how to configure windows firewall?

[alebastr]

Windows XP, Home ed, SP2. Small LAN, 4 PCs. There are also few other LANs
connected to same router(ISP). We need isolate our LAN from oustside
connections, include this another LANs. Windows firewall is enabled, I
configured all firewalls for 'Custom List' IP addresses:
'File and Printer Sharing' > Edit > [TCP139,TCP445,UDP137,UDP138] > Change
scope > set in 'Custom list' window local IP of our pcs, like this:
192.168.0.22,192.168.0.23,etc

After a some time I found, that someone still can print documents in our
printer from outside LAN! Also, I tried to exclude one local IP of our
computers from 'Custom list' window, for experiment, and still can
print/share from computer that nevertheless I still could print from the PC
which has no permissible IP number.
I found also, that system change IP addresses i have set in 'Custom list'
window from 192.168.0.22 to 192.168.0.22/255.255.255.255 Why?

 

[Leythos]

Windows XP, Home ed, SP2. Small LAN, 4 PCs. There are also few other LANs
connected to same router(ISP). We need isolate our LAN from oustside
connections, include this another LANs. Windows firewall is enabled, I
configured all firewalls for 'Custom List' IP addresses:
'File and Printer Sharing' > Edit > [TCP139,TCP445,UDP137,UDP138] > Change
scope > set in 'Custom list' window local IP of our pcs, like this:
192.168.0.22,192.168.0.23,etc

After a some time I found, that someone still can print documents in our
printer from outside LAN! Also, I tried to exclude one local IP of our
computers from 'Custom list' window, for experiment, and still can
print/share from computer that nevertheless I still could print from the PC
which has no permissible IP number.
I found also, that system change IP addresses i have set in 'Custom list'
window from 192.168.0.22 to 192.168.0.22/255.255.255.255 Why?

If your connection is via DSL or Cable then get a Cable/DSL Router with
NAT and you're all set. They run about $50 most places.

 

[alebastr]

Windows XP, Home ed, SP2. Small LAN, 4 PCs. There are also few other LANs
connected to same router(ISP). We need isolate our LAN from oustside
connections, include this another LANs. Windows firewall is enabled, I
configured all firewalls for 'Custom List' IP addresses:
'File and Printer Sharing' > Edit > [TCP139,TCP445,UDP137,UDP138] >
Change
scope > set in 'Custom list' window local IP of our pcs, like this:
192.168.0.22,192.168.0.23,etc

After a some time I found, that someone still can print documents in our
printer from outside LAN! Also, I tried to exclude one local IP of our
computers from 'Custom list' window, for experiment, and still can
print/share from computer that nevertheless I still could print from the
PC
which has no permissible IP number.
I found also, that system change IP addresses i have set in 'Custom list'
window from 192.168.0.22 to 192.168.0.22/255.255.255.255 Why?

If your connection is via DSL or Cable then get a Cable/DSL Router with
NAT and you're all set. They run about $50 most places.

--------------------
Yes, broadband router will be best solution. Nevertheless, I would
understand why my approach not work and where is error.(it seems to me, that
I did all according to microsoft instructions)

Alebastr

 

[Leythos]

Windows XP, Home ed, SP2. Small LAN, 4 PCs. There are also few other LANs
connected to same router(ISP). We need isolate our LAN from oustside
connections, include this another LANs. Windows firewall is enabled, I
configured all firewalls for 'Custom List' IP addresses:
'File and Printer Sharing' > Edit > [TCP139,TCP445,UDP137,UDP138] >
Change
scope > set in 'Custom list' window local IP of our pcs, like this:
192.168.0.22,192.168.0.23,etc

After a some time I found, that someone still can print documents in our
printer from outside LAN! Also, I tried to exclude one local IP of our
computers from 'Custom list' window, for experiment, and still can
print/share from computer that nevertheless I still could print from the
PC
which has no permissible IP number.
I found also, that system change IP addresses i have set in 'Custom list'
window from 192.168.0.22 to 192.168.0.22/255.255.255.255 Why?

If your connection is via DSL or Cable then get a Cable/DSL Router with
NAT and you're all set. They run about $50 most places.

I can't really tell you why the MS Firewall didn't work for you, it's the
first thing I disable in services on any machine we install.

the 192.168.0.22/255.255.255.255 means it's only looking at the .22 IP
address, the MASK of 255.255.255.255 means it won't look at anything else
in the network. If you want it to see 192.168.0.0 through 192.168.0.255
then you need to change the mask to 255.255.255.0

You are are 100% better off using a router that does NAT than relying on
the Windows Firewall product.

 

[alebastr]

On Thu, 17 Feb 2005 14:22:44 +0200, alebastr wrote:

Windows XP, Home ed, SP2. Small LAN, 4 PCs. There are also few other
LANs
connected to same router(ISP). We need isolate our LAN from oustside
connections, include this another LANs. Windows firewall is enabled, I
configured all firewalls for 'Custom List' IP addresses:
'File and Printer Sharing' > Edit > [TCP139,TCP445,UDP137,UDP138] >
Change
scope > set in 'Custom list' window local IP of our pcs, like this:
192.168.0.22,192.168.0.23,etc

After a some time I found, that someone still can print documents in
our
printer from outside LAN! Also, I tried to exclude one local IP of our
computers from 'Custom list' window, for experiment, and still can
print/share from computer that nevertheless I still could print from
the
PC
which has no permissible IP number.
I found also, that system change IP addresses i have set in 'Custom
list'
window from 192.168.0.22 to 192.168.0.22/255.255.255.255 Why?

If your connection is via DSL or Cable then get a Cable/DSL Router with
NAT and you're all set. They run about $50 most places.

--------------------
Yes, broadband router will be best solution. Nevertheless, I would
understand why my approach not work and where is error.(it seems to me,
that
I did all according to microsoft instructions)

I can't really tell you why the MS Firewall didn't work for you, it's the
first thing I disable in services on any machine we install.

the 192.168.0.22/255.255.255.255 means it's only looking at the .22 IP
address, the MASK of 255.255.255.255 means it won't look at anything else
in the network. If you want it to see 192.168.0.0 through 192.168.0.255
then you need to change the mask to 255.255.255.0

You are are 100% better off using a router that does NAT than relying on
the Windows Firewall product.

----------------------

Just out of topic: does someone know inexpensive broadband router model, 1 x
4 LAN +1 printer port (*parallel*) that can *stable work* with printer(HP
LaserJet 6L)

thanks

 

[Leythos]

On Thu, 17 Feb 2005 17:33:19 +0200, alebastr wrote:
[snip]

Just out of topic: does someone know inexpensive broadband router model, 1 x
4 LAN +1 printer port (*parallel*) that can *stable work* with printer(HP
LaserJet 6L)

Don't buy a device like that, you'll be sorry later. Get the router and
then purchase a print server separately.

 

[Ken Blake]

In

On Thu, 17 Feb 2005 17:33:19 +0200, alebastr wrote:
[snip]

Just out of topic: does someone know inexpensive broadband
router
model, 1 x 4 LAN +1 printer port (*parallel*) that can *stable
work*
with printer(HP LaserJet 6L)

Don't buy a device like that, you'll be sorry later. Get the
router
and then purchase a print server separately.

I know nothing about such devices, and have no opinion, but I'm
curious as to why you recommend against them.

 

[Leythos]

In

On Thu, 17 Feb 2005 17:33:19 +0200, alebastr wrote:
[snip]

Just out of topic: does someone know inexpensive broadband
router
model, 1 x 4 LAN +1 printer port (*parallel*) that can *stable
work*
with printer(HP LaserJet 6L)

Don't buy a device like that, you'll be sorry later. Get the
router
and then purchase a print server separately.

I know nothing about such devices, and have no opinion, but I'm
curious as to why you recommend against them.

Because time and time again I've seen many ALL-IN-ONE solutions where a
single part of the system has failed and that means replacing the entire
unit to fix the one problem. In addition, if they want to upgrade any part
they have to get rid of the unit (or grandfather it). A router with print
server is going to cost more than a router and a printer server in most
cases.

I've owned about 20 print servers in the past 7 years, and more than 100
routers in the last 5 years (clients) and never had a router go bad, but
I've had more than 10 of the print servers die.

 

[Ken Blake]

In

In

On Thu, 17 Feb 2005 17:33:19 +0200, alebastr wrote:
[snip]

Just out of topic: does someone know inexpensive broadband
router
model, 1 x 4 LAN +1 printer port (*parallel*) that can
*stable
work*
with printer(HP LaserJet 6L)

Don't buy a device like that, you'll be sorry later. Get the
router
and then purchase a print server separately.

I know nothing about such devices, and have no opinion, but
I'm
curious as to why you recommend against them.

Because time and time again I've seen many ALL-IN-ONE solutions
where
a single part of the system has failed and that means replacing
the
entire unit to fix the one problem.

OK, understood. Yes, that's a good argument against any
multi-purpose device. I thought that you have might have also
meant something more specific to this particular kind of device.

 

[Leythos]

In Leythos

In Leythos
<[email protected]> typed:

On Thu, 17 Feb 2005 17:33:19 +0200, alebastr wrote: [snip]

Just out of topic: does someone know inexpensive broadband router
model, 1 x 4 LAN +1 printer port (*parallel*) that can *stable
work* with printer(HP LaserJet 6L)

Don't buy a device like that, you'll be sorry later. Get the router
and then purchase a print server separately.


I know nothing about such devices, and have no opinion, but I'm
curious as to why you recommend against them.

Because time and time again I've seen many ALL-IN-ONE solutions where
a single part of the system has failed and that means replacing the
entire unit to fix the one problem.

OK, understood. Yes, that's a good argument against any multi-purpose
device. I thought that you have might have also meant something more
specific to this particular kind of device.

Yea, it was directed at the router/print server type device, not any
particular vendors model, just the idea of putting all the eggs in a
single device.

One thing I've noticed is that some of the stand-alone print servers don't
handle large files well - the USB ones tend to cause problems with 60+MB
files or larger - the parallel ones don't seem to have that type of
problem.

If we use HP branded print servers with USB or Parallel we don't see any
problems with any size file, but the cheap D-Link USB print servers have
never worked well with large files being sent to the printers (large 4
color images).