If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#21
|
|||
|
|||
In article , Noel Paton says...
I also use Kerio 2.1.5 - as well as the WF (at least that way I only have to worry about outbound traffic!g) I would not. Indeed, I only keep KPF 2.1.5 for some odd outbound connections that I want control over. My Netgear FR114P includes SPI filters which act as a firewall, both on inbound, and on outbound connections; but not by application on the individual computer. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
#22
|
|||
|
|||
In article , N.
Miller wrote: In article , Steve Winograd [MVP] says... You can't use the same NIC to access the Internet that you use to access the LAN when you are behind a router. Yes, you can. The router sits between the NIC and the Internet; the NIC can only access the router. The NIC accesses the router, and the router gives it access to both the Internet and the LAN. Did I misunderstand what you said? Probably. The NIC in the computer can only access the router. The router uses NAT to pass packets between the WAN port of the router and the LAN port of the router, which is connected to the NIC in the computer. Nobody on the WAN side of the router can have direct access to the NIC. Take my rig as a case in point. My NIC can directly access the gateway IP address at 192.168.102.1. It can't directly access anything beyond that IP address; that is the job of the NAT function in the router. While NAT is a transparent function, it does isolate the NIC from the Internet. Going the other way, you can directly access my router at 64.174.90.87, but not my NIC; not unless I have forwarded a port to my computer. Again, the NAT function of the router isolates the networks. I'm still not sure that I understand your point. You can indeed use the same NIC to access the Internet that you use to access the LAN when you are behind the router. By that, I mean that the computer's NIC, when connected to the router, can access other computers on the LAN, and it can also access sites on the Internet. The fact that Internet access passes through the router's WAN interface and NAT program before it reaches the NIC is irrelevant. Other computers on the LAN can access your NIC. Other people on the Internet can't access your NIC, because the router's NAT function acts as a firewall. Do we agree on those points? -- Best Wishes, Steve Winograd, MS-MVP (Windows Networking) Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional - Windows Networking http://mvp.support.microsoft.com Steve Winograd's Networking FAQ http://www.bcmaven.com/networking/faq.htm |
#23
|
|||
|
|||
On Mon, 11 Oct 2004 22:41:20 -0700, N. Miller
wrote: It's better to have a software firewall, even with a router. Consider what happens with OUTGOING connections, such as those from spyware. At which the Windows Firewall is as useless as the proverbial screen door on the submarine. Get a software firewall which is designed to control outbound connections, and disable the Windows firewall entirely, if that is your intent. I'm not worried about outbound connections. I just want something to simply block connections to (winxp) open ports on a dialup interface whilst not taking over the machine. I'm not going to install a resource hog to protect a connection I might only use once every few months. Had it been win9x or winme I would have just unbound file and printer sharing from tcp/ip and not bothered with a firewall at all but with winxp it appears to be a little more troublesome with remote procedure calls and all that so a simple firewall looks the way to go. Is it possible to revert to the old winxp firewall? That was fine for blocking on the diakup connection without affecting the LAN. Jim. |
#24
|
|||
|
|||
The WF does a very good job of blocking inbound traffic - look here for
details Using programs and hardware with Service Pack 2 http://support.microsoft.com/default...h;ln;xpsp2swhw Some programs seem to stop working after you install Windows XP Service Pack 2 http://support.microsoft.com/?kbid=842242 Programs that may behave differently in Windows XP Service Pack 2 http://support.microsoft.com/?kbid=884130 Troubleshooting Windows Firewall Settings in WinXP SP2 http://support.microsoft.com/?kbid=875357 More MS references: http://forum.aumha.org/viewforum.php?f=44 (with apoloogies to PABear) -- Noel Paton (MS-MVP 2002-2005, Windows) Nil Carborundum Illegitemi http://www.btinternet.com/~winnoel/millsrpch.htm http://tinyurl.com/6oztj Please read http://dts-l.org/goodpost.htm on how to post messages to NG's "James Egan" wrote in message ... On Mon, 11 Oct 2004 22:41:20 -0700, N. Miller wrote: It's better to have a software firewall, even with a router. Consider what happens with OUTGOING connections, such as those from spyware. At which the Windows Firewall is as useless as the proverbial screen door on the submarine. Get a software firewall which is designed to control outbound connections, and disable the Windows firewall entirely, if that is your intent. I'm not worried about outbound connections. I just want something to simply block connections to (winxp) open ports on a dialup interface whilst not taking over the machine. I'm not going to install a resource hog to protect a connection I might only use once every few months. Had it been win9x or winme I would have just unbound file and printer sharing from tcp/ip and not bothered with a firewall at all but with winxp it appears to be a little more troublesome with remote procedure calls and all that so a simple firewall looks the way to go. Is it possible to revert to the old winxp firewall? That was fine for blocking on the diakup connection without affecting the LAN. Jim. |
#25
|
|||
|
|||
On Sun, 10 Oct 2004 15:47:35 -0600, "Steve Winograd [MVP]"
wrote: 1. Go to the Exceptions tab. 2. Un-check all of the boxes. 3. Go to the Advanced tab. 4. Check the dial-up connection and un-check the LAN connection. I've resolved the problem but I don't know what was the cause. I system restored to a point prior to installing sp2 and then re-installed sp2. Now the firewall is behaving in the manner you posted. Strange that isn't it? Looks like sp2 is as prone to silent failure as some of the earlier patches. Jim. |
#26
|
|||
|
|||
Make sure that the ME computer doesn't have NetBEUI or IPX installed
(network protocols). If it does, get rid of them on all the computers. TCP/IP is not only "enough" it is often necessary that it be "alone". You must have the same protocol working for file sharing, etc. From experience, I believe that installing NetBEUI on an ME machine (that already has TCP/IP) will cause an XP machine with only TCP/IP installed to disappear from the ME machine's network neighborhood. It's as if NetBEUI has taken priority for being the protocol of choice and, since it doesn't exist on the XP machine, can't share. Removing NetBEUI is much preferable to having it installed all over the place. Fred "jhebron" wrote in message news:fz0ad.363941$Fg5.194989@attbi_s53... I am running ME and XP and I can't get them to share files. I am running a Linysys cable modem and Linksys router. I can get the Internet on both computers no problem, they just wont see each other to share files and printers. Is the firewall in XP Service Pak 2 stopping them from anything. I also have Norton Security and Anti-virus on each computer. Any help would be greatly appreciated. |
#27
|
|||
|
|||
In article , James Egan says...
I'm not worried about outbound connections. I just want something to simply block connections to (winxp) open ports on a dialup interface whilst not taking over the machine. I'm not going to install a resource hog to protect a connection I might only use once every few months. Had it been win9x or winme I would have just unbound file and printer sharing from tcp/ip and not bothered with a firewall at all but with winxp it appears to be a little more troublesome with remote procedure calls and all that so a simple firewall looks the way to go. Is it possible to revert to the old winxp firewall? That was fine for blocking on the diakup connection without affecting the LAN. Why? The SP2 Windows Firewall is at least as capable as the old ICF. You just have to learn how to configure it. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
#28
|
|||
|
|||
In article , Steve Winograd
[MVP] says... Other computers on the LAN can access your NIC. Other people on the Internet can't access your NIC, because the router's NAT function acts as a firewall. That is because there is no direct connection between the NIC and the Internet; but... Do we agree on those points? Okay. I can agree to the fact that you can reach the Internet from your NIC. Even if only through a transparent hardware proxy. -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
#29
|
|||
|
|||
On Thu, 14 Oct 2004 20:00:33 -0700, N. Miller
wrote: Other computers on the LAN can access your NIC. Other people on the Internet can't access your NIC, because the router's NAT function acts as a firewall. That is because there is no direct connection between the NIC and the Internet; but... Do we agree on those points? Okay. I can agree to the fact that you can reach the Internet from your NIC. Even if only through a transparent hardware proxy. You've had three goes at it and you still haven't corrected or clarified what you originally said. The bottom line is you said you CAN'T "use the same NIC to access the Internet that you use to access the LAN when you are behind a router" when in fact you CAN. Forget about transparent hardware proxies and such red herrings. The Internet access facility is not in doubt with a single nic. Using the same nic the computer can ALSO access and be accessed by other machines on the LAN. Jim. |
#30
|
|||
|
|||
In article , James Egan says...
You've had three goes at it and you still haven't corrected or clarified what you originally said. Fine. I am a stupid idiot. I'll go hide in the corner and forget I even have an Internet connection. Who needs it, anyway... -- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Win ME Home Networking , ADSL, Wireless Router & Ethernet Port Issue | Chandra Madhira | Networking | 3 | September 29th 04 10:03 AM |
Networking Dialog Box for password | BillO | Networking | 2 | September 28th 04 04:35 AM |
Windows 98 not networking | dave | Internet | 0 | July 7th 04 05:11 PM |
Networking problems | polar_bear | Networking | 0 | June 9th 04 05:34 PM |
MIssing files for networking | [email protected] | Networking | 0 | June 9th 04 01:38 AM |