Home Network - ZoneAlarm Pro won't allow "Mummy" to connect to Internet thru "Daddy"

paulo · May 31, 2006

Could anyone help me with this please?

Daddy:
WinXP Pro
ZoneAlarm Pro
Wireless connection to Internet
Network Card to connect to "Mummy" (the wife's) PC

Mummy:
WinMe
ZoneAlarm Free
Network Card to connect to "Daddy"

"Mummy" accesses the Internet thru "Daddy" just fine until Zonealarm
Pro is started in "Daddy" - then "Mummy" just keeps waiting for
response or gives "page not found"

ZoneAlarm Pro in "Daddy" shows 2 "zones":

1. name=Wireless, IP=10.10.0.0/255.255.255.0,
Entry Type=network, Zone=Internet

2. name=LAN, IP=192.168.0.0/255.255.255.0,
Entry Type=network, Zone=Trusted

In Daddy's ZoneAlarm Pro:
Internet Zone Security is set HIGH
Trusted Zone Security is set LOW

In Daddy the local connection is defined as:
TCP/IP Protocol :
IP/SM = 192.168.0.1/255.255.255.0

In Mummy the LAN connection is defined as:
TCP/IP Protocol --> Ethernet Adapter :
IP/SM = 192.168.0.2/255.255.255.0

So why does ZoneAlarm say 192.168.0.0 (that's "zero, zero" on the
end)?

As I said, it all works fine WITHOUT ZoneAlarm Pro activated in Daddy.

When ZoneAlarm is activated in Daddy then Mummy can't even surf.

Attempts in Mummy to surf to the "Google" site give an "Alert" in
ZoneAlarm in Daddy with the following characteristics:

Type = Firewall Alert
Protocol = TCP/IP (flags:S)
Source IP = 10.10.0.35:61423
(10.10.0.35 is the IP address used by Daddy for the WAN connection -
although Zonealarm states it in the "Zone" section as 10.10.0.0)
Destination IP = 64.233.161.147:80 (=Google)
Direction = Outgoing
Action Taken = Blocked

The Windows XP Firewall is disactivated in Daddy.

Does anyone have any ideas?
Keep it simple - I'm not very clever

And, english is not my native language :-(
Also, if this is the wrong group to ask this then I would appreciate
being pointed at the right one.

TIA for any help. I'm at a loss here :-(

.... and "Mummy" (the wife) gets upset if "Daddy" (I) puts the
ZoneAlarm Firewall up :-(

Steve Winograd [MVP] · May 31, 2006

Could anyone help me with this please?

Daddy:
WinXP Pro
ZoneAlarm Pro
Wireless connection to Internet
Network Card to connect to "Mummy" (the wife's) PC

Mummy:
WinMe
ZoneAlarm Free
Network Card to connect to "Daddy"

"Mummy" accesses the Internet thru "Daddy" just fine until Zonealarm
Pro is started in "Daddy" - then "Mummy" just keeps waiting for
response or gives "page not found"

ZoneAlarm Pro in "Daddy" shows 2 "zones":

1. name=Wireless, IP=10.10.0.0/255.255.255.0,
Entry Type=network, Zone=Internet

2. name=LAN, IP=192.168.0.0/255.255.255.0,
Entry Type=network, Zone=Trusted

In Daddy's ZoneAlarm Pro:f
Internet Zone Security is set HIGH
Trusted Zone Security is set LOW

In Daddy the local connection is defined as:
TCP/IP Protocol :
IP/SM = 192.168.0.1/255.255.255.0

In Mummy the LAN connection is defined as:
TCP/IP Protocol --> Ethernet Adapter :
IP/SM = 192.168.0.2/255.255.255.0

So why does ZoneAlarm say 192.168.0.0 (that's "zero, zero" on the
end)?

As I said, it all works fine WITHOUT ZoneAlarm Pro activated in Daddy.

When ZoneAlarm is activated in Daddy then Mummy can't even surf.

Attempts in Mummy to surf to the "Google" site give an "Alert" in
ZoneAlarm in Daddy with the following characteristics:

Type = Firewall Alert
Protocol = TCP/IP (flags:S)
Source IP = 10.10.0.35:61423
(10.10.0.35 is the IP address used by Daddy for the WAN connection -
although Zonealarm states it in the "Zone" section as 10.10.0.0)
Destination IP = 64.233.161.147:80 (=Google)
Direction = Outgoing
Action Taken = Blocked

The Windows XP Firewall is disactivated in Daddy.

Does anyone have any ideas?
Keep it simple - I'm not very clever
And, english is not my native language :-(
Also, if this is the wrong group to ask this then I would appreciate
being pointed at the right one.

TIA for any help. I'm at a loss here :-(

... and "Mummy" (the wife) gets upset if "Daddy" (I) puts the
ZoneAlarm Firewall up :-(

This Zone Labs web page should help:

http://www.nohold.net/noHoldCust25/Prod_1/Articles55646/ICS-NAT.html
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com

paulo · May 31, 2006

This Zone Labs web page should help:

http://www.nohold.net/noHoldCust25/Prod_1/Articles55646/ICS-NAT.html

Thanks Steve.

After a "quick" look at the reference that you gave, I tried an
experiment:

I reduced the Internet Zone Security to MEDUIM and the other PC
managed to surf, etc.

Now I have to figure out what exceptions, permissions or whatever I
have to register for the local network in order to be able to yank the
Internet Zone Security back up to HIGH still leaving Mummy "happy"

Back to reading the ZoneAlarm page...

.... now where did I put the dictionary?...

Cheers

paulo · May 31, 2006

Yep! It was easy! Even for an idiot like myself!

In case anyone needs to know in the future:

ZoneAlarm Pro:

Click on "Firewall"
Click on the "Main" tab
Click the "Advanced" button at the bottom of the page
Click the "This computer is an ICS/NAT Gateway" radio button
It should show the local IP address in the box beneath the words
Click "OK"

"Internet Zone" can be maintained at HIGH

)

Done!

Once again, many thanks Steve

Another (probably simple) ICS problem that's driving me nuts!	1	Aug 7, 2005
Networking a USB broadband connection (2)	1	Jul 14, 2007
Home network fails to work without Netbeui	2	Mar 23, 2007
cannot stay connected to internet	3	Jun 13, 2007
Is there something very simple wrong here?	7	May 20, 2004
cisco vpn and XP wireless	1	Apr 11, 2006
Probs with XP Pro Internet connection sharing	1	Oct 8, 2003
Peer Network with Firewall Problem	1	Jul 31, 2003

Home Network - ZoneAlarm Pro won't allow "Mummy" to connect to Internet thru "Daddy"

paulo

Steve Winograd [MVP]

paulo

paulo

Ask a Question

Similar Threads