if I remember correctly) and then save only the 0001 branch as a *.reg file. Zip it and post it here, ok?

Here it is....

I've got to leave this for tonight now, but I'll be here in about 11 hours time.

Instead of trying to fiddle with MTU directly by modifying the registry, download Dr.TCP (http://www.dslreports.com/front/drtcp.html), install and run it and enter the 1456 value manually.

Result?

Strike my last post out... I have attached in this one a zipped registry file that you should merge into your registry after removing the MaxMTU key you have created, because it is incorrect.

EDIT: The previous attachment was incorrect, correct attachment follows in next post... Sorry for this one :(

Correct registry

Please

1) remove everything from Trusted Zone
2) reproduce the bug "everything is very slow" OR "my ISP homepage is blocked"
4) Press "Report a bug" from Outpost icon in systray.
5) Attach URL of this therad in automatically generated bug report.
6) Please mention what site is very slow or what page is blocked.

Thank you

Mikhail, I would suggest to try and import the attached registry file I created first, if that is not a problem. I feel we are very close to a solution.

Sure, Cosmos. I just wanted to make Outpost run on every configuration, without need to change anything in registry

I agree! Yet it is not certain whether it is Outpost's (or any other FW's for that matter) fault, for that matter.

Check this: http://www.cisco.com/warp/public/794/router_mtu.html

Hi...

I made the registry change and things still don't get through. There is a difference -- almost nothing appears in the blocked file.

Originally posted by Mikhail

4) Press "Report a bug" from Outpost icon in systray.

Thank you

I don't see this.

I don't see this.
hi bill
did you install debug plugin (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=978)?
right-click on OP tray icon, then select "report a bug"

Ah, I lost the debug plug-in when I switched from the free version of OP to the Pro version.:)

Was this issue ever resolved? I have similar symptoms...

metryc, welcome to the forum!

If you have similar symptoms then please start new thread.