Re: Black Ice and smb

From: Duane Arnold (Darnold@Insightbb.com)
Date: 04/19/02 

From: "Duane Arnold" <Darnold@Insightbb.com>
Date: Thu, 18 Apr 2002 23:54:41 GMT

OK, keeping it simple

1) turn on Internet Connection Sharing with BlackIce on your server.
2) That way you will not get the message from BlackIce.
3) You will be able to do File and Printer sharing with all your computers
behind the router.
4) Since you are behind two firewalls with both your machines, your
machines are protected.
5) If you setup a user-id and password account that is the same on all your
machines, MS OS will not stop you and ask you to logon when you access the
other machine. It is smart enough to know that they are the same for both
machines.

The example I was trying to explain to you with NetMeeting, MAC addresses,
and IP(s) issued by the router using DHCP is that your machines behind the
router don't need trusted UDP.

Do I tell BlackIce on both of my machines about doing trusted UDP on ports
so that they can access each others resources while using NetMeeting -- NO!
All I tell BlackIce is to use Trusted IP(s) of both machines. You don't need
trusted UDP for the machines behind the router for them to access each
other.

The Trusted IP with BlackIce should work for you at all times with the
router using DHCP, because the IP given to a computer by the router is
permanent. If you plug the computer into different ports on the router, it
is going to get the same IP. The IP that was first issued to the computer by
the router. The IP is permanent up and until the point you press the RESET
button on the router. All the info. the router had is wiped out.

Be patient just a little more with me as I want to make sure you understand
this. On a network, the MAC (Media Access Control) address is your
computer's unique hardware number. When you're connected to the Internet
from your computer, a correspondence table relates your IP address to your
computer's physical (MAC) address on the network.

It's seemed to me that you didn't know what MAC meant. If you did know
sorry. Your Internet Service Provider uses your modem or your computer's
network card MAC address to give you an IP so that you can access their
network.

Anyway, with the other things such as MS File and Printer, etc. etc. that I
explained. All you have to tell BlackIce is Trust the IP(s) on the machines
behind the router. And they will have full access to the other machines. No
UDP trusting is required.

This is probably more then you wanted to know, but anyway, I hope it helps.

Duane

"Ziggi" <ziggizag@poczta.onet.pl> wrote in message
news:2f5776b.0204181406.3886d8ad@posting.google.com...
> Hi !
>
> Your last post was quite diffiult for me and I'm not sure how much I
> did understand as I neither work on Mac nor use Internet Meeting...
>
> Anyway - as I may take the very last paragraph as the essential one -
> inedeed the situation is like building a demilitary zone (DMZ) where
> one computer (the web server) is:
>
> 1) behind a router
> 2) maintains NAT for the rest of the network
> 3) must have some of it's files shared through the internal network
> (the website directories I update from my workstation)
> 4) Black Ice is on that server
>
> Again - please - if possible be more explicit :-) What is your advice?
>
> 1) Allow Black Ice internet sharing
> 2) keep the current functionality and accept annoying allerts ?
>
> Thanks !
> Ziggi