T
Ted Byers
I am crossposting to the networking newsgroups for W2K and XP since this
problem involves networking on both W2K and XP.
In this tiny LAN, there are two machines, one running W2K and XP. They are
connected using a router, which also connects via DSL to the internet, and
this router's DHCP server capability is configured to give the two machines
non-routable IP addresses, as you'd expect. Both machines can connect to
the Internet, and use it, without any problems at all. I can ping the IP of
each from the other. However, in the Network Neighborhood on each, the
other does not appear. Both machines are in the default workgroup called
WORKGROUP. Printer sharing wouod be useful right now, since the one
connected to the W2K machine is presently acting up. However, most
importantly, we need file sharing, but in a way that does not expose our
systems to the Internet.
If part of the problem involves the firewall, turning the firewall off is
NOT an option. I ran into a problem configuring MySQL which turned out to
be caused by the firewall, and the advice universally given was shut down
the firewall. Frankly, this defeats the purpose of having a firewall and
makes systems quite vulnerable. I investigated the settings for the
firewall (Norton's Internet Security suite, in this instance, running on
W2K), and found a way to reconfigure it so that the firewall could stay up
and protect my system while at the same time allow MySQL to work behind the
firewall. If the issue, here, is related to the firewall, tell me how to
reconfigure it so that these two workstations can see each other without
being made vulnerable to hackers attempting to break in from the web.
I have some specific questions and concerns.
1) File and Print sharing is not installed on the W2K machine. If I install
it, can it be restricted to only those non-routable IP addresses issued by
the DHCP server in the router? If so, how? If not, how can I prevent
installing this from making my system vulnerable to the attacks known to
gain access to computers through file and print sharing? (I still have to
check on whether or not this is installed on the XP workstation, but the
rest of the question applies to it too).
2) Netbios is not enabled over TCP/IP on the NIC connected to the router.
If I enable it, can it be restricted to only those non-routable IP addresses
issued by the DHCP server in the router? If so, how? If not, how can I
prevent enabling this from making my system vulnerable to the attacks known
to gain access to computers through Netbios being enabled over TCP/IP? (I
still have to check on whether or not this is enabled on the XP workstation,
but the rest of the question applies to it too).
3) I seem to recall reading something about XP having some firewall
capability being built into it. Is it true that XP has firewall capability?
If so, how should it be configured to facilitate the usual networking needs
on a peer to peer LAN without the machines on the LAN being vulnerable to
attack from the web.
4) As I am doing some web development, I will need IIS and Apache on both
machines (not necessarily active at the same time - but it would be nice if
it is possible) to be visible to the other. I don't know if this will be a
problem or not. But I mention it just in case it has a bearing on how the
two machines and their firewalls are configured.
5) If all goes well, I will be adding a Linux based server, as well as an
OpenBSD gateway (providing an extra layer of firewall protection and
routing, aimed at creating a DMZ and proxy hosting for Apache), and one of
the packages I'd have on that server will need to run scripts and programs
on the Windows clients, so I expect I'd need Samba to be installed
eventually. Therefore, any solution will need to be designed to allow for
this eventuality. It would be good, if at a minimum, someone with
experience with such mixed LANs could comment on how the procedure to make
these machines visible to each other would affect my plans to add a Linux
box and an OpenBSD box to the LAN at some time in the near future.
Cheers,
Ted
problem involves networking on both W2K and XP.
In this tiny LAN, there are two machines, one running W2K and XP. They are
connected using a router, which also connects via DSL to the internet, and
this router's DHCP server capability is configured to give the two machines
non-routable IP addresses, as you'd expect. Both machines can connect to
the Internet, and use it, without any problems at all. I can ping the IP of
each from the other. However, in the Network Neighborhood on each, the
other does not appear. Both machines are in the default workgroup called
WORKGROUP. Printer sharing wouod be useful right now, since the one
connected to the W2K machine is presently acting up. However, most
importantly, we need file sharing, but in a way that does not expose our
systems to the Internet.
If part of the problem involves the firewall, turning the firewall off is
NOT an option. I ran into a problem configuring MySQL which turned out to
be caused by the firewall, and the advice universally given was shut down
the firewall. Frankly, this defeats the purpose of having a firewall and
makes systems quite vulnerable. I investigated the settings for the
firewall (Norton's Internet Security suite, in this instance, running on
W2K), and found a way to reconfigure it so that the firewall could stay up
and protect my system while at the same time allow MySQL to work behind the
firewall. If the issue, here, is related to the firewall, tell me how to
reconfigure it so that these two workstations can see each other without
being made vulnerable to hackers attempting to break in from the web.
I have some specific questions and concerns.
1) File and Print sharing is not installed on the W2K machine. If I install
it, can it be restricted to only those non-routable IP addresses issued by
the DHCP server in the router? If so, how? If not, how can I prevent
installing this from making my system vulnerable to the attacks known to
gain access to computers through file and print sharing? (I still have to
check on whether or not this is installed on the XP workstation, but the
rest of the question applies to it too).
2) Netbios is not enabled over TCP/IP on the NIC connected to the router.
If I enable it, can it be restricted to only those non-routable IP addresses
issued by the DHCP server in the router? If so, how? If not, how can I
prevent enabling this from making my system vulnerable to the attacks known
to gain access to computers through Netbios being enabled over TCP/IP? (I
still have to check on whether or not this is enabled on the XP workstation,
but the rest of the question applies to it too).
3) I seem to recall reading something about XP having some firewall
capability being built into it. Is it true that XP has firewall capability?
If so, how should it be configured to facilitate the usual networking needs
on a peer to peer LAN without the machines on the LAN being vulnerable to
attack from the web.
4) As I am doing some web development, I will need IIS and Apache on both
machines (not necessarily active at the same time - but it would be nice if
it is possible) to be visible to the other. I don't know if this will be a
problem or not. But I mention it just in case it has a bearing on how the
two machines and their firewalls are configured.
5) If all goes well, I will be adding a Linux based server, as well as an
OpenBSD gateway (providing an extra layer of firewall protection and
routing, aimed at creating a DMZ and proxy hosting for Apache), and one of
the packages I'd have on that server will need to run scripts and programs
on the Windows clients, so I expect I'd need Samba to be installed
eventually. Therefore, any solution will need to be designed to allow for
this eventuality. It would be good, if at a minimum, someone with
experience with such mixed LANs could comment on how the procedure to make
these machines visible to each other would affect my plans to add a Linux
box and an OpenBSD box to the LAN at some time in the near future.
Cheers,
Ted