[Sent To Devel] Firewall Prevents Networking From Windows 10 New Bash Shell #2

Hey guys,

since the other /index.php?showtopic=69742" rel="">thread has been locked, I'll start a new one. Windows 10 1607 (Build 14393) has been released, I tried if to run sudo apt-get update with enabled firewall, but get error messages like this: W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/multiverse/binary-amd64/Packages Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::17). - connect (101: Network is unreachable) [iP: 2001:67c:1360:8001::17 80], as soon as I turn of the firewall everything is fine.

Does anybody know how to configure the Bitdefender firewall so that networking from the bash shell works, without turning off the firewall entirely?

Kind Regards

Stefan

Comments

  • Having the exact same issue.

    I thought that is an issue with IPv6 as some blog posts tell you to change the /etc/resolv.conf and remove the dns servers for ipv6 but afterwards it will give you a "permission denied" when bitdefender is running.

    In my case I uninstalled Bitdefender to check if it's the reason and after that it worked again.

  • Hi,

    We all have the same issue, I've tried adding a rule to allow connections from bash.exe and lxrun.exe but that doesn't seem to fix the problem. The only way that works for me is to disable the firewall module.

    Let me know if you find something useful.

    Cheers

  • Hello,

    Thank you for all your feedback, I have sent the case to our devs and we are working on resolving the situation.

  • Here's a link to a hack fix that worked for me, from Microsoft's Github for Bash on Windows:

    https://github.com/Microsoft/BashOnWindows/issues/5#issuecomment-213704084

    Basically, there's a Virtual Network Adaptor used by the Linux Subsystem aka Bash for Windows; said adaptor is only viewable when the subsystem is up.

    Similar to a Virtual network device for, say, VMWare, you can set it in the firewall to Trusted (with all that implies). Doing this allows networking (at least the parts working now).

    Techie Bits: From what I'm reading, the programs we run in the subsystem are a relatively new feature of Windows. As a result, there's work to be done to have all Firewall vendors (including Microsoft!) support their programs, and according to a comment on this issue at the aforementioned Github, MS is starting to reach out to Bitdefender around this, in addition to their comment below.

    Here's some more technical background on what we're actually running in this mode (this will not help fix, but understand why it's not a "normal" process we users can just open any firewall to open):

  • Thanks.

    I can't see any aditional Network Interface appearing no matter if I have bash open or closed (and I did reopen Bitdefender everytime) but my default Ethernet Interface was set to "Home/Office".

    After setting that one to "Trusted" apt-get update works!

  • I'm having this exact same problem and it looks to me that the Bitdefender firewall is intercepting DNS requests for A and modifying them to be AAAA lookups, so that records that have both only return the AAAA ones and thus cause non-IPv6 connected computers like mine to fail.

    Disabling the Bitdefender firewall is the only workaround for me so far.


  • Is there any update on this? I'm sort of (very) bummed about this as I am switching over from ESET Smart Security to Bitdefender Total Security just to find out that I must disable the firewall to connect via bash. I am constantly pushing commits with my organizations and with a couple of them in particular there are some strict code we must follow. 1) Use the workplace/organization VPN ... and ... 2) Always maintain active Firewall connections and browse only organization repo and site while working. Their rules, not mine. 


    Granted, this can be eliminated by simple using putty; however, being a Linux native and being forced by the job into Windows... this is just my preferred option. I could also disable the firewall and just push everything through the default Windows Firewall, which works without issue... but this irks me to my core looking down and seeing a notice by Bitdefender that I am not fully protected. Is there at the very least a way to disable something without Bitdefender forcing a setting? I know I know... I'm one of those people.


    Having to disable the firewall seems like a massive oversight. Granted the subsystem is relatively new, however I can see (even from the post herein) that some third-party vendors are already adding the means in their firewalls. Why is it that Bitdefender is behind in this respect... being boasted as one of the best... this seems to be a slight disadvantage that one only finds out ... after purchase.


    I am not attempting to be critical or flame (I did buy the Bitdefender software after all) but this just seems like there are a lot of settings that are forced out of hand in the Bitdefender firewall.


    At any rate, I am sure progress is being taken in this regards.. and if it isn't already in the works, then it's perhaps in the pipeline. One can only hope.


  • I was having the same difficulty and could only run sudo apt-get commands with bitdefender firewall turned off. I did as Wolfspirit suggested and set adaptors -> wifi -> Trusted, and was then able to run commands even with bitdefender on.


  • Same issue here. Changing the network to "trusted" is not a solution in any way, it's the worst solution possible (turning the Firewall off).


    p.s.:


    They bitdefender team had known about this issue for almost 4 months now (see previous threads quoted above), and have done nothing about this. It's been two months since the anniversary update was officialy released, and still they do nothing: no solution, not even an update about progress!


    I find it amazing to see how the Bitdefender devels seem to not give a sh*t about their users.. :(


  • Just updated to latest 2017 version in hope it would be fixed. It wasn't.


    Other vendors managed to fix it. Step up and come into the game please.


  • Hello!


     


    This issue should no longer reproduce under 2017. Please use bitsy@bitdefender.com to open a support ticket so we may further investigate.


  • Yes it actually does work now. Only explanation I have to what happened is that I have restarted the computer. I tried just after install of 2017 last time.


    Sorry if I came out so hard, especially when I was wrong...


  • I'm happy it works for 2017... what about us 2016 users?


  • Hello,


     


    All 2016 subscriptions are eligible for 2017 upgrade. If you uninstall the product and reinstall it from your Central, you are going to receive the 2017 version of the product.


  • I did not know that!  Thanks.  I'll give it a shot.


     


    Just wanted to confirm that I was able to install 2017, and, it worked fine, although I needed to reboot before the 'tools' would come back up.  But, the bash shell worked fine.


    Thanks!


  • What about the endpoint security tools? I currently have Bitdefender Endpoints security tools 6.2.18.884 installed (the latest version to my knowledge) but I have the same problem as described above: sudo apt-get commands do not work unless I turn off the firewall (which I prefer not to). When is this planned to get fixed?


  • Still happening on Total Security 2018. However, what helped paradoxically was to set my adaptor to "Public" setting. It shouldn't work, but it works...


     


    Please, look into this problem once more, BItdefender.

  • Sergiu C.
    Sergiu C.
    edited January 2018


    Hi, 


     


    Our development team is aware of the issue occurring in Bitdefender 2018 and is currently working on a fix. Please continue the discussion in the Bitdefender 2018 forums: 

    /index.php?/topic/77063-wsl-on-windows-10-has-no-network-connectivity/&do=embed" style="overflow: hidden; height: 205px; max-width: 502px;">


     

This discussion has been closed.