XP Firewall and Home Network

[Jeff Lloyd]

When I enable the XP firewall, I cannot access any of my computers on my
home network via the Windows Explorer. I have configured PCAnywhere as per
the instructions, but there doesn't seem to be a simple tutorial to explain
how to regain access to the computers on your internal network. I have
specific IP numbers for each, but what ports should be used on an internal
network? Is this procedure the same as if you were setting up access for a
program, such as PCAnywhere?

Thank you for any pointers.

 

[Lanwench [MVP - Exchange]]

My advice - if you have a network, don't rely on ICF or software firewalls.
Buy a cheap and cheerful firewall router appliance to protect your entire
network at the perimeter. You should then be able to do port forwarding in
the router to open up what you need.

 

[Jeff Lloyd]

I am behind such a router, or NAT device. I was looking for extra
protection, I guess. I figured out how to open the ports for printer and
file sharing, but when I try to browse the "MSHOME" network, ICF won't let
me.

Am I getting into overkill by wanting to enable ICF behind a router?

"Lanwench [MVP - Exchange]"

 

[newtechie]

Disable ICF.

I am behind such a router, or NAT device. I was looking for extra
protection, I guess. I figured out how to open the ports for printer and
file sharing, but when I try to browse the "MSHOME" network, ICF won't let
me.

Am I getting into overkill by wanting to enable ICF behind a router?

"Lanwench [MVP - Exchange]"

My advice - if you have a network, don't rely on ICF or software firewalls.
Buy a cheap and cheerful firewall router appliance to protect your entire
network at the perimeter. You should then be able to do port forwarding in
the router to open up what you need.

 

[Bruce Chambers]

Greetings --

WinXP's built-in firewall is _not_ designed to be used on internal
LAN connections. The only connection on which you should have ICF
enabled is the connection to the Internet.

Description of the Windows XP Internet Connection Firewall
http://support.microsoft.com/default.aspx?scid=kb;en-us;320855

Internet Firewalls Can Prevent Browsing and File Sharing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298804


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Bruce Chambers]

Greetings --

If your switch/router has NAT capability, you're already as safe
as WinXP's built-in firewall could make you. You'll not derive any
additional benefit from using the built-in firewall.

WinXP's built-in firewall is fine at stopping incoming attacks, and
hiding your ports from probes. It doesn't give you any alarms to tell
you that it is working, though. What WinXP's firewall also does not
do, is protect you from any Trojans or spyware that you might download
and install inadvertently. It doesn't monitor out-going traffic at
all, much less block (or at least ask you about) the bad or the
questionable out-going packets. It "assumes" that any applications
sending out-going data are doing what _you_ want them to do.

ZoneAlarm, Kerio, or Sygate are all much better, and are much more
easily configured, and there are a free versions of each readily
available. Even Symantec's Norton Personal Firewall is superior,
although it does take a heavier toll of performance then do ZoneAlarm,
Kerio, or Sygate.

Even good hardware firewalls (and NAT-capable routers) do nothing
to protect the user from him/herself. Again -- and I _cannot_
emphasize this enough -- almost all spyware and many Trojans and worms
are downloaded and installed deliberately (albeit unknowingly) by the
user. So a software firewall, such as Sygate or ZoneAlarm, that can
detect and warn the user of unauthorized out-going traffic is an
important element of protecting one's privacy and security. Most
antivirus applications do not scan for or protect you from
adware/spyware, because, after all, you've installed them yourself, so
you must want them there, right?

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach.


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Aaron Epstein]

I can't answer all of your question, but I do know that if XP's
firewall is engaged (turned on), I can't print on a network printer.
Aaron

 

[Jeff Lloyd]

Bruce - thanks very much for your comments.

Greetings --

WinXP's built-in firewall is _not_ designed to be used on internal
LAN connections. The only connection on which you should have ICF
enabled is the connection to the Internet.

Description of the Windows XP Internet Connection Firewall
http://support.microsoft.com/default.aspx?scid=kb;en-us;320855

Internet Firewalls Can Prevent Browsing and File Sharing
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298804


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Bruce Chambers]

Greetings --

You're welcome.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Paul Russell]

The extra protection costs you more pain (e.g. broken file sharing ..etc).

I am behind such a router, or NAT device. I was looking for extra
protection, I guess. I figured out how to open the ports for printer and
file sharing, but when I try to browse the "MSHOME" network, ICF won't let
me.

Am I getting into overkill by wanting to enable ICF behind a router?

"Lanwench [MVP - Exchange]"

My advice - if you have a network, don't rely on ICF or software firewalls.
Buy a cheap and cheerful firewall router appliance to protect your entire
network at the perimeter. You should then be able to do port forwarding in
the router to open up what you need.