Re: Peculiar firewall log entries...need help interpreting..

From: Lars M. Hansen (badnews_at_hansenonline.net)
Date: 01/27/05

• Next message: home_sdp-1_at_yahoo.com: "Norton Internet Security doesnt find correct profile"
• Previous message: Greg Hennessy: "Re: VLANS in a DMZ - good idea?"
• In reply to: intrepid_dw_at_hotmail.com: "Re: Peculiar firewall log entries...need help interpreting.."
• Next in thread: intrepid_dw_at_hotmail.com: "Re: Peculiar firewall log entries...need help interpreting.."
• Reply: intrepid_dw_at_hotmail.com: "Re: Peculiar firewall log entries...need help interpreting.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 27 Jan 2005 16:08:58 -0500

On 27 Jan 2005 06:09:20 -0800, intrepid_dw@hotmail.com spoketh

>Michael:
>
>Thanks for the assist.
>
>I *may* have a lead on this, or at least a start.
>
>It turns out that all of those weird firewall log entries originate
>from the same box - a laptop - running XP Pro. I discovered, quite
>accidentally, that when an XP Pro laptop emerges from hibernation, it
>doesn't always restore its network configuration properly - in
>particular, its routing table. When this laptop was investigated - sure
>enough, its routing table had only the loopback route and the default
>route, and the default route goes through the gateway (wish I could
>remember the KB article!). I had to disable/re-enable the wireless
>network interface connection to get the table reset.
>
>On that basis, I theorized that when the laptop came out of hibernation
>and tried to talk to a peer, it couldn't find a routing for the subnet
>it needed, and tried the default gateway. And the firewall is set up to
>reject inbound packets that appear to originate from a private address
>(so, in that regard, it the firewall worked precisely as it was
>supposed to!).
>
>Apparently, the fix for the above laptop/hibernation problem is SP2,
>and I haven't yet been bold enough to apply that 8-)
>
>What would be your opinion of this theory?
>
>-David
>

Your default gateway should know how to get to any part of your network.
If your firewall is defined as your default gateway and it doesn't do
routing, then perhaps there is a router on your network that knows.
Since there are more than one subnet on your network, then there's got
to be some device somewhere that knows how to route to anywhere.
Configure your computers to use that as your default gateway, and it'll
redirect the clients to the device it needs to talk to.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

---

• Next message: home_sdp-1_at_yahoo.com: "Norton Internet Security doesnt find correct profile"
• Previous message: Greg Hennessy: "Re: VLANS in a DMZ - good idea?"
• In reply to: intrepid_dw_at_hotmail.com: "Re: Peculiar firewall log entries...need help interpreting.."
• Next in thread: intrepid_dw_at_hotmail.com: "Re: Peculiar firewall log entries...need help interpreting.."
• Reply: intrepid_dw_at_hotmail.com: "Re: Peculiar firewall log entries...need help interpreting.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: New Printer problem--Help please! ... I was able to successfully turn off all firewalls on the laptop, and I believe I also was successful with turning off all firewalls, virus protection, etc on the desktop. ... I have re-set up the network using the home network wizard. ... Following the suggestion I found elsewhere, I set up the network "wrong" (chose incorrect connection method), then set it up again "right". ... the presence of the Symantec VPN driver raises the possibility that the laptop has a Symantec firewall installed. ... (microsoft.public.windowsxp.print_fax) Re: Printer sharing ... Then I have a laptop which connects wirelessly to the router. ... Problems sharing files between computers on a network are generally caused by 1) a misconfigured firewall; or 2) inadvertently running two firewalls such as the built-in Windows Firewall and a third-party firewall; and/or 3) not having identical user accounts and passwords on all Workgroup machines; 4) trying to create shares where the operating system does not permit it. ... If you need Pro's ability to set fine-grained permissions, turn off Simple File Sharing and create identical user accounts/passwords on all computers. ... (microsoft.public.windowsxp.general) Re: simple solution! ... >To filter network access, use a software or hardware ... Sygate is a software firewall that will let you ... laptop a static IP ... (microsoft.public.security) Re: File sharing - why is it so difficult? ... I am having the same file sharing symptoms as lots of other people though the usual solution of switching off firewalls, enabling Netbios or starting programmes sevices folder. ... I also have a laptop also running windows XP but running the free AVG anti-virus software. ... The strange thing is the laptop can ping the PC once the firewall has been turned off but it can't access any files through windows. ... They are both part of the same workgroup and if you view that workgroup in network places on the PC you can see the laptop and on the laptop you can only see the laptop. ... (microsoft.public.windowsxp.network_web) Re: Possible case of ip forwarding ... I have a desktop running windows and a laptop running FC6. ... Laptop is able to access internet without any issues. ... I changed my desktop's default default gateway to be my ... Laptop's gateway is the default gateway of the network. ... (Fedora)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)