fort icon indicating copy to clipboard operation
fort copied to clipboard
Published 3 weeks ago verified publisher icon tnodir

After some uptime, all traffic is blocked (probably, only when using android USB tethering)

Open HighPriest opened this issue 9 months ago • 11 comments

Hi. I have installed Fort Firewall as an application to control bandwidth consumption when using a mobile data plan. The application works great, I was able to create a few different groups & assign to them different bandwidth limits & it all works fine.

But only to a moment, when all ip communication comes to a stop & NIC statistics show 0 traffic. With the only solution being, disabling Fort Firewall filtering, I presume the culprit is somewhere in it. I wasn't able to test my installation with any other connection, so the issue might be somehow related to how Windows handles Android USB Tethering.

Unfortunately, the app seems to clear logs on being closed, so I am unable to provide anything meaningful right now. But the moment the issue happens again, I am going to share whatever is in them

HighPriest avatar Mar 05 '25 18:03 HighPriest

After looking through the application, the only thing that immediately caught my eye, is that some blocked applications are trying to make TCP connections, on continuously incrementing port. Image

HighPriest avatar Mar 06 '25 00:03 HighPriest

different bandwidth limits

I think, this is the cause. Try to disable all of speed limits.

Also related: #433

tnodir avatar Mar 06 '25 02:03 tnodir

The issue persists on v3.19.2.

  • Internet traffic is completely locked after some uptime.
  • The Traffic Graph in Fort Firewall shows a few kbps of traffic, but e.g. Task Manager or Network monitor in Chrome DevTools, show 0kb passing
  • Enabling all logs options, does not return any additional logs, beyond some old Qt warnings.
  • Issue persists with Filter Mode: Allow, if not blocked and Block Traffic: No block

Again, I don't have installed Wireshark and don't have time to play with it at this hour.
But, I would like to learn how I can dump some logs on what the WFP driver is doing. 👨‍💻

HighPriest avatar Aug 25 '25 21:08 HighPriest

Internet traffic is completely locked after some uptime.

Please see FAQ: Why are all/some my programs blocked when I use Fort Firewall?

Inspect the blocked Connection's Reason in the Statistics window after enabling the Options: Statistics: "Collect blocked connections" flag.

Or use System Informer program's "Firewall" tab to check blocked connections.

tnodir avatar Aug 26 '25 07:08 tnodir

Unfortunately, the app seems to clear logs on being closed

Tick off the Options: Statistics: "Clear connections on exit (reduce disk writes)" flag.

tnodir avatar Aug 26 '25 07:08 tnodir

... what the WFP driver is doing.

See the Functionality overview: Filtering logic.

tnodir avatar Aug 26 '25 07:08 tnodir

Thanks @tnodir
DNSCache is allowed through the network, but if the issue happens again, I will make sure to check it out and look into SystemInformer. I've prepared Wireshark this time, too.

The note about WFP driver logic is nice, but still, would be nice to have it publish some logs.

HighPriest avatar Aug 26 '25 18:08 HighPriest

The note about WFP driver logic is nice, but still, would be nice to have it publish some logs.

The logs are located in the Connections window.

Fort does not use WFP's filtering mechanism for apps.

tnodir avatar Aug 27 '25 03:08 tnodir

So, I've ran into the issue again and tried understanding what is happening through WireShark.
Here is a dump of attempting to load google.com Fort - Google Connection Attempt.pcapng.gz

The odd thing in this dump, seems to be that (if I understand the log correctly), the responses from google servers (142.250.186.206) don't arrive in chromium and are constantly re-transmitted by the target server.

In Fort->Statistics->Connections I can see that only some diagnostics and GamingServices have been completely blocked recently.

Looks like Fort blocks all communications of only a select group. With CURL in a separate group, loading google.com works flawlessly. But Chromium fails to get any response from the same address, when Fort filtering is active.

HighPriest avatar Sep 05 '25 19:09 HighPriest

Here is configuration of the group, which gets its communications completely locked out after some time Image

All quota limitations are disabled

Image

HighPriest avatar Sep 05 '25 19:09 HighPriest

I think some apps just don't play nicely with the throttling. For example I use ollama in vscode. When I'm downloading new LLMs, it just maxes out my bandwidth and no one else is able to use the the internet. So I tried throttling the ollama process that downloads it. But when I put ollama.exe the throttle group. Communication is rejected with the following message.

Error: Head "http://127.0.0.1:11434/": dial tcp 127.0.0.1:11434: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Then I try another app in the same throttle group, for example edge browser. Then do a speed test, it's throttled by what is set in fort firewall.

So far the only app that is not playing nicely with forts throttling is the ollama desktop app. Every other app seems to work as expected.

soul4kills avatar Nov 15 '25 22:11 soul4kills