8Signs PC Firewall Problem

G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

First let me say that 8Signs PC Firewall is AWESOME!!!
Just one little thing about it bugs the heck out of me.

First a little understanding of my network setup...

PC2
PC3 <--> Switch <--> PC1 <--> Cable Modem
PC4

All PCs are Pentium III 500s or faster with at least 128 Megs Of
Memory or more.
Chipsets are either Intel or Via.
Network Adapters: PC1 WAN Linksys LNE100TX v4, LAN Compaq Netelligent
10/100TX
PC2 LAN Realtek RTL8139A
PC3 LAN Linksys LNE100TX v2
PC4 LAN Realtek RTL8139A
WAN Realtek RTL8139A (NOT CONNECTED)
All Network Adapters are running 100 Mbs FullDuplex
My hardware is pretty generic. I don't have any dells or compaqs or
E-Machines, or any weird computers.
All PCs are running Windows 2000 Professional SP4.
PC1 is using Internet Connection Sharing to share the internet
connection.
PC1 is also running 8Signs PC Firewall V2.2a
PC1 also has a Proxy Server Running, Proxy+ 3.0.
All downloads are done using Internet Explorer 6.0 SP1 with the latest
critical update, Q832894.

The Problem...

If I try to download anything from PC2, PC3 or PC4, via Http or Ftp,
it starts to do it for a second but then it just slows down to a crawl
and hangs and does a little more and hangs and then some more and
hangs and flip flops between 20KBytes/s and 80KB/s. That's about as
clear as I can put the problem.

Variations...

If I download the samething from PC1, Blazingly Stupidly Fast as
aways, 350KB/s.
If I turn 8 Signs PC Firewall Off, Blazingly Stupidly Fast.
If I set PC2, 3 or 4 to go through the Proxy Server, Blazingly
Stupidly Fast.
If I have the firewall ON but tell it to allow all traffic, it's a
setting and not me making a rule to allow all traffic, Blazing
Stupidly Fast.
If I have the firewall ON but make a rule to ALLOW ALL TRAFFIC, Slows
down to a crawl.

So when ever the firewall is running and is set to filter the packets,
I have the problem.
I was running Conseal PC Firewall before on PC1, never had a problem.

Things I have tried...

As listed above PC4 has 2 Realtek Network Cards in it. So I put 8Signs
PC Firewall on that computer and set that computer to share the
internet connection. SAME PROBLEM. So it's not my hardware. 2
different machines with differnet network card manufactures have the
same problem.

Now I have played with my
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
settings. Such as TCP Window Size, MTU, MTU Discovery, MTU Black Hole
Detect and many others. I got a whole list of them from a german
website. I've been having fun and I don't speak german but had google
translate the website for me.

http://translate.google.com/translate?u=http%3A%2F%2Fwww.synapse.de%2Fregcheck%2Fger%2Fregistry%2Fwin-2000%2Froot%2Fhkey_local_machine%2Fsystem%2Fcurrentcontrolset%2Fservices%2Ftcpip%2Fparameters%2F&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&safe=off&prev=%2Flanguage_tools

And I've been to the microsoft website and many many others.

My point being, no matter how I set things, I can't improve the
performance of the clients when downloading off of the internet. I can
only retard their performance and make them worse. I get maximum
performance if I just return all my registry settings to there normal
defaul settings, which I have done and just leave them alone.

I have also ran Performance from Administrative Tools in Windows 2000
on PC1 and set it to show me all errors in either IP, TCP or UDP. I
tried to download something again from a website. Well I still had the
same problem, BUT, no errors were popuping up, everything was still at
zero. (Alot of help that was.)

I should say (IMPORTANT) that I can go to the www.nasa.gov website and
watch the nasa channel online no problem. I can also go to any website
no problem. I can play shockwave games no problem AND I can download
small 1 meg or less programs no problem.

CONCLUSIONS...

The problem seems to come into play when my network speed exceeds
200KB/s. It is almost as if, the computer isn't fast enough to filter
the packets in realtime. I though of that. I check the Windows 2000
Task Manager which monitors CPU usage on PC1. No matter what I did, as
long as I left PC1 alone and just surfed the net from PC2, 3 or 4, the
CPU usage never went about 12%. I've got power to spare. It's not a
computer speed problem.

There is a problem with transferring the packets at 200KB/s or greater
from the WAN Adapter, through the packet filter, and out the LAN
adapter. But it's not because the computer isn't fast enough or
because there's a compatibility problem with the 2 network adapters
since I ran 8Signs on PC4 and had the same problem.

I was wondering if it's buffer problem, as in the buffer on the lan
adapter is being overrun and needs to be enlarged. I know a great deal
about computers but when we get into things like the guts of the
operating system I begin to deal with things that I have no idea what
they are. So I don't even know if such a buffer even exists or where
to find it. For all I know it goes from the WAN Buffer to the 8Signs
Buffer to the Lan Buffer and it's the 8Signs buffer that needs to be
enlarged.

I was also wondering if there's a way to put a waitstate into the flow
of packets thru PC1. The computer is trying to flow the packets on
thru as quickly as possible and maybe that's the problem, if things
were a bit slower, maybe I wouldn't have the problem. I realize this
would slow down my overall KB/s but since I average 350 KB/s, I think
I can afford to loose a few. I have played with my MTUs and TCP Window
Size to accomplish this but realized this is the wrong way to go about
it.

So any ideas, anyone has, would be GREATLY apprecited.
I am also open to the idea of using a DIFFERENT firewall, as long as I
can make rules for 2 different network adapters, and can make rules by
either IP address, Port Number or Protocol and I would prefer it, if
it didn't do application filtering, I would be welcome to any
alternative firewall suggestions anyone has.

I have tried Kerio, I like it alot, I couldn't get it to allow
anything through so I scrapped it and went to 8signs. Hey, if somebody
would want to tell me how to get Kerio to work, that would be fine
too.

Just point me in a direction, give me a clue, that's all I ask.

mrsimpleton
PS. Don't email me since Angelfire is going out of business and I
haven't got a new email address yet. Thank You.
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

mrsimpleton@angelfire.com (mrsimpleton) wrote in
news:d8dea9e6.0404131938.684ce173@posting.google.com:

> First let me say that 8Signs PC Firewall is AWESOME!!!
> Just one little thing about it bugs the heck out of me.
>
> First a little understanding of my network setup...
>
> PC2
> PC3 <--> Switch <--> PC1 <--> Cable Modem
> PC4
>
> All PCs are Pentium III 500s or faster with at least 128 Megs Of
> Memory or more.
> Chipsets are either Intel or Via.
> Network Adapters: PC1 WAN Linksys LNE100TX v4, LAN Compaq Netelligent
> 10/100TX
> PC2 LAN Realtek RTL8139A
> PC3 LAN Linksys LNE100TX v2
> PC4 LAN Realtek RTL8139A
> WAN Realtek RTL8139A (NOT CONNECTED)
> All Network Adapters are running 100 Mbs FullDuplex
> My hardware is pretty generic. I don't have any dells or compaqs or
> E-Machines, or any weird computers.
> All PCs are running Windows 2000 Professional SP4.
> PC1 is using Internet Connection Sharing to share the internet
> connection.
> PC1 is also running 8Signs PC Firewall V2.2a
> PC1 also has a Proxy Server Running, Proxy+ 3.0.
> All downloads are done using Internet Explorer 6.0 SP1 with the latest
> critical update, Q832894.
>
> The Problem...
>
> If I try to download anything from PC2, PC3 or PC4, via Http or Ftp,
> it starts to do it for a second but then it just slows down to a crawl
> and hangs and does a little more and hangs and then some more and
> hangs and flip flops between 20KBytes/s and 80KB/s. That's about as
> clear as I can put the problem.
>
> Variations...
>
> If I download the samething from PC1, Blazingly Stupidly Fast as
> aways, 350KB/s.
> If I turn 8 Signs PC Firewall Off, Blazingly Stupidly Fast.
> If I set PC2, 3 or 4 to go through the Proxy Server, Blazingly
> Stupidly Fast.
> If I have the firewall ON but tell it to allow all traffic, it's a
> setting and not me making a rule to allow all traffic, Blazing
> Stupidly Fast.
> If I have the firewall ON but make a rule to ALLOW ALL TRAFFIC, Slows
> down to a crawl.
>
> So when ever the firewall is running and is set to filter the packets,
> I have the problem.
> I was running Conseal PC Firewall before on PC1, never had a problem.
>
> Things I have tried...
>
> As listed above PC4 has 2 Realtek Network Cards in it. So I put 8Signs
> PC Firewall on that computer and set that computer to share the
> internet connection. SAME PROBLEM. So it's not my hardware. 2
> different machines with differnet network card manufactures have the
> same problem.
>
> Now I have played with my
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
> settings. Such as TCP Window Size, MTU, MTU Discovery, MTU Black Hole
> Detect and many others. I got a whole list of them from a german
> website. I've been having fun and I don't speak german but had google
> translate the website for me.
>
> http://translate.google.com/translate?u=http%3A%2F%2Fwww.synapse.de%2Fr
> egcheck%2Fger%2Fregistry%2Fwin-2000%2Froot%2Fhkey_local_machine%2Fsyste
> m%2Fcurrentcontrolset%2Fservices%2Ftcpip%2Fparameters%2F&langpair=de%7C
> en&hl=en&ie=UTF-8&oe=UTF-8&safe=off&prev=%2Flanguage_tools
>
> And I've been to the microsoft website and many many others.
>
> My point being, no matter how I set things, I can't improve the
> performance of the clients when downloading off of the internet. I can
> only retard their performance and make them worse. I get maximum
> performance if I just return all my registry settings to there normal
> defaul settings, which I have done and just leave them alone.
>
> I have also ran Performance from Administrative Tools in Windows 2000
> on PC1 and set it to show me all errors in either IP, TCP or UDP. I
> tried to download something again from a website. Well I still had the
> same problem, BUT, no errors were popuping up, everything was still at
> zero. (Alot of help that was.)
>
> I should say (IMPORTANT) that I can go to the www.nasa.gov website and
> watch the nasa channel online no problem. I can also go to any website
> no problem. I can play shockwave games no problem AND I can download
> small 1 meg or less programs no problem.
>
> CONCLUSIONS...
>
> The problem seems to come into play when my network speed exceeds
> 200KB/s. It is almost as if, the computer isn't fast enough to filter
> the packets in realtime. I though of that. I check the Windows 2000
> Task Manager which monitors CPU usage on PC1. No matter what I did, as
> long as I left PC1 alone and just surfed the net from PC2, 3 or 4, the
> CPU usage never went about 12%. I've got power to spare. It's not a
> computer speed problem.
>
> There is a problem with transferring the packets at 200KB/s or greater
> from the WAN Adapter, through the packet filter, and out the LAN
> adapter. But it's not because the computer isn't fast enough or
> because there's a compatibility problem with the 2 network adapters
> since I ran 8Signs on PC4 and had the same problem.
>
> I was wondering if it's buffer problem, as in the buffer on the lan
> adapter is being overrun and needs to be enlarged. I know a great deal
> about computers but when we get into things like the guts of the
> operating system I begin to deal with things that I have no idea what
> they are. So I don't even know if such a buffer even exists or where
> to find it. For all I know it goes from the WAN Buffer to the 8Signs
> Buffer to the Lan Buffer and it's the 8Signs buffer that needs to be
> enlarged.
>
> I was also wondering if there's a way to put a waitstate into the flow
> of packets thru PC1. The computer is trying to flow the packets on
> thru as quickly as possible and maybe that's the problem, if things
> were a bit slower, maybe I wouldn't have the problem. I realize this
> would slow down my overall KB/s but since I average 350 KB/s, I think
> I can afford to loose a few. I have played with my MTUs and TCP Window
> Size to accomplish this but realized this is the wrong way to go about
> it.
>
> So any ideas, anyone has, would be GREATLY apprecited.
> I am also open to the idea of using a DIFFERENT firewall, as long as I
> can make rules for 2 different network adapters, and can make rules by
> either IP address, Port Number or Protocol and I would prefer it, if
> it didn't do application filtering, I would be welcome to any
> alternative firewall suggestions anyone has.
>
> I have tried Kerio, I like it alot, I couldn't get it to allow
> anything through so I scrapped it and went to 8signs. Hey, if somebody
> would want to tell me how to get Kerio to work, that would be fine
> too.
>
> Just point me in a direction, give me a clue, that's all I ask.
>
> mrsimpleton
> PS. Don't email me since Angelfire is going out of business and I
> haven't got a new email address yet. Thank You.
>

After all of this looooooooooong verbiage, you can get a cheap $20.00 NAT
router as the gateway for the LAN and WAN and use IPsec that's on the Win
2K, XP and Win 2K3 O/S to supplement the router on inbound or outbound
by port, protocol, IP, DNS and subnet and be done with it. :) And IPsec
doesn't have application filtering.

http://www.homenethelp.com/web/explain/about-NAT.asp

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

You can implement the AnalogX template base Secpol on the machines and
you're on your way. And you can make any additional rules you like.

You may want to visit the Win 2K *Protecting against Denial of Service
Attacks* section in the link, instead of trying to make registry settings
to speed things up. :)

http://www.uksecurityonline.com/index5.php

Duane :)
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

I FIXED IT!!!
After about trying 200 different things, pulling my hair out, and
swearing,
I can proudly say...

I FIXED IT!!!

And I suppose somebody wants to know what it was I finally did...

There's a thing called Stateful Inspection. It inspects packets for
the different states they could be in. Are they coming or going or
returning from a round trip.

I noticed on a different menu under configuration, 3 settings with
check boxes next to each... (Each Network Adapter has this menu)

Allow Traffic
Filter Traffic
Stateful Inspection
Block Traffic

I knew that if it's set to Allow Traffic I don't have the problem but
Allow Traffic doesn't have Stateful Inspection. Only Filter does. And
I only had this problem on the clients and not on the server itself.
So I turned Stateful Inspection off for the lan adapter and left it on
for the wan adapter.

AND WALLA, PROBLEM BE GONE!!! YAY!!!

mrsimpleton
 

Similar threads


ASK THE COMMUNITY