Re: Win XP ICF - permit all traffic from one IP address?
From: Bill Sanderson (Bill_Sanderson@msn.com.plugh.org)
Date: 11/17/02
- Next message: Bill Sanderson: "Re: Windows XP Security"
- Previous message: lappy: "Win XP ICF - permit all traffic from one IP address?"
- In reply to: Craig Mitchell: "Win XP ICF - permit all traffic from one IP address?"
- Next in thread: Tracker: "Re: Win XP ICF - permit all traffic from one IP address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> Date: Sun, 17 Nov 2002 14:51:55 -0500
The short answer is no--there isn't such a facility. I imagine that you
might be able to do this with IPSEC, but I don't know enough about that to
tell you how to do it.
There is another way at this, though.
You can install a second protocol, IPX/SPX and unbind File and Printer
sharing from TCP/IP. The firewall doesnt affect IPX traffic, and this is
actually the recommended solution in your situation.
The only tricky piece of this is the "unbind" part--
Properties of TCP/IP on the interface, advanced, WINS tab, Disable NetBIOS
over TCP/IP.
You can also look under options at TCP/IP filtering--but I'm unclear how
you'd manage both Internet access and unlimited access between PC's over the
same interface via filtering--i.e. I think it wouldn't work!
"Craig Mitchell" <craig@myboot.com> wrote in message
news:522801c28e6e$d850b5b0$8af82ecf@TK2MSFTNGXA03...
> My two computers here at home are running Windows XP Pro
> and connect directly to the Internet via a DSL
> connection. Both of them have static IPs etc. And each of
> them is running "Black Ice PC Protection" as a
> preliminary firewall. Both of them are workstations, and
> use a workgroup rather than a domain.
>
> Problem. Since both PCs are hooked directly to the
> Internet, if I want to file-share between the two PCs, I
> have to disable "Internet Connection Firewall" on both of
> them (otherwise, regardless of Workgroup, they are not
> permitted to browse each other, connect to shares etc.)
>
> Now I would really like to have Internet Connection
> Firewall enabled -- to provide a second layer of
> protection beyond the Black Ice product. But I also want
> to be able to map drives between the two etc.
>
> So here's my question. ICF seems to be all-or-nothing.
> It's either enabled or disabled, right? Well is there a
> way to add the equivalent of a "PERMIT ALL FROM IP
> ADDRESS x.x.x.x" ? So that it's still enabled but it
> allows all packets from the other friendly home
> computer's IP address?
>
> Note: I know there are some other ways I could have my
> home network installed - with both PCs behind a common
> firewall, NAT them for outgoing traffic, internet
> connection sharing etc. but I don't want to do that at
> the moment for reasons too extensive to describe.
> Likewise, I realize that I could setup an FTP server on
> one of the boxes and then permit that particular service
> through ICF.
>
> But my question still stands: In ICF, is there the
> equivalent of a firewall PERMIT statment that can be
> written allowing all traffic from one IP to come through?
>
> Thanks in advance,
>
> Craig Mitchell, St. Louis Missouri, USA
- Next message: Bill Sanderson: "Re: Windows XP Security"
- Previous message: lappy: "Win XP ICF - permit all traffic from one IP address?"
- In reply to: Craig Mitchell: "Win XP ICF - permit all traffic from one IP address?"
- Next in thread: Tracker: "Re: Win XP ICF - permit all traffic from one IP address?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
