Cannot network two Windows XP Pro computers via IP

[joe]

*********** SYSTEM *****************

Windows XP Professional, SP1

Computer A - 192.168.2.100 Subnet 255.255.255.0
Computer B - 192.168.2.101 Subnet 255.255.255.0

Both computers are connected to a NAT router which connects to the Internet.
The NAT uses a single static IP address at my ISP for the gateway out to the
Internet.

Disabled NetBIOS over TCP/IP for both computers.
This was done for security reasons.

*********** PROBLEM *****************

Problem: Cannot network two Windows XP Pro computers via IP

I tell MAP Network Drive to use Z: to \\192.168.2.100\C
where C is network shared.

MAP Network Drive says it "cannot find network path for
Z: to \\192.168.2.100\C"

I can ping both machines using their IP addresses.

What is really strange is that sometimes when I boot both
systems they do map and it works. But for some reason
they refuse to map now.

Any feedback would be appreciated. Thanks

 

[Alan White]

Forget the mapping until you have established a network.
Have you run the XP network wizard on both machines?
Do you have the same workgroup name on both and different computer names.
Check in network places - view workgroup computers.
You should see each computer.

Then go for the mapping of drives.

 

[BravesCharm]

In order to use UNC paths(\\192.168.2.100\C) you have to have File &
Print sharing installed. This is a security risk if you are not behind
a firewall.

 

[joe]

File & Print sharing is installed.
The NAT router is a fire wall.
Zone Alarm is off while trying to find problem.
Disabled NetBIOS over TCP/IP for both computers.
This was done for security reasons since hackers like
to get through firewalls via NetBIOS ports.
This is why I use \\192.168.2.100\C rather than say
\\MyComputer\C
Computers have different names.
Both have same workgroup name.

When I booted both systems this afternoon they were
able to network. I have no idea why they sometimes
network and other times they don't see each other.
I assume there is some network cache that needs to get
flushed, but I don't know what to flush.

Thank you for your feedback.

 

[James Egan]

Zone Alarm is off while trying to find problem.

Very high up on the list of things to try is uninstalling zonealarm
completely until the problem is resolved.

There are uninstallation instructions somewhere on the zonelabs
website.


Jim.

 

[BravesCharm]

The only way a UNC path will work is if you have NetBOIS and File &
Print sharing enabled. UNC paths(\192.168.2.100\C or \\MyMachine\C)
uses NetBOIS protocol to communicate.

 

[James Egan]

The only way a UNC path will work is if you have NetBOIS and File &
Print sharing enabled. UNC paths(\192.168.2.100\C or \\MyMachine\C)
uses NetBOIS protocol to communicate.

No. These machines are xp pro so netbios is not required unless
browsing is required, which it isn't.


Jim.

 

[joe]

It is important to note that I have
"Disabled NetBIOS over TCP/IP for both computers"
in the TCP/IP properties.

Therefore, if I type
nbtstat -c or
nbtstat -n
It says there are "no names in cache"
so there does not appear to be a Master Browser.

In theory, a MAP Network Drive of Z: to \\192.168.2.100\C
should directly find the IP address without requiring
a Master Browser. What is strange is sometimes it works
and other times it does not.

Thank you for your feedback.

 

[Ross Durie]

Why don't you simply block port 135, 137, 138, 139 and 443 traffic to and
from the Internet but allow it on your LAN. Basic stuff surely. First rule -
allow those ports on LAN subnet. Second rule - block those ports to and from
everything. Rules are processed in order.

 

[James Egan]

Why don't you simply block port 135, 137, 138, 139 and 443 traffic to and
from the Internet but allow it on your LAN. Basic stuff surely. First rule -
allow those ports on LAN subnet. Second rule - block those ports to and from
everything. Rules are processed in order.

Perhaps you can explain how it's simply a firewall rules problem when
it connects okay intermittently.

Jim.

 

[Ross Durie]

I'm NOT actually talking about your intermittant problem, I'm giving you a
means of turning NetBIOS over TCP/IP on without creating a security risk.
Why have Zone Alarm if you don't put it to any real use.

 

[Ross Durie]

Should be port 445 not 443.

--
Ross

Why don't you simply block port 135, 137, 138, 139 and 443 traffic to and
from the Internet but allow it on your LAN. Basic stuff surely. First rule -
allow those ports on LAN subnet. Second rule - block those ports to and from
everything. Rules are processed in order.

 

[Carey]

I see people lock themselves out of their own PCs every day. These firewalls
give people a false sense of security and in many cases cause more harm than
good. If they already have a router, that's more than likely all the
protection they are going to need unless they like to upset and challenge
hackers.

Carey

 

[Ross Durie]

I agree. I use a router and Kerio 2.1.5 just to see if I get traffic to and
from the Internet on certain ports. Kerio is set to display an alert if a
block rule matches. I've never had Kerio alert me to anything intrusive in
over 3 years since the network was setup.