Sygate blocking DHCP from starting

I a running Sygate Personal Firewall Pro version 5.0 on WinXP Pro.

After booting, I cannot connect to the network. The DHCP client
won't start.

Sygate's traffic log shows it is blocking incoming UDP packets from
10.82.32.1: 67 going to 255.255.255.255: 68.

How do I get Sygate to permit these incoming UDP packets?

Thanks.



BACKGROUND INFO:

I uninstalled and re-installed Sygate. And I have permitted every
popup window from Sygate asking permission.

Problem still remains if I disable all setting in Sygate > Options >
Security tab.

I have got no advanced rules set.

In the traffic log, Sygate says the rule name used is "Block_all".
But I can't find this.

Piotr Makley

Piotr Makley <> wrote in news:94A3558BD959D31E75@
127.0.0.1:

> I a running Sygate Personal Firewall Pro version 5.0 on WinXP Pro.
>
> After booting, I cannot connect to the network. The DHCP client
> won't start.
>
> Sygate's traffic log shows it is blocking incoming UDP packets from
> 10.82.32.1: 67 going to 255.255.255.255: 68.
>
> How do I get Sygate to permit these incoming UDP packets?

What does Sygate have to do with the DHCP service not starting on a NT
base O/S? Unless you went to the DHCP service and disabled the service,
then most likely DHCP service is running on the machine.

It doesn't appear that the machine doesn't have an invalid TCP/IP
connection to the Internet, based on your statement that inbound UDP
packets are being blocked by Sygate from 10.82.32.1.

I don't know what your problem is, but it has nothing to do with the DHCP
service and Sygate.

If Sysgate is blocking the UDP packets, then it's doing its job in
stopping unsolicted inbound traffic to the machine.

You can use the link to determine who the IP belongs to.

http://www.arin.net/

You'll see that it belongs to this.

http://en.wikipedia.org/wiki/IANA

Duane

Duane Arnold

Duane Arnold <> wrote:

> Piotr Makley <> wrote in
>
>> I a running Sygate Personal Firewall Pro version 5.0 on WinXP
>> Pro.
>>
>> After booting, I cannot connect to the network. The DHCP
>> client won't start.
>>
>> Sygate's traffic log shows it is blocking incoming UDP packets
>> from 10.82.32.1: 67 going to 255.255.255.255: 68.
>>
>> How do I get Sygate to permit these incoming UDP packets?



> What does Sygate have to do with the DHCP service not starting
> on a NT base O/S? Unless you went to the DHCP service and
> disabled the service, then most likely DHCP service is running
> on the machine.

I am not very familiar with networks and firewalls. Guess my hunche
was wrong.



> It doesn't appear that the machine doesn't have an invalid
> TCP/IP connection to the Internet, based on your statement that
> inbound UDP packets are being blocked by Sygate from 10.82.32.1.

What I did was key in the "IP address" value and "default gateway"
values by hand into the TCP/IP properties window for my LAN adaptor.

For some reason, DHCP service will not run on my XP system even if I
try to start it manually. It says "Error 1068: The dependency
service or group failed to start".

In the dependencies tab I can see this tree structure:

--------START-----------
AFD Networking Support Environment

NetBT
SYMTDI
TCP/IP Protocol Driver
IPSEC Driver
TCP/IP Protocol Driver
IPSEC Driver

SYMTDI
TCP/IP Protocol Driver
IPSEC Driver

TCP/IP Protocol Driver
IPSEC Driver
----------END-------------

I assume that DHCP needs to be running to get my system working
properly again for when the IP address next gets changes by the
network.

In actual fact, even after keying the IP addresses by hand and
rebooting it didn't work. I then ran the Network Setup Wizard in
Network Connections and this seemed to get something to work.



> I don't know what your problem is, but it has nothing to do with
> the DHCP service and Sygate.
>
> If Sysgate is blocking the UDP packets, then it's doing its job
> in stopping unsolicted inbound traffic to the machine.
>
> You can use the link to determine who the IP belongs to.
> http://www.arin.net/
>
> You'll see that it belongs to this.
> http://en.wikipedia.org/wiki/IANA

Sounds like it is to do with DHCP? Or not? Hey, I'm getting lost.
Any further info would be appreciated.

Piotr Makley

Piotr Makley <> wrote in news:94A38D90A3F0D31E75@
127.0.0.1:

> Duane Arnold <> wrote:
>
>> Piotr Makley <> wrote in
>>
>>> I a running Sygate Personal Firewall Pro version 5.0 on WinXP
>>> Pro.
>>>
>>> After booting, I cannot connect to the network. The DHCP
>>> client won't start.
>>>
>>> Sygate's traffic log shows it is blocking incoming UDP packets
>>> from 10.82.32.1: 67 going to 255.255.255.255: 68.
>>>
>>> How do I get Sygate to permit these incoming UDP packets?
>
>
>
>> What does Sygate have to do with the DHCP service not starting
>> on a NT base O/S? Unless you went to the DHCP service and
>> disabled the service, then most likely DHCP service is running
>> on the machine.
>
> I am not very familiar with networks and firewalls. Guess my hunche
> was wrong.
>
>
>
>> It doesn't appear that the machine doesn't have an invalid
>> TCP/IP connection to the Internet, based on your statement that
>> inbound UDP packets are being blocked by Sygate from 10.82.32.1.
>
> What I did was key in the "IP address" value and "default gateway"
> values by hand into the TCP/IP properties window for my LAN adaptor.
>
> For some reason, DHCP service will not run on my XP system even if I
> try to start it manually. It says "Error 1068: The dependency
> service or group failed to start".
>
> In the dependencies tab I can see this tree structure:
>
> --------START-----------
> AFD Networking Support Environment
>
> NetBT
> SYMTDI
> TCP/IP Protocol Driver
> IPSEC Driver
> TCP/IP Protocol Driver
> IPSEC Driver
>
> SYMTDI
> TCP/IP Protocol Driver
> IPSEC Driver
>
> TCP/IP Protocol Driver
> IPSEC Driver
> ----------END-------------
>
> I assume that DHCP needs to be running to get my system working
> properly again for when the IP address next gets changes by the
> network.
>
> In actual fact, even after keying the IP addresses by hand and
> rebooting it didn't work. I then ran the Network Setup Wizard in
> Network Connections and this seemed to get something to work.
>
>
>
>> I don't know what your problem is, but it has nothing to do with
>> the DHCP service and Sygate.
>>
>> If Sysgate is blocking the UDP packets, then it's doing its job
>> in stopping unsolicted inbound traffic to the machine.
>>
>> You can use the link to determine who the IP belongs to.
>> http://www.arin.net/
>>
>> You'll see that it belongs to this.
>> http://en.wikipedia.org/wiki/IANA
>
> Sounds like it is to do with DHCP? Or not? Hey, I'm getting lost.
> Any further info would be appreciated.


It sounds like a bad installation of the O/S.

If you have the install CD, you can do an upgrade over the top of the
existing O/S to see if that corrects the situation. It will not cause any
exiting programs on the machine to fail. You'll need to apply the SP and
Hot fixes again.

You should have an O/S that is fully functional, IMHO.

It may come down to doing a fresh install of the O/S as the final
solution.

Search Google and the MS Knowledge Base for possible solutions.

Duane

Duane Arnold

Piotr Makley wrote:
>
> Duane Arnold <> wrote:

> > I don't know what your problem is, but it has nothing to do with
> > the DHCP service and Sygate.

Oh yes, that's *is* the very problem...

> > If Sysgate is blocking the UDP packets, then it's doing its job
> > in stopping unsolicted inbound traffic to the machine.

It isn't unsolicited... see below.

> > You can use the link to determine who the IP belongs to.
> > http://www.arin.net/
> >
> > You'll see that it belongs to this.
> > http://en.wikipedia.org/wiki/IANA

No, the address range 10.0.0.0/8 is the old Arpanet allocation that is
now free for everyone's private use.

> Sounds like it is to do with DHCP? Or not? Hey, I'm getting lost.
> Any further info would be appreciated.

In case you don't know how DHCP works, here's a summary:

1. The new host sends a DHCP solicitation to port 67
This goes to the broadcast address 255.255.255.255, because the new host
doesn't know where DHCP servers are located. The sending address is
0.0.0.0 (= "no address").

2. The DHCP servers respond with an advertisement to port 68
There may several responders. The responses come to the broadcast
address 255.255.255.255, because the new host doesn't have a unicast
address yet.

3. The new host selects a DHCP server and send it a DHCP request
This one is from 0.0.0.0 to the unicast address of the selected server,
port 67.

4. The server responds with configuration parameters
IP addres, default router address, DNS server address, and some other
useful things.

Obviously your problem is that the firewall won't let through the second
message, and you won't get the configuration parameters. The message is
quite legitimate. Even the address matches: it is very common to
configure the lowest non-zero address of the subnet to the uplink
router, which also runs the DHCP service. In your case it is 10.0.0.1.

I'm not familiar with Sygate configuration. If it is smart enough, it
should detect the DHCP solicitation and open a pinhole for the response
automatically. Otherwise you have to open a permanent pinhole for UDP:68
coming from 10.0.0.1.

-- Lassi

Lassi =?iso-8859-1?Q?Hippel=E4inen?=

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Piotr Makley wrote:
>After booting, I cannot connect to the network. The DHCP client
>won't start.

I've had the same problem with SPF 5.5. For that reason I tried several
other firewalls. None were good for me so I downloaded the latest SPF and
reinstalled it. Problem went away.

I poked around the SPF forums a bit and found that I wasn't the only one
that had had the problem, but it seemed the latest build (2525) sorted it,
or just uninstalling/rebooting/reinstalling did.

Since you're running Pro 5.0 the above may or may not be applicable. But
based on their website it seems rather like 5.5 is a free upgrade within
the 5.x series so have a look and see if that helps you out.

Either way, waiting a few minutes (2-3 maybe) after logging in, then doing
a manual ipconfig /renew should get you online.


- --
Frode

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQEnhE+XlGBWTt1afEQIooQCcCZdqY1gDpJh0zVfxhmljTb 7RPtMAn1FB
9/r1Eyu+d5iYh3D0p2IfWACm
=NDDA
-----END PGP SIGNATURE-----

Frode

>
> Obviously your problem is that the firewall won't let through the second
> message, and you won't get the configuration parameters. The message is
> quite legitimate. Even the address matches: it is very common to
> configure the lowest non-zero address of the subnet to the uplink
> router, which also runs the DHCP service. In your case it is 10.0.0.1.
>
> I'm not familiar with Sygate configuration. If it is smart enough, it
> should detect the DHCP solicitation and open a pinhole for the response
> automatically. Otherwise you have to open a permanent pinhole for UDP:68
> coming from 10.0.0.1.
>

I don't know that much about Sygate. If Sygate is a stateful FW application
and I think that it is, then it should let the traffic through. That's
unless Sygate's IDS views the inbound traffic as some kind of threat and is
instructing the FW to block the traffic.

AS for the DHCP service not starting, the OP should disconnect from the
Internet and disable Sygate and make sure the machine doesn't have any
problems with the DHCP service not starting due to a possible bad install
of the O/S.

Duane

Duane Arnold

In article <Xns94A49FE4C14C6darnold92insightbbco@216.148.227. 77>,
says...
: >
: > Obviously your problem is that the firewall won't let through the second
: > message, and you won't get the configuration parameters. The message is
: > quite legitimate. Even the address matches: it is very common to
: > configure the lowest non-zero address of the subnet to the uplink
: > router, which also runs the DHCP service. In your case it is 10.0.0.1.
: >
: > I'm not familiar with Sygate configuration. If it is smart enough, it
: > should detect the DHCP solicitation and open a pinhole for the response
: > automatically. Otherwise you have to open a permanent pinhole for UDP:68
: > coming from 10.0.0.1.
: >
:
: I don't know that much about Sygate. If Sygate is a stateful FW application
: and I think that it is, then it should let the traffic through. That's
: unless Sygate's IDS views the inbound traffic as some kind of threat and is
: instructing the FW to block the traffic.
:
: AS for the DHCP service not starting, the OP should disconnect from the
: Internet and disable Sygate and make sure the machine doesn't have any
: problems with the DHCP service not starting due to a possible bad install
: of the O/S.
:
: Duane
:

I used Sygate Personal Firewall Pro for a while. I ended up going to
a Linksys Cable/DSL router instead. Sygate asks you "Low level OS
process wants to connect to blah.blah.blah.blah do you want to allow
it?". The problem is that you don't know how to answer, so you tend
to answer "No".

After I got the Linksys I left the Sygate running, but my answers
eventually led to the situation of Sygate blocking *everything*,
including the machinery that runs the DHCP. After figuring that the
Linksys kept me invisible on the net, plus "scrambling" my return
address I felt OK just having the Linksys protecting my machine.

Without some clue as to what's on the other end of the connection,
how do you know how to answer when Sygate asks you "Allow the
connection?"? The Linksys seems to do the job and is *much* easier,
since it provides "trouble free motoring" with no questions. I've
been using just the Linksys for about 2-3 weeks and never once has it
dropped/lost/stopped my connection. There are no open ports on my
machine either - I check periodically using "netstat -a -n".

So if it comes down to a choice between spending $50 on a Linksys vs
spending $30 on a software firewall, I recommend the $50 for the
Linksys.

My 2 cents.

John.

John

John <> wrote in
news: et:

> In article <Xns94A49FE4C14C6darnold92insightbbco@216.148.227. 77>,
> says...
>: >
>: > Obviously your problem is that the firewall won't let through the
>: > second message, and you won't get the configuration parameters. The
>: > message is quite legitimate. Even the address matches: it is very
>: > common to configure the lowest non-zero address of the subnet to
>: > the uplink router, which also runs the DHCP service. In your case
>: > it is 10.0.0.1.
>: >
>: > I'm not familiar with Sygate configuration. If it is smart enough,
>: > it should detect the DHCP solicitation and open a pinhole for the
>: > response automatically. Otherwise you have to open a permanent
>: > pinhole for UDP:68 coming from 10.0.0.1.
>: >
>:
>: I don't know that much about Sygate. If Sygate is a stateful FW
>: application and I think that it is, then it should let the traffic
>: through. That's unless Sygate's IDS views the inbound traffic as some
>: kind of threat and is instructing the FW to block the traffic.
>:
>: AS for the DHCP service not starting, the OP should disconnect from
>: the Internet and disable Sygate and make sure the machine doesn't
>: have any problems with the DHCP service not starting due to a
>: possible bad install of the O/S.
>:
>: Duane
>:
>
> I used Sygate Personal Firewall Pro for a while. I ended up going to
> a Linksys Cable/DSL router instead. Sygate asks you "Low level OS
> process wants to connect to blah.blah.blah.blah do you want to allow
> it?". The problem is that you don't know how to answer, so you tend
> to answer "No".
>
> After I got the Linksys I left the Sygate running, but my answers
> eventually led to the situation of Sygate blocking *everything*,
> including the machinery that runs the DHCP. After figuring that the
> Linksys kept me invisible on the net, plus "scrambling" my return
> address I felt OK just having the Linksys protecting my machine.
>
> Without some clue as to what's on the other end of the connection,
> how do you know how to answer when Sygate asks you "Allow the
> connection?"? The Linksys seems to do the job and is *much* easier,
> since it provides "trouble free motoring" with no questions. I've
> been using just the Linksys for about 2-3 weeks and never once has it
> dropped/lost/stopped my connection. There are no open ports on my
> machine either - I check periodically using "netstat -a -n".
>
> So if it comes down to a choice between spending $50 on a Linksys vs
> spending $30 on a software firewall, I recommend the $50 for the
> Linksys.
>
> My 2 cents.
>
> John.
>
>

Currently, I use a Linksys myself. However, the Linksys is not a true FW
appliance and cannot stop outbound and it has some FW like features.

http://www.homenethelp.com/web/explain/about-NAT.asp
http://www.firewall-software.com/fir...rewall_do.html

If you're using an NT base O/S, then you can use IPsec to supplement the
router on inbound and outbound. And IPsec is integrated into the O/S and
doesn't ask any questions either.

http://www.petri.co.il/block_ping_tr...with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

The AnalogX zip has a SecPol file for the basic protection setup, if
applied.

use the Host
http://mvps.org/winhelp2002/hosts.htm
http://accs-net.com/hosts/HostsToggle/

I like to use Active Ports (free use Google) and put it in the Startup
folder to get a clear picture at machine start up. I also like to use
Wallwatcher (free) for the BEF model router.

Duane

Duane Arnold

On Sun, 07 Mar 2004 00:57:56 GMT, Duane Arnold spoketh

>
>Currently, I use a Linksys myself. However, the Linksys is not a true FW
>appliance and cannot stop outbound and it has some FW like features.

Yes, you keep saying that, but a simple NAT router is still the easiest
way to protect your computer/network. It blocks all unsolicited traffic
by default, there's no configuration necessary (other than changing the
password), and most NAT routers does come with limited port filtering
functionality, so you can at least block outbound IRC.

It is certainly much better than nothing, and since it doesn't have the
annoying "alarms" that desktop security suites have, one can go about
ones work without getting interrupted because someone pinged your
computer.

The two best (cheap) things to get for your computer security are:
1) a NAT router, and
2) Anti-virus software (free versions are available).

With these to products, you're in good place. The router will keep the
script kiddies out, and the anti-virus software will keep the malware
out. There is one other thing that is needed, and it doesn't come cheap:
Common sense! Don't download every piece of software you find on the
net. Only a fraction is any good, too much is just plain crap, and then
some are not what it looks like.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"

Lars M. Hansen