Re: Win XP, NAT, DSL and File Sharing

From: QuickHare (noone_at_home4comment.com)
Date: 09/26/05 

Date: Mon, 26 Sep 2005 21:18:40 GMT

> | Yup, this is a common question raised, but this one is slightly different as
> I
> | hope someone out there can just read through what I write and confirm or
> correct
> | my understanding. Also, any names of systems, workgroups, user accounts, etc
> are
> | used for generic reasons so others can learn too, and the set-up does not
> use
> | any default names for security (eg, not on the Workgroup workgroup).
> |
> | ---
> |
> | Right, I have two machines, A and B. A is a desktop machine, B is a laptop.
> Both
> | run Window XP Home SP2 with all the updates fully installed and working
> great. A
> | (desktop) is connected to a router by wire (ethernet cable). B (laptop) is
> | connected via a wireless connection to the router, set up with passwords,
> | encryption and MAC filtering (to keep the unwanted connections out). The
> router
> | is a DSL/cable router with built in hardware firewall and NAT (network
> address
> | translation). It connects to the internet.
> |
> | Now, I wish to allow B to see the entire hard disks of A using File and
> Printer
> | Sharing. On looking into this, it is a bad idea when connected direct to the
> | Internet. However, I have found a Scope button in the Exceptions tab of the
> | Windows XP firewall, which I can limit only to the local IP addresses only
> | (which are not likely to change).
> |
> | So.......
> | Can I do the following safely with no trouble outside?
> |
> | 1. Enable File and Print Sharing.
> | 2. Change the scope settings to only allow it to be open for my known
> computers
> | on my local network.
> | 3. Using this, share the root of all harddrives.
> |
> | Any help would be appreciated.
> |
> | QuickHare
> |
>
> Yes, it can be done safely.
> To increase your security I always suggest blocking TCP and UDP Ports 135 ~
> 139 and 445 on
> *any* SOHO Router.

I'm not too up with all my abbreviations. What is SOHO? I take it you mean the
router is to block anything on the File and Print Sharing ports (the ones you
listed) from crossing the boundary from local to internet connection?

> Since you are running XP HE, I don't think admin shares like c$ are created so
> you will have
> to actually share the root of drive "C:". Just make sure both PCs have the
> same named
> account and the same password and you will access data with no problems. I do
> suggest that
> you use passwords on all accounts, disable the "guest" account and use strong
> passwords on
> the accounts.

When I shared before (for a few minutes to transfer a few files), I had FAT32 on
computer "B". I managed to copy into it from "A", but not the other way round.
Was this because Windows didn't let me access an NTFS filesystem from a FAT32 or
something?

I have used the same password, which is strong, and the Guest is off. I've set a
strong password for the Admin account. Some accounts do not have passwords as it
is a shared machine. Is it still safe considering the IP filtering the firewall
will be doing?

QuickHare