Blocking Specific IP addresses with XP Firewall exceptions


M

Mouse

Hi,

We have 4 PCs (XP Home SP2) in a workgroup on a LAN.
I'm trying to allow only the IP addresses of our workgroup
PCs to access our shared files and printers, and to keep out
users in other workgroups that show up in "My Network Places".

I have assigned an IP address to each of our 4 PCs. (192.168.1.xx)
On each of the 4 PCs, under "File and Printer Sharing" on the XP
firewall exceptions tab, I have changed the scope of all 4 listed ports
(TCP 139, 445; UDP 137,138) to Custom List and entered the IP
addresses of the 3 remaining PCs (192.168.1.xx), separated by
commas, along with the subnet mask 255.255.255.0.

These settings aren't retained.

When I return to examine the settings, they either have changed to
list only the IP address of the default gateway (192.168.1.6), or the
originally-entered IP addresses of the individual PCs, but with the
subnet mask changed to 255.255.255.255.
What am I doing wrong here?
Your help would be greatly appreciated.

Thanks,

Mouse
 
Ad

Advertisements

S

Steven L Umbach

Seeing the individual IP address with /255.255.255.255 is normal as that
indicates the specific IP address on that network. It should work fine when
that is what shows in change scope. Beware however that if a user on the
network in another workgroup changes his IP address to be what shows in your
allowed list he can have access to your computers/shares and that is fairly
easy to do by sniffing the network for a little while for the names/IP
addresses of computers on the network. XP Pro would be a better solution
because you can disable simple file sharing in XP Pro and require user
authentication to access shares or use ipsec that can be configured fairly
easily via Local Security Policy. I understand that ipsec can be configured
in XP Home but requires that the policies be created and assigned via the
command line using ipseccmd. Even preshared key could be secure for ipsec if
the other users do not have physical access to your computers or access via
RDP, etc. Another solution would be to isolate your computers on a separate
network. --- Steve

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds_new_tools.mspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top