Re: Newbie Home Network/ADSL Router query.

From: Stephen P. (stephen_at_nospamtla-net.demon.co.uk)
Date: 07/13/05 

Date: Wed, 13 Jul 2005 18:43:28 +0100

OK, thanks very much that all seems to make sense.

Basically I'll just switch my network connection to 'Trusted' instead of
'Internet' in ZoneAlarm and I'll still be protected by the Firewall on the
router. But I should leave the software firewalls in place a) 'cos they're
not doing any harm and b) it validates/stops outgoing IP traffic.

My network friend at work said the router firewall would not prevent port
scanning (and some other stuff I can't remember). At least I think that's
what he said!

Re the DHCP; what I meant was my ISP told me what the IP range (for my
internal network) would be, not that it was dynamically supplied by them
over the connection. If that makes sense? So yes, it does come from the
router, I guess I should have said "my ISP told me" rather than "supplied
by". Also, if it is relevant, I can connect to the router (ping or browser)
via a fixed IP address.

Regarding the other discussion - I'm 98% sure my (hands off, user self
installs everything) ISP would not support remote config, at least not
deliberately ..... !

Many thanks again.

"Duane Arnold" <Notme@notme.com> wrote in message
news:eWaBe.150490$_o.119292@attbi_s71...
> Stephen P. wrote:
>
>> Today I have finally joined the 21st century and switched from ISDN to
>> broadband. All appears to be running fine, access wise.
>>
>> I have a Windows XP SP2 machine and a Windows 98 machine (primarily used
>> for backups), these are connected via a (ISP supplied and configured)
>> Thomson SpeedTouch 510 Ethernet Switch/Router/Hub/whatever, this has an
>> 'integrated firewall'. The machines connect to the router via DHCP using
>> an IP address range supplied by my ISP.
>
> That is impossible. The computers are connected to the router and they get
> a
> DHCP IP from the DHCP server on the router. They are called private LAN
> side IP(s). The router itself is obtaining a DHCP IP from the ISP so that
> your router can access the Internet and the machines connected to the
> route
> using private LAN IP(s) can access the Internet through the router. The IP
> from the ISP the router is using is called a public/WAN IP.
>>
>> The XP machine is running Windows Firewall (although since I stopped
>> using
>> dial-up it has, worryingly, stopped appearing in the system tray) which
>> is
>> 'On' and has ActiveSynch Application (my PDA), Connection Manager, File
>> and Printer Sharing and SmartFTP as exceptions. Also under 'Network
>> Connections' my 'Local Area Connection' is marked as firewalled. I think
>> this seems secure?!?
>
> You really don't need the XP FW, since the machines are behind the
> protection of the NAT router.
>
>>
>> The Windows 98 machine has the freebie ZoneAlarm installed. However as
>> there is only one connection - to the router - I don't seem to be able to
>> win on whether to put this in the 'Trusted' or 'Internet' zone ;
>
> You can put it there, because the router is there protecting the network.
>>
>> a.if in the trusted zone then my file sharing between the two computers
>> works OK, but I am, presumably, less secure.
>> b.if in the internet zone then my file sharing doesn't work - I cannot
>> connect to the 98 machine from the XP machine.
>
> Well, you either put the machines in the trusted zone of the PFW/packet
> filter so that the machines can share resources or you disable the
> PFW/packet filter, but since the machines are behind the protection of the
> NAT router, either way, the machines are protected.
>
>>
>> I'm sure this is a REALLY common problem, with an obvious answer, but I
>> don't know what it is ! As I see it I can either;
>> a.Trust that the Firewall on the router is doing it's thing and leave the
>> network connection in the trusted zone. The Router Firewall would
>> *appear*
>> to be working as ZoneAlarm has only reports 3 blocked intrusions - all of
>> which were me on the other PC. But one of our network people at work said
>> I should definately also install a software firewall ...... unfortunately
>
> One installs a PFW/packet filer on the machine to stop outbound traffic
> from
> the machine, since the NAT router for home usage doesn't have the ability.
>
>> I'm on holiday all week, so can't ask him this one!
>> or
>> b.Add my IP range to the exceptions, but I'm unsure of the implications
>> of
>> this.
>
> You should leave it alone.
>
>> or
>> c.Turn off DHCP and hardwire the IP addresses of the 2 machines, albeit
>> to
>> numbers within the same range, and then put these into the exceptions
>> instead.
>
> You should leave it alone.
>> or
>> d.Something else!!
>
> You could use static IP(s) on the router.
>
>>
>> What is the correct solution? Many TIA.
>
> (A)
>
> The machines are protected by the NAT router until you start doing high
> risk
> things with the router like using port forwarding opening inbound ports on
> the router to a LAN/IP/machine.
>
> All ports are closed on the router by default and the ports will only open
> if a program running on the computer initiates outbound traffic to a
> remote
> IP. If the solicitation is made to a remote IP, then the router will open
> the required inbound ports, otherwise, all unsolicited inbound traffic to
> the router is blocked, unless you open ports manually using port
> forwarding.
>
> http://www.homenethelp.com/web/explain/about-NAT.asp
> http://www.homenethelp.com/web/explain/port-forwarding-dmz.asp
>
> Duane :)
>

Relevant Pages

  • Re: Using Remote Desktop From an SBS Domain
    ... After I thought about needing 3389 forwarded on my router to allow me to ... Remote Desktop "out" from a workstation on my SBS network to a host XP ... Hopefully next week I can attempt a connection while my ISP watches the ...
    (microsoft.public.windows.server.sbs)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Unable to obtain a server- assigned IP address Try again later or enter an IP address in Net
    ... I can go to Control Panel - Network and Internet Connections - ... If yours is not a subset of your router, ... I have a LINKSYS router (4 port connection) - I have my cable modem ...
    (microsoft.public.pocketpc)
  • Re: Connection from remote computer to network SQL Server
    ... There is no firewall on the W2K machine acting as the SQL server. ... I tried making the SQL machine a "trusted" on the router. ... connection works. ... To find the IP address of your computer inside the network, ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Loss of Connectivity on Only One PC on a LAN
    ... When you ran the Network Setup Wizard, ... The original setup of the LAN was done entirely by the user of the other PC on that LAN in July. ... I use a LAN connection which consists of two PCs each connected to a Linksys BEFSR 41 Router. ...
    (microsoft.public.windowsxp.network_web)
Quantcast