Link to home
Start Free TrialLog in
Avatar of nascar_3
nascar_3

asked on

XP firewall "switch"

I've got an XP computer networked to the kid's Win98 PC, and after a long troubleshooting period, I found that XP's built in firewall was preventing file sharing between the 2 computers.

It's just occaisionally that I NEED to have file sharing turned on. So I just keep the XP firewall ON for internet protection, and when I need to access the Win98 PC, I do the RIGHTCLICK > MY NETWORK PLACES > PROPERTIES > RIGHTCLICK > LOCAL AREA CONNECTION > PROPERTIES > ADVANCED > UNCHECK INTERNET CONNECTION FIREWALL.

This allows me full access to the Win98 PC, I do my business, and then go through the whole deal again to turn the firewall back ON.

Is there any way possible to set up a couple of Icons, One to disable the firewall, and one to enable it back on again to avoid all that RIGHTCLICK stuff ??

Or better yet, anyone found a way to do filesharing with the firewall in place, so I don't even have to think about it? (I'll double the points to 200 for this solution)
Avatar of ITsheresomewhere
ITsheresomewhere

How is your network setup?

Internet connection via?

What cables to what?

Is ICS involved on either or both of the computers?

Need to develop a mental diagram of layout before I
can respond with possible solution.

Is this XP Home  or XP Pro

ITsy
Avatar of nascar_3

ASKER

Ok,

cable modem to the internet, hooked to a D-Link Residential Gateway Router. The router hooks to the uplink port of a Bay Networks Hub. Each PC ties to the Hub.

I don't think ICS is involved, the D-Link gets an IP from the cable company, and then it assigns IP address to the PCs. PCs can access internet even if the other machine is turned OFF, so I'm sure ICS isn't a factor.

I've just made sure the workgroup names are the same, and shared the entire drive on the Win 98 computer, so I can look at it from the XP machine (XP Home edition BTW). I can ALWAYS see the Win98 machine listed on the network from the XP with the firewall ON or OFF, but I can't access the C: at all unless I turn the firewall OFF. Then I see everything right away.

Let me know if you need any other info.
Avatar of SysExpert
Well, you could use a tool to automate it.
Some freebies
are

WSH, Perl, Kixtart, and for a GUI interface scripter use
http://www.zdnet.com/downloads/stories/info/0,,77503,.html

Check cnet, zdnet for a dozen others that can automate this, or use a tool to compare the registry, and see if you can do it through a batch file registry change using reg or similar.

From: dbrunton   Date: 04/09/2001 02:58AM PST
  Yes, it is possible.  Do a search for WinCmd which is a script  language for Windows from Ziff Davis.

   Here is an example script.

                      "rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,@0,2"
                      delay (2000)
                      sendkeys ("{tab}")
                      delay (2000)
                      sendkeys ("%p")
                      sendkeys ("%s")
                      sendkeys ("%h")
                      sendkeys ("192.168.1.1")
                      sendkeys ("{tab}")
                      sendkeys (80)
                      sendkeys ("%c")
                      sendkeys ("192.168.1.1")
                      sendkeys ("{tab}")
                      sendkeys (80)
                      sendkeys ("{enter}")
                      sendkeys ("%a")
                      sendkeys ("{enter}")

                      Note that in this script where there is a delay indicated tht the CTRL key had to be held down to make
                      the script language work.  This script was called from a batch file.

                      wincmd inet.wcm
                      exit
-----------------

I hope this helps !
ok 2 last questions  

In your opinion what value is being provided by the use of the XP firewall.  In other words, why do you like or want to use it.  This is merely subjective so your answer need reflect your own opinion.

What is the model of the DLink unit.

The basic answer at this point to your question of icons, or automating the process is not without some extremely difficult hoop jumping, and even then could be questionable.

The last two answer should complete the picture and bring the final solution into clear focus.

ITsy
 
Agree with the "why use xp's firewall" I use zonealarm, better and more configurable
www.zonealarm.com
use it and disable xp's firewall
Oh yeah, it's free
ITsheresomewhere -

 Well I basically just want to ensure protection from the internet. With the cable modem, and my PC running for long periods of time, obviously I want to prevent outside intrusion.

The D-Link model is a DI704-P, brand spanking new. I understand this has a built in firewall, but not certain how good it is. I guess I just felt better with the XP one turned on also. If you think the D-Link provides adequate protection, Then I guess I wouldn't care if XP's firewall was OFF.


stevenlewis -

I had faithfully used Zonealarm with my Win98 PC, and installed it on my new XP machine also. But while I was trying to figure why I couldn't file-share, I asked about that problem here, and you pointed me to the article:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q316414

which specifically states that zonealarm has problems providing connectivity with XP networking. I uninstalled zonealarm and file sharing immediately started working.

I never went to Zonealarm's site, as suggested by Microsft's article, but maybe they have updated or patched it for XP by now. I'll go have a look.
Nascar 3  thanks for responding to all my questions and thanks for reminding me earlier, via your ID name, that I needed to tune into the Monster Mile.  Another fine day racin. And Rudd just can't catch a break.

As to the Windows XP firewall, it continues to amaze me, yet not really, how MS is so out of touch with reality, to include something that totally defeats their own key features.  They play up the ease of networking, the ease of internet sharing and then play up a feature that is effectively useless in real world settings.  I was hoping that I had overlooked something somewhere but alas it just isn't to be, while you can punch some holes in the firewall it just isn't worth the trouble.

The inquiry as to how your setup was leading to the built in firewall afforded by the DLink and the use of the NAT setup for your local network.

I continue to be a firm believer in the Zone Alarm product and it was my original intent.  However, I refrained since I was seeing one computer firewalled while the other computer did not seem to be such (no mention of what you were doing on the other machine, which with kids seems like a greater potential for problems).  The Microsoft article is just one of those self protective, self interest pieces that they put up.  It really says "if you can't ping, its not us, its probably Zone Alarm but we won't tell you how to get around it other than call them or remove it"  But that would be too plain, so let the public wonder.

I think your usage would be sufficient with the DLink product properly configured, but still would recommend at least the free Zone Alarm product and I think the few dollars on the PRO model is well spent money, at least for the most "critical" PC.  Sure there is the tuning etc, but really it provides the layer of comfort that you personally want, so why not get it.  It does work with XP and they will tell you how if you run into problems.

So turn off the XP ICF (inconsistent connection function), get the Zone Alarm and enjoy.

P.S.  4 autoswitch ports on the DLink - 2 computers and you have a Hub in there?  I must be missing something in the physical layout, doesn't seem necessary.

Hope that helped.  

ITsy

 
ITsheresomewhere -

Thanks, I guess I'll take another look at Zonealarm. I only need protection on my PC, since the kids' PC is "expendable", and contains nothing relevant. They only use it for playing CDs' and downloading MP3s from the net. There is nothing on it worth getting into otherwise.

I just abandon Zonealarm because after reading the article suggested by stevenlewis, I uninstalled it and it made a big difference. The funny thing is, that I had already DISABLED it, from the startup in MSCONFIG. So while I was having trouble, Zonealarm was not running at all, but it was still installed. After reading the article, I said "what the heck" and did an uninstall. That was the only thing I found worked to get file-sharing functional. So I said "never mind then, I'll use XP's firewall".

As for the Hub, yes, it seems like it would not be necessary, but I ran into a different problem there. It seems the routers don't like loooong cable runs (?) The Kids PC has a cable run of at least 75 feet. If I plug directly to the router, the router won't see it on any port. If I plug to the Hub, then the hub to the router, it sees it just fine. This is the case also on my sister's home network. Exactly the same setup as mine, but they have a Linksys router. The kid's PC is probably 60-70 feet away, running XP. If plugged to the Linksys, XP says "network cable unplugged". If hooked to a hub near the router, connection is just fine.

Also, in both situations, the "Main" PC's which sit next to the router at both houses, will work fine plugged to the hub -or- directly to the router with a 6' cable. since all PC cables have been set up as straight patch cables, both the 6' and 70+' cables, it doesn't seem to be a crossover issue. It seem like the hub provides a signal boost to the longer ones.

Thanks
nascar_3 The problem was you had ZA installed, but disabled. If you have it installed and enabled, it sould be ok
ASKER CERTIFIED SOLUTION
Avatar of ITsheresomewhere
ITsheresomewhere

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
OK-

Just installed Zonealarm again, and after researching and finding the troubleshooting tip that tells me to go to SECURITY >ADVANCED > ADAPTER SUBNETS and select the other PC's adapter, well it worked! I've got everything talking and Zonealarm running.

So I'm happy with everything, except now how should I award the points? stevenlewis jumped right in with a correct answer, but ITsheresomewhere was heading that way.
I offered 200 for this answer, would you guys want to take 100 each?
Yes ZA could make it just a little more apparent or user friendly as the term goes.  Glad to hear your cruisin well.

I would have no problem with the proposed award.

ITsy
nascar_3 That's fine by me also. Teamwork usually gets things done around here :~)
Glad we were able to help
Steve
I'll post a seperate 100 pointer for stevenlewis.

Thanks for the help guys!