XP SP2 firewall - configuring per-connection exceptions

T

TonyH

I now have a small network of computers running XP Home
SP2. There is a hardware firewall built into the router
on the cable modem side. By default, the SP2 firewall
excepts File and Printer Sharing between machines on the
local subnet which is fine. However, one of
the machines also has a dial-up connection to the
Internet in case the broadband connection
goes down. I would prefer it if File and Printer Sharing
ports were blocked completely when accessing the Internet
via the dial-up connection.

So far, the only way I've found of doing this is to
remove the File and Print Sharing ports from the
SP2 firewall exception list, disabling the firewall on
each of connections to the router, while leaving the
firewall on for the modem connection, and turning off
firewall monitoring in the SP2 Security Centre.

Is there any other way of achieving this that does not
involve turning off the firewall monitoring?

Tony
 
T

Torgeir Bakken \(MVP\)

TonyH said:
I now have a small network of computers running XP Home
SP2. There is a hardware firewall built into the router
on the cable modem side. By default, the SP2 firewall
excepts File and Printer Sharing between machines on the
local subnet which is fine. However, one of
the machines also has a dial-up connection to the
Internet in case the broadband connection
goes down. I would prefer it if File and Printer Sharing
ports were blocked completely when accessing the Internet
via the dial-up connection.

So far, the only way I've found of doing this is to
remove the File and Print Sharing ports from the
SP2 firewall exception list, disabling the firewall on
each of connections to the router, while leaving the
firewall on for the modem connection, and turning off
firewall monitoring in the SP2 Security Centre.

Is there any other way of achieving this that does not
involve turning off the firewall monitoring?
Hi

If I'm not mistaken, the default scope for the "File and Printer
Sharing" exception is Subnet, meaning "My network (subnet) only".

Please do the following:

Open Control Panel and launch the "Windows Firewall" applet.

Click on the Exception tab, select "File and Printer Sharing"
and then press the Edit button.

If the Scope is "Any" for the ports, press "Change scope..." and set
it to "My network (subnet) only". Do this for all the ports listed.


More about Windows Firewall here:

Description of the Windows Firewall feature in Windows XP
Service Pack 2
http://support.microsoft.com/default.aspx?kbid=843090

Understanding Windows Firewall/Introduction
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?kbid=875357

How to use the Security Alert dialog box in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?kbid=875353
 
T

TonyH

-----Original Message-----

Hi

If I'm not mistaken, the default scope for the "File and Printer
Sharing" exception is Subnet, meaning "My network (subnet) only".

This is true. However presumably this still allows access
to the File and Print Ports from external machines that
share the same
subnet as the local machine when it is connected via the
dialup connection. One possibility is to define a custom
scope to restrict file and printer sharing explictly to
a single local subnet (e.g. 192.168.1.0/255.255.255.0). I
assume
this would exclude file and printer access from all apart
from the machines directly connected to the router and
also allows the firewall to be run and monitored
successfully on all network connections.

Tony
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top