Firewall set up for local network without domain

[Guest]

I set up a small network with 6 computers with Windows XP Professional, we are using static IP address and all computers are connected to a hub and have access to the Internet thought a DSL Modem.

I set up a workgroup and we are using Advance File Sharing, and set up the local security policies to Guest authentication. Everything work fine, I able to share and print.

The problem is that I enable the WXP Firewall and I would like to know which TCP/IP ports I have to allow.

Thanks

 

[Steve Winograd [MVP]]

I set up a small network with 6 computers with Windows XP Professional, we are using static IP address and all computers are connected to a hub and have access to the Internet thought a DSL Modem.

I set up a workgroup and we are using Advance File Sharing, and set up the local security policies to Guest authentication. Everything work fine, I able to share and print.

The problem is that I enable the WXP Firewall and I would like to know which TCP/IP ports I have to allow.

Thanks

Do your computers have public or private IP addresses? The private IP
address ranges are:

10.0.0.0 - 10.255.255.255
169.254.0.0 - 169.254.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

All other IP addresses are public.

If your computers have public IP addresses, it isn't safe to use
TCP/IP for file sharing, because everyone on the Internet could access
your computers. In that case, do this on all computers:

1. Enable the WXP firewall and don't open any ports.
2. Install the IPX/SPX protocol for file sharing.
3. Un-bind file sharing from TCP/IP.

I've written a web page with details:

Windows XP Network Protocols
http://www.practicallynetworked.com/sharing/xp/network_protocols.htm

If your computers have private IP addresses, you could enable the WXP
firewall and open the following ports: TCP 139, TCP 445, UDP 137, UDP
138.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

 

[Guest]

Hi Steve,
I read about your comments and i think you may be able to help me.

I have windows server 2003. I have website running. I have a bad user who is
flooding my website. I want to ban his ip. but nothing works. I thought of ip
security policies. Can you tell me how can i ban him? his ip is 80.46.168.21


i went to IIS and put on 80.46 with submitt 255.255.0.0 but he still can
come in because port 1100 is open for communication of the chatroom and he is
flooding there.
Please help me

 

[Steve Winograd [MVP]]

Hi Steve,
I read about your comments and i think you may be able to help me.

I have windows server 2003. I have website running. I have a bad user who is
flooding my website. I want to ban his ip. but nothing works. I thought of ip
security policies. Can you tell me how can i ban him? his ip is 80.46.168.21


i went to IIS and put on 80.46 with submitt 255.255.0.0 but he still can
come in because port 1100 is open for communication of the chatroom and he is
flooding there.
Please help me

Hi, Dude. I'm sorry, but I don't know how to do what you want. I
don't have a computer running Windows Server 2003 or IIS.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com