firewall question

[breaklose]

i got 2 PCs here, one of them is connected to the internet through a RTC connection (56k) and i want the other PC to have access to this connection right, so both PC 'see' each other, i can ping on from the other, i can access and share files and printers, and the client even sees the gateway on the server. but it wouldnt connect to the internet. i got those small icons next to the clock on the client PC saying im connected to the local network and to the gateway, but i cant use it.

i suspect the firewalls are causing the trouble - the server has zone alarm set up on it, and the client has norton firewall 2003. i tried everything possible, allowing access to each other and that, but i cant seem to find the right thing to do. any idea?

 

[Bambi]

what OS are they??

 

[StevenK]

wait till you get dsl back mehdi,
the dsl router/modem will act as a firewall, so disable the firewall on your windows machine. to be sure to be sure and be safe, go to windowsupdate.microsoft.com on both machines and update them fully, if they are updated nothing bad can happen. this is only to make you feel secure and safe, the router will be enough protection for anything that can exploit your machine.
youre only gonna be off dsl for another week, why bother sharing the 56k connection when the modem/router will do it all for you very easily in a weeks time?

 

[Morpheus]

yes Stevo is right, the router is well enough safety. And if you share a 56k modem browsing the web won't be much fun anyway.

 

[StevenK]

wow im smart!
i dont even remember turnin on the computer last night

 

[Bambi]

whooaaa there sailor, who said a a dsl modem or router is gauranteed to be firewalled?? I know my dsl modem isnt. the router might have specific ports blocked on it but you'd wanna be certain it does. Either way, if they're both windows xp run the workgroup set up wizard on both pcs while all your connections are enabled and it should sort it out.

 

[Lord_Of_This_World]

open up zone alarm and go to options i cant remember where exatcly but you should be able to configer it there.it stops you doing certain things even though its not running.its a pain in the arse.

 

[StevenK]

stupid firewalls, i dont have a/v or a firewall and i never get any hassle, keep your machine up to date is the easiest way to protect it

 

[LostLenore]

wait till you get dsl back mehdi,
the dsl router/modem will act as a firewall, so disable the firewall on your windows machine.

No way josé. An dsl router only does NAT and has some access rules but is far from safe!

Can you see what's happening in the firewall logs? What's being blocked?

 

[StevenK]

yeah of course i can see whats happening, the only port forwarding i have is from 60000-61000 and port 22 to another machine. the logs are funny, so much shit trying to ping, snmp sweep, attacks on ports 135, 139 and 445, people tryin to connect to 3389 ( terminal server )
well whatever way i have my routers setup i never have any problems whatsoever, the only problem i ever have is with something like bit-torrent not being able to run properly but thats just a matter of adding a forwarding rule

 

[LostLenore]

yeah of course i can see whats happening, the only port forwarding i have is from 60000-61000 and port 22 to another machine. the logs are funny, so much shit trying to ping, snmp sweep, attacks on ports 135, 139 and 445, people tryin to connect to 3389 ( terminal server )
well whatever way i have my routers setup i never have any problems whatsoever, the only problem i ever have is with something like bit-torrent not being able to run properly but thats just a matter of adding a forwarding rule

Sorry, I meant Mehdi's logs.

Nat en so on the router provides a very basic firewall.
(not stateful e.g.)
That "135, 139 and 445, people tryin to connect to 3389" is virusstuff. Been sniffing and cleaning our network for the last few days.
A new variant of the sdbot.worm, not detected yet by Mcafee, Symantec, Housecall, and F-prot. Very amusing


Those things run a batchfile so that your PC does (t)ftp to an external server and downloads the virus. Then it tries to connect to other PCs and spreads (in a nutshell).

So if you have a firewall on your PC itself you can block ftp e.g. because outgoing ftpsession aren't blocked on the router. (nothing outgoing is blocked)

 

[StevenK]

yeah i understand
3389 is just random people searching for terminal servers with shitty passwords

main thing... if you keep your machine up to date, nothing wrong will happen to it,
so folks, go to windowsupdate.microsoft.com and update once a month.
first time you update will be the longest, and only go back every month to see if there is anything new, there more than likely wont be
or buy a mac

 

[Bambi]

windows update is at best reactive to new problems as they happen, if you trust ms to stay one step ahead of the hackers, fair play. I dont. Add to that the random fuckups that MS throw into their autoupdate process and you can see why trusting the update tool isnt always wise.

like lenore said either have some very comprehensive rules on your router or get firewalled. Ideally you want mulitple layers of defence for a pc. having said that ive seen pcs with fuck all protection and a dsl connection survive somehow

Lenore, you wouldnt believe some of the shit weve had happen on our network, XP is the fucking biggest security fuck up MS ever released and we still arent deploying SP2 on it . We've no reliable process to test ms updates so we're relying on our AV and firewall to do what needs to be done to keep us safe

 

[StevenK]

i never understood all the problems other people have with computers because i plain and simple dont get them?!?
i run 3 win2k sp4 machines unpatched behind the router and there's not a bother on any of them.
win xp is the biggest pile of shit EVER, hail 2k!

 

[Maqus]

Jeez, you guys do sound pro

 

[StevenK]

go back to bed you

 

[Maqus]

what for?

 

[breaklose]

i did that wizard thing and each PC can see the other, and the client PC has the gateway set up but whenever i try to use it, it wouldnt work. ive been trying any option i found on both firewalls but i still dont get it.

both PCs are running under windows xp, server under SP 2 (+ zone alarm), and client under SP 1 (norton firewall 2003). i can see the logs from Zone Alarm, it displays the IP of each item, and it never shows the client's IP (192.168.0.2). im really confused.