Windows XP SP2 and zero subnet routing.

[Guest]

I have a small PIX Firewall (PIX-501), which I use to play around with. I
have setup the PIX with an internal IP address of 10.0.0.1/16 (255.255.0.0),
which is obviously setup on the "zero subnet". My Windows XP computer (Home
Edition) was setup with an IP address of 10.0.0.2, def. gw. 10.0.0.1.
Everything was working fine until I installed SP2 on it. After doing that, I
was not even able to get to the PIX Firewall at all! I went ahead and changed
the IP addresses of both devices (Firewall and computer) to 10.1.0.1 and
10.1.0.2, respectively, so they don't belong to the "zero subnet", and
everything went back to normal.

So, this is obviously a problem that Windows XP SP2 has routing to a "zero
subnet". I tried other Windows machines (98, 2003 Server, XP SP1-downgraded
mine-), and they all worked perfectly if I would set their IPs on the zero
subnet. All of them but the one with XP SP2!!! :0(

I was wondering if any of you have heard about this kind of problem, and if
so, how to resolve it!

Thanks,

Federico.

 

[Ron Lowe]

I have a small PIX Firewall (PIX-501), which I use to play around with. I
have setup the PIX with an internal IP address of 10.0.0.1/16
(255.255.0.0),
which is obviously setup on the "zero subnet". My Windows XP computer
(Home
Edition) was setup with an IP address of 10.0.0.2, def. gw. 10.0.0.1.
Everything was working fine until I installed SP2 on it. After doing that,
I
was not even able to get to the PIX Firewall at all! I went ahead and
changed
the IP addresses of both devices (Firewall and computer) to 10.1.0.1 and
10.1.0.2, respectively, so they don't belong to the "zero subnet", and
everything went back to normal.

So, this is obviously a problem that Windows XP SP2 has routing to a "zero
subnet". I tried other Windows machines (98, 2003 Server, XP
SP1-downgraded
mine-), and they all worked perfectly if I would set their IPs on the zero
subnet. All of them but the one with XP SP2!!! :0(

I was wondering if any of you have heard about this kind of problem, and
if
so, how to resolve it!

Thanks,

Federico.

I'm afraid it works OK here.
Here's a screen-dump of me on an XP-home SP2 machine
which I set up with a static IP address of 10.0.0.2, subnet mask
255.255.0.0.
I'm pinging another machine on 10.0.0.1:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Ron>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.0.0.1

C:\Documents and Settings\Ron>ping 10.0.0.1

Pinging 10.0.0.1 with 32 bytes of data:

Reply from 10.0.0.1: bytes=32 time=24ms TTL=128
Reply from 10.0.0.1: bytes=32 time=9ms TTL=128
Reply from 10.0.0.1: bytes=32 time=9ms TTL=128
Reply from 10.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 24ms, Average = 11ms

C:\Documents and Settings\Ron>

So there's no problem routing the zero subnet.
It's something else.

 

[Haggis]

I have a small PIX Firewall (PIX-501), which I use to play around with. I
have setup the PIX with an internal IP address of 10.0.0.1/16
(255.255.0.0),
which is obviously setup on the "zero subnet". My Windows XP computer
(Home
Edition) was setup with an IP address of 10.0.0.2, def. gw. 10.0.0.1.
Everything was working fine until I installed SP2 on it. After doing
that, I
was not even able to get to the PIX Firewall at all! I went ahead and
changed
the IP addresses of both devices (Firewall and computer) to 10.1.0.1 and
10.1.0.2, respectively, so they don't belong to the "zero subnet", and
everything went back to normal.

So, this is obviously a problem that Windows XP SP2 has routing to a
"zero
subnet". I tried other Windows machines (98, 2003 Server, XP
SP1-downgraded
mine-), and they all worked perfectly if I would set their IPs on the
zero
subnet. All of them but the one with XP SP2!!! :0(

I was wondering if any of you have heard about this kind of problem, and
if
so, how to resolve it!

Thanks,

Federico.

I'm afraid it works OK here.
Here's a screen-dump of me on an XP-home SP2 machine
which I set up with a static IP address of 10.0.0.2, subnet mask
255.255.0.0.
I'm pinging another machine on 10.0.0.1:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Ron>ipconfig

Windows IP Configuration


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 10.0.0.1

C:\Documents and Settings\Ron>ping 10.0.0.1

Pinging 10.0.0.1 with 32 bytes of data:

Reply from 10.0.0.1: bytes=32 time=24ms TTL=128
Reply from 10.0.0.1: bytes=32 time=9ms TTL=128
Reply from 10.0.0.1: bytes=32 time=9ms TTL=128
Reply from 10.0.0.1: bytes=32 time=4ms TTL=128

Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 24ms, Average = 11ms

C:\Documents and Settings\Ron>

So there's no problem routing the zero subnet.
It's something else.

turn off XP's internal firewall

 

[Ron Lowe]

turn off XP's internal firewall

Definately worth a try.

The firewall *should* not prevent you pinging out from the firewalled PC.
It will permit replies to outbound traffic.

Of course, the firewall could be broken.
[/QUOTE][/QUOTE]

 

[Guest]

Hey guys!

Thanks for the replies... Here is the strange thing: I do know that the
internal firewall was turned off and the other firewall was not broken. With
Windows XP SP2, another network (i.e., 10.1.0.0/16), no changes at all but
the IP address, I could ping both ways! Changed the other firewall IP back to
10.0.0.0/16 network, using another machine, different OS, it works! So, it is
not the other firewall :0(... The only way it does not work is if the machine
has XP SP2! Ran sniffer on the other firewall (computer directly attached to
it), and don't see a single packet coming out of my machine!

Of course, I am not running XP SP2 anymore, I just wanted to see if anyone
had seen anything similar.

Thanks again! ~federico.

Definately worth a try.

The firewall *should* not prevent you pinging out from the firewalled PC.
It will permit replies to outbound traffic.

Of course, the firewall could be broken.

[/QUOTE]
[/QUOTE]