Solved

XP firewall "switch"

Posted on 2002-06-02
15
771 Views
Last Modified: 2010-04-11
I've got an XP computer networked to the kid's Win98 PC, and after a long troubleshooting period, I found that XP's built in firewall was preventing file sharing between the 2 computers.

It's just occaisionally that I NEED to have file sharing turned on. So I just keep the XP firewall ON for internet protection, and when I need to access the Win98 PC, I do the RIGHTCLICK > MY NETWORK PLACES > PROPERTIES > RIGHTCLICK > LOCAL AREA CONNECTION > PROPERTIES > ADVANCED > UNCHECK INTERNET CONNECTION FIREWALL.

This allows me full access to the Win98 PC, I do my business, and then go through the whole deal again to turn the firewall back ON.

Is there any way possible to set up a couple of Icons, One to disable the firewall, and one to enable it back on again to avoid all that RIGHTCLICK stuff ??

Or better yet, anyone found a way to do filesharing with the firewall in place, so I don't even have to think about it? (I'll double the points to 200 for this solution)
0
Comment
Question by:nascar_3
  • 5
  • 5
  • 4
  • +1
15 Comments
 
LVL 3

Expert Comment

by:ITsheresomewhere
ID: 7049777
How is your network setup?

Internet connection via?

What cables to what?

Is ICS involved on either or both of the computers?

Need to develop a mental diagram of layout before I
can respond with possible solution.

Is this XP Home  or XP Pro

ITsy
0
 

Author Comment

by:nascar_3
ID: 7050021
Ok,

cable modem to the internet, hooked to a D-Link Residential Gateway Router. The router hooks to the uplink port of a Bay Networks Hub. Each PC ties to the Hub.

I don't think ICS is involved, the D-Link gets an IP from the cable company, and then it assigns IP address to the PCs. PCs can access internet even if the other machine is turned OFF, so I'm sure ICS isn't a factor.

I've just made sure the workgroup names are the same, and shared the entire drive on the Win 98 computer, so I can look at it from the XP machine (XP Home edition BTW). I can ALWAYS see the Win98 machine listed on the network from the XP with the firewall ON or OFF, but I can't access the C: at all unless I turn the firewall OFF. Then I see everything right away.

Let me know if you need any other info.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 7050039
Well, you could use a tool to automate it.
Some freebies
are

WSH, Perl, Kixtart, and for a GUI interface scripter use
http://www.zdnet.com/downloads/stories/info/0,,77503,.html

Check cnet, zdnet for a dozen others that can automate this, or use a tool to compare the registry, and see if you can do it through a batch file registry change using reg or similar.

From: dbrunton   Date: 04/09/2001 02:58AM PST
  Yes, it is possible.  Do a search for WinCmd which is a script  language for Windows from Ziff Davis.

   Here is an example script.

                      "rundll32.exe shell32.dll,Control_RunDLL inetcpl.cpl,@0,2"
                      delay (2000)
                      sendkeys ("{tab}")
                      delay (2000)
                      sendkeys ("%p")
                      sendkeys ("%s")
                      sendkeys ("%h")
                      sendkeys ("192.168.1.1")
                      sendkeys ("{tab}")
                      sendkeys (80)
                      sendkeys ("%c")
                      sendkeys ("192.168.1.1")
                      sendkeys ("{tab}")
                      sendkeys (80)
                      sendkeys ("{enter}")
                      sendkeys ("%a")
                      sendkeys ("{enter}")

                      Note that in this script where there is a delay indicated tht the CTRL key had to be held down to make
                      the script language work.  This script was called from a batch file.

                      wincmd inet.wcm
                      exit
-----------------

I hope this helps !
0
 
LVL 3

Expert Comment

by:ITsheresomewhere
ID: 7050046
ok 2 last questions  

In your opinion what value is being provided by the use of the XP firewall.  In other words, why do you like or want to use it.  This is merely subjective so your answer need reflect your own opinion.

What is the model of the DLink unit.

The basic answer at this point to your question of icons, or automating the process is not without some extremely difficult hoop jumping, and even then could be questionable.

The last two answer should complete the picture and bring the final solution into clear focus.

ITsy
 
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7050202
Agree with the "why use xp's firewall" I use zonealarm, better and more configurable
www.zonealarm.com
use it and disable xp's firewall
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7050203
Oh yeah, it's free
0
 

Author Comment

by:nascar_3
ID: 7050275
ITsheresomewhere -

 Well I basically just want to ensure protection from the internet. With the cable modem, and my PC running for long periods of time, obviously I want to prevent outside intrusion.

The D-Link model is a DI704-P, brand spanking new. I understand this has a built in firewall, but not certain how good it is. I guess I just felt better with the XP one turned on also. If you think the D-Link provides adequate protection, Then I guess I wouldn't care if XP's firewall was OFF.


stevenlewis -

I had faithfully used Zonealarm with my Win98 PC, and installed it on my new XP machine also. But while I was trying to figure why I couldn't file-share, I asked about that problem here, and you pointed me to the article:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q316414

which specifically states that zonealarm has problems providing connectivity with XP networking. I uninstalled zonealarm and file sharing immediately started working.

I never went to Zonealarm's site, as suggested by Microsft's article, but maybe they have updated or patched it for XP by now. I'll go have a look.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Expert Comment

by:ITsheresomewhere
ID: 7050325
Nascar 3  thanks for responding to all my questions and thanks for reminding me earlier, via your ID name, that I needed to tune into the Monster Mile.  Another fine day racin. And Rudd just can't catch a break.

As to the Windows XP firewall, it continues to amaze me, yet not really, how MS is so out of touch with reality, to include something that totally defeats their own key features.  They play up the ease of networking, the ease of internet sharing and then play up a feature that is effectively useless in real world settings.  I was hoping that I had overlooked something somewhere but alas it just isn't to be, while you can punch some holes in the firewall it just isn't worth the trouble.

The inquiry as to how your setup was leading to the built in firewall afforded by the DLink and the use of the NAT setup for your local network.

I continue to be a firm believer in the Zone Alarm product and it was my original intent.  However, I refrained since I was seeing one computer firewalled while the other computer did not seem to be such (no mention of what you were doing on the other machine, which with kids seems like a greater potential for problems).  The Microsoft article is just one of those self protective, self interest pieces that they put up.  It really says "if you can't ping, its not us, its probably Zone Alarm but we won't tell you how to get around it other than call them or remove it"  But that would be too plain, so let the public wonder.

I think your usage would be sufficient with the DLink product properly configured, but still would recommend at least the free Zone Alarm product and I think the few dollars on the PRO model is well spent money, at least for the most "critical" PC.  Sure there is the tuning etc, but really it provides the layer of comfort that you personally want, so why not get it.  It does work with XP and they will tell you how if you run into problems.

So turn off the XP ICF (inconsistent connection function), get the Zone Alarm and enjoy.

P.S.  4 autoswitch ports on the DLink - 2 computers and you have a Hub in there?  I must be missing something in the physical layout, doesn't seem necessary.

Hope that helped.  

ITsy

 
0
 

Author Comment

by:nascar_3
ID: 7050855
ITsheresomewhere -

Thanks, I guess I'll take another look at Zonealarm. I only need protection on my PC, since the kids' PC is "expendable", and contains nothing relevant. They only use it for playing CDs' and downloading MP3s from the net. There is nothing on it worth getting into otherwise.

I just abandon Zonealarm because after reading the article suggested by stevenlewis, I uninstalled it and it made a big difference. The funny thing is, that I had already DISABLED it, from the startup in MSCONFIG. So while I was having trouble, Zonealarm was not running at all, but it was still installed. After reading the article, I said "what the heck" and did an uninstall. That was the only thing I found worked to get file-sharing functional. So I said "never mind then, I'll use XP's firewall".

As for the Hub, yes, it seems like it would not be necessary, but I ran into a different problem there. It seems the routers don't like loooong cable runs (?) The Kids PC has a cable run of at least 75 feet. If I plug directly to the router, the router won't see it on any port. If I plug to the Hub, then the hub to the router, it sees it just fine. This is the case also on my sister's home network. Exactly the same setup as mine, but they have a Linksys router. The kid's PC is probably 60-70 feet away, running XP. If plugged to the Linksys, XP says "network cable unplugged". If hooked to a hub near the router, connection is just fine.

Also, in both situations, the "Main" PC's which sit next to the router at both houses, will work fine plugged to the hub -or- directly to the router with a 6' cable. since all PC cables have been set up as straight patch cables, both the 6' and 70+' cables, it doesn't seem to be a crossover issue. It seem like the hub provides a signal boost to the longer ones.

Thanks
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7051248
nascar_3 The problem was you had ZA installed, but disabled. If you have it installed and enabled, it sould be ok
0
 
LVL 3

Accepted Solution

by:
ITsheresomewhere earned 100 total points
ID: 7051638
Nascar 3

I can see you've had your share of adventure in gettting things up and running.  Needless to say there are minor issues to work out in almost any network configuration.  And they can become more complicated as each device, i.e., nic,cable,OS,router,protocol,etc is added to the mix. When one portion is not cooperating as it "should" it sometimes takes prior experience or very careful progressive troubleshooting to resolve. Often it requires getting back to a virgin state and building the connection upwards piece by piece.

I understand your logic on ZA and msconfig, have done it myself, and trying to explain why stevenlewis statement is correct gets messy and very long.  Suffice it to say that if you have it on a system controls better be enabled, i.e. running from startup, or it will default to a full block (fireWALL) until it gets further instruction.  Removal of the program in full during basic network setup and testing is the best avenue.

The hub really isn't needed if you just set the port on the DLink to be 10Mbs vs autosensing.  The only part the hub is serving is to elevate that fact to the router. Which technically it is supposed to due but it does.  You could experiment with this if you wanted to, but hey it is working so therefore why fuss.

So how do we summarize this all.

1. Maybe there is an easier control that can be applied to ICF but given all other factors isnt a good course to follow.

2. Eliminate the ICF from the equation as it is very inadequate for this environment.

3. Obtain the latest Zonealarm, free or PRO.  Remove current ZA via Add/Remove programs and install new version.

4. Make minor adjustments to reestablish the full networking activity with ZA providing the "secured/controlled" firewall for the specific computer.

Whew, what long strange trip its been.

ITsy
0
 

Author Comment

by:nascar_3
ID: 7054185
OK-

Just installed Zonealarm again, and after researching and finding the troubleshooting tip that tells me to go to SECURITY >ADVANCED > ADAPTER SUBNETS and select the other PC's adapter, well it worked! I've got everything talking and Zonealarm running.

So I'm happy with everything, except now how should I award the points? stevenlewis jumped right in with a correct answer, but ITsheresomewhere was heading that way.
I offered 200 for this answer, would you guys want to take 100 each?
0
 
LVL 3

Expert Comment

by:ITsheresomewhere
ID: 7054279
Yes ZA could make it just a little more apparent or user friendly as the term goes.  Glad to hear your cruisin well.

I would have no problem with the proposed award.

ITsy
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7054971
nascar_3 That's fine by me also. Teamwork usually gets things done around here :~)
Glad we were able to help
Steve
0
 

Author Comment

by:nascar_3
ID: 7055098
I'll post a seperate 100 pointer for stevenlewis.

Thanks for the help guys!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now