Message boards :
Number crunching :
BOINC and Personal Firewalls
Message board moderation
Author | Message |
---|---|
Rom Walton (BOINC) Send message Joined: 28 Apr 00 Posts: 579 Credit: 130,733 RAC: 0 |
Okay, so I fixed a few issues dealing with firewalls and the like. We still have a few more connectivity issues to work through. For those who feel comfortable tweaking their firewalls and the like, would you help me find out what the missing pieces of this puzzle are? With your firewall could you disable/delete any existing rules you have for BOINC and then start BOINC up and see if your firewall prompts you to allow BOINC to run? Does BOINC run? Can it Upload/Download work? Can you suspend/resume execution of work? If you are having problems with BOINC could you send back which firewall you are using? OS? Install Type? BOINC version? Are you using Fast User Switching? Is automatic logon enabled? Thanks in advance. ----- Rom BOINC Development Team, U.C. Berkeley My Blog |
Jord Send message Joined: 9 Jun 99 Posts: 15184 Credit: 4,362,181 RAC: 3 |
Windows 2000 SP4, running Sygate Personal Firewall 5.6 Boinc installed as a service. BOINC 5.2.12 Stopped Boinc. Told Sygate in the Applications menu to not allow Boinc Client and Boinc Manager for Windows to communicate. Restarted the service. Immediately, the balloon abover the Boinc Manager told me that I had given the wrong password and that BM could therefore not connect to Boinc. Boinc service is running without a problem though. Then I went File->Select computer, filled in localhost, it filled in the password for me. Boinc Manager recognizes Boinc, I see everything running. Trying a manual Update of Seti: 28/11/2005 22:18:32|SETI@home|Sending scheduler request to http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi 28/11/2005 22:18:32|SETI@home|Reason: Requested by user 28/11/2005 22:18:32|SETI@home|Note: not requesting new work or reporting results 28/11/2005 22:18:56||Couldn't connect to hostname [setiboinc.ssl.berkeley.edu] 28/11/2005 22:18:57|SETI@home|Scheduler request to http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi failed with a return value of -106 28/11/2005 22:18:57|SETI@home|No schedulers responded Sygate comes up with a window showing me that it has blocked Boinc.exe from communicating through the network. Stopping Boinc Service. Setting Sygate Applications to ask me if I want to allow Boinc to access the network or the internet. Restarting service. The first thing coming up is: "Boinc client (boinc.exe) is trying to connect to [128.32.18.173] using remote port 80. Do you want to allow this program to access the network?" Yes. 28/11/2005 22:22:47|SETI@home|Sending scheduler request to http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi 28/11/2005 22:22:47|SETI@home|Reason: Requested by user 28/11/2005 22:22:47|SETI@home|Note: not requesting new work or reporting results 28/11/2005 22:23:02|SETI@home|Scheduler request to http://setiboinc.ssl.berkeley.edu/sah_cgi/cgi succeeded Each time when I have changed my Boinc version, Sygate prompts me that it has changed and do I want to allow it through to the internet. Mine works. |
Sir Ulli Send message Joined: 21 Oct 99 Posts: 2246 Credit: 6,136,250 RAC: 0 |
|
Doris and Jens Send message Joined: 21 Nov 99 Posts: 362 Credit: 3,539,386 RAC: 13 |
Using Norton Internet Security 2005 and 2004 on Windows XP pro/Windows 2000, BOINC as Service: After every update NIS ask for permit for boinc.exe to connect to internet. No problems in any way to connect boinc.exe and boncmgr.exe. NIS has a option block all Internettraffic. This blocks the connection between Manager and Service too and if I stop the service and start boincmgr.exe first, then it is not able to start boinc.exe. If I allow the connection again, boincmgr.exe can start boinc.exe without problems. If I deny the permit for boinc.exe when NIS requested this and then try to attach a project, I run into the proxy dialog. If I entered some stupid things in the dialog, then I get the -113 error and could not reach the internet again until I cleared up the proxy dialog. So far all is running as expected. Sorry. In the past I was supporting in this and other message boards connection problems where it apears that the port 1043 between boinc.exe and boncmgr.exe was used by a other program, not onlöy by boinc.exe. This happens mit kerio firewall, where the GUI seems to like to use this port and with alg.exe (Windows application layer gateway). The reports here in the boards give me the feeling that this problem with the double usage of port 1043 was fixed for the service install, but possible not for share and single install mode. But I still am missing deeper information. Greetings from Bremen/Germany Jens Seidler (TheBigJens) |
KB7RZF Send message Joined: 15 Aug 99 Posts: 9549 Credit: 3,308,926 RAC: 2 |
I run McAfee Personal Firewall, shut down BOINC, deleted all the rules pertaining to BOINC, ran BOINC again, did a manual update, McAfee prompted me to either allow it or not allow it, did it both ways, obvious not allowing it it would not connect, allowing it, it did. No problems. Jeremy |
Ricky@SETI.USA Send message Joined: 4 Sep 04 Posts: 453 Credit: 1,586,857 RAC: 0 |
I run McAfee Personal Firewall, shut down BOINC, deleted all the rules pertaining to BOINC, ran BOINC again, did a manual update, McAfee prompted me to either allow it or not allow it, did it both ways, obvious not allowing it it would not connect, allowing it, it did. No problems. I run SystemSuite6 from V-COM this program's firewall will ask if i want to allow, block or have it ask before it connects to the net. I have no problems so far. In Fact I remove all programs every 6 months to see what programs are asking to connect to the net. This way I can see what programs are using the net. Also not only BOINC is on the list but each of the projects attached are listed as well. On my Toshiba there are 4 listings related to BOINC 2 for S@H and 1 for P@H plus BOINC Ricky |
MJKelleher Send message Joined: 1 Jul 99 Posts: 2048 Credit: 1,575,401 RAC: 0 |
Windows XP Home, SP2 Zone Alarm 6.0.667.000 Shut down BOINC, deleted the three entries relating to BOINC in the program rules. Started BOINC Manager Zone Alarm asked if I would allow BOINC Manager to access the "Trusted Zone" (yes) Then asked if I would allow BOINC Client to access the Internet (yes) Last asked if I would allow BOINC Client to act as a server (yes) This happens each time I upgrade also, and I don't have problems with access thereafter. MJ |
John McLeod VII Send message Joined: 15 Jul 99 Posts: 24806 Credit: 790,712 RAC: 0 |
Windows XP Pro SP2 Windows XP firewall. The firewall does not block outgoing. The local host works with the rules for BOINC turned off. BOINC WIKI |
AC Send message Joined: 22 Jan 05 Posts: 3413 Credit: 119,579 RAC: 0 |
Windows XP SP2 Norton Personal Firewall 2004 BOINC Version: 4.45 Installation Type: Single User Fast User Swithcing/Auto Logon off When I select block boinc.exe from internet access, then try to update SETI@home, I get the following messages in Message Center: 11/28/2005 10:15:46 PM||Can't resolve hostname [setiathome.berkeley.edu] valid name, no data record of requested type 11/28/2005 10:13:44 PM|SETI@home|Couldn't read master page for SETI@home: error -113 11/28/2005 10:13:44 PM|SETI@home|Master file fetch failed 11/28/2005 10:13:44 PM|SETI@home|Deferring communication with project for 1 minutes and 0 seconds When I exit BOINC, delete boincmgr.exe and boinc.exe from program control, then restart BOINC, I get a program control alert that says boincmgr.exe and then boinc.exe is trying to connect to a DNS server. Alert details: boincmgr.exe/boinc.exe is trying to connect to a DNS server Remote Address: **.***.**.** : 53 (my ISP) Local Address: **.***.***.*** : 0 |
Lampros Send message Joined: 17 Jun 02 Posts: 279 Credit: 13,973,726 RAC: 0 |
I've got one over in Q&A, seems like it might be a firewall problem. Don't give up just yet! Let us know what problems you're having and maybe we can help. I know it can be a little daunting, but give it another shot. If you don't want to, hit control-alt-delete, this will bring up the task manager. Shut down all instances of Boinc. You should now be able to uninstall. Edit: Can't figure out why you'd want to quit, you've managed to connect, download WU's, crunch them, return and get credit. What's with that? that data was on my work computer the control-alt-delete didn't not work, believe me I've tried that. (I am a certified tech and I do know my way around the machine nine ways to sunday). I ended up running msconfig and pulled it out of the start up and rebooted (though even that was pulling teeth because of boinc hanging). I then uninstalled it, rebooted and then re-installed it and turned off the fire wall before boinc started, connected with boinc to the server and it is now up and running. Though I still think that the programmers need to look at their coding of the program to keep it from hanging at start-up. This is going to cause a lot of us long time SETI@home (been doing it since the beginning and I have over 37K hours of data crunched) folk a lot of consternation. The other thing I think it may had a problem with the initial installation of version 5.4.12 being corrupted. http://setiathome.berkeley.edu/forum_thread.php?id=23327 |
Doris and Jens Send message Joined: 21 Nov 99 Posts: 362 Credit: 3,539,386 RAC: 13 |
There are some possible issues, that may look like firewall problems, but are wrong usage or configuration problems (and I don't say the user is responsible for this): 1. You can enter a name or password with whitespaces before or after the content and this are not removed, making the text wrong. This ends up with a account not found. 2. You can enter a value in the HTTP and/or SOCKS proxy configuration and not having a proxy to use. If you entered a existing server name (i.e. http://setiathome.berkeley.edu/) you get a -113 error, if you enter nonsense you get a -106 error. Same may happen if you have a proxy but enter the wrong values, maybe because you don't know. 3. If BOINC and/or network activity is suspended (by time, user is active, menu) a attch to project isn't finished until BOINC can reach the network again. This may look like a error and give a error message. But after network activity resume, all will be finished and become okay. 4. BOINC and BOINC manager read the password file for the local communication (Connect) in the working or current directory. If each use a different directory, they may find different passwords or no password file, what may seems as a different passwords too. I.e. this can happen with a service install (not sure about share and single) if a user try to create a link to BOINC Manager on the desktop, but failed and put a copy of the boincmgr.exe there. Typical failure in many cases. *EDIT* In this example - in a share or single install - BOINC Manager will too not be able to start BOINC and end with a "Cannot connect" error. 5. Restarting a BOINC service when BOINC Manager is running forces BOINC Manager to throw a "wrong password" message and only a new selection of local host fix this. The retry connection box seems not to work in this case. *EDIT* 5.2.13 didn't fix this issue 6. *ADDED* With the 5.2.13 release I first time tried to test the account manager menu option and surprise, surprise. The URL "http://setiathome.berkeley.edu" is a valid URL of a account manger and I was asked for email and password. Sorry that I have no account on this account manager and must quit. But I believe this is a good way to make new users crazy. Curently there is no account manger in production available for BOINC! So no need to try it. All this may come as or together with firewall problems. I.e. because someone may be blocked by his personal firewall and then tried to enter (possible wrong) proxy infos. If he shut down the firewall after this, he will still get no connection and don't know what happend. Normal user mostly do not remember where they have inserted configuration infos. Greetings from Bremen/Germany Jens Seidler (TheBigJens) |
Tigher Send message Joined: 18 Mar 04 Posts: 1547 Credit: 760,577 RAC: 0 |
boinc cc 5.2.13 XP Pro SP2 patched to 28th Nov 05. Linux iptables with 80 & 443 open. 1043 & 31416 closed. (this is unchanged on 4.25 and 4.32 cc operations) uninstalled 4.25 MS Firewall on and cleared off rules installed 5.2.13 went smoothly All is fine - everything works. Did so on 3 PCs same result. Used boincview to see those 3 systems and 2*4.32s and all is good. Good news! |
Fuzzy Hollynoodles Send message Joined: 3 Apr 99 Posts: 9659 Credit: 251,998 RAC: 0 |
McAfee personal firewall here, no problems, never had any. "I'm trying to maintain a shred of dignity in this world." - Me |
UBT - Halifax--lad Send message Joined: 13 Dec 00 Posts: 433 Credit: 13,900 RAC: 0 |
Windows XP Home, SP2 same here with zonealarm no problems and always asks me if I wish to allow BOINC access on a new version as one would expect A note to some people who do use ZoneAlarm & BOINC if you wish to suspend Internet Access through ZA then give BOINC a passlock this will enable it to connect to the internet and also to access the localhost, denying it the passlock will just stop BOINC running until the suspend option has been switched off Join us in Chat (see the forum) Click the Sig Join UBT |
Darth Dogbytes™ Send message Joined: 30 Jul 03 Posts: 7512 Credit: 2,021,148 RAC: 0 |
I've been using Kaspersky Anti-Hacker v1.8.180 and have never had any problems with it. If I update the Boinc client it recognizes the change and asks me if I am aware of it, and gives me the option of allowing it or blocking it. Only those programs which are allowed can communicate. Plain vanilla but effective. My main defense is a Linksys WIFI G router configured as tight as possible and still allow communications and all out of the box default security settings have been changed. Account frozen... |
Mosaix Send message Joined: 28 Dec 99 Posts: 114 Credit: 419,427 RAC: 0 |
I run McAfee Personal Firewall, shut down BOINC, deleted all the rules pertaining to BOINC, ran BOINC again, did a manual update, McAfee prompted me to either allow it or not allow it, did it both ways, obvious not allowing it it would not connect, allowing it, it did. No problems. Same Firewall for me, same results. |
Professor Ray Send message Joined: 17 May 99 Posts: 149 Credit: 108,674 RAC: 0 |
Windows XP Home, SP2 Win98SE, ZA free v6.1.737.000 CNet Pro200 adapter (xxx.xxx.xxx.xxx) subnet (255.255.255.0) in the trusted zone localhost IP address in the trusted zone DSL modem IP address (198.168.0.1) / modem netmask (255.255.0.0) in the trusted zone Zone Alarm asks for BOINC Manager to access the Trusted Zone, it asks for BOINC client access to the trusted zone. It asks for BOINC client access to the internet. I have placed into my HOSTS file the following: 127.0.0.1 localhost 137.151.252.96 predictor1.scrips.edu 128.32.18.173 galileo.SSL.Berkeley.edu 129.89.61.70 einstein.phys.uwm.edu 128.142.40.200 lxfsrk4101.cern.ch 129.33.89.133 www.worldcommunitygrid.org 216.206.28.127 download.ud.com 144.160.97.51 cwscp.sbcis.sbc.com (All subsequent URLs are mapped to localhost, and those marked with Parasite or Trojan comments have been placed in in the Internet Explorer Restricted Zone). ZA does not protest about server rights for the BOINC client. |
Professor Ray Send message Joined: 17 May 99 Posts: 149 Credit: 108,674 RAC: 0 |
If I update the Boinc client it recognizes the change and asks me if I am aware of it, and gives me the option of allowing it or blocking it. Only those programs which are allowed can communicate. Plain vanilla but effective. Roger that. Works good. Lasts a long time. |
Bronco Send message Joined: 22 Jun 05 Posts: 123 Credit: 19,340 RAC: 0 |
Another KerioPF, with XP SP2 fully patched (as of today lol), Boinc cc 5.2.14 and no problem. Service install "In a world without walls and fences, who needs windows and gates ?" for the team |
CihaPet@UI Send message Joined: 20 Jul 99 Posts: 1 Credit: 160,854 RAC: 0 |
5.2.14 Where did you get 5.2.14? I just now looked at the download page and they have 5.2.13 there (which I'm already running). |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.