[OT] XP networking question

[legacy-colamann]

I have 2 comps both running XP on them. They are both hooked up to a hub. And both running the Xp firewall. I want to keep using this firewall - I hate the add ons.

Now the problem is everytime I want to share a file between the 2 comps I have to turn off both firewalls. This burns my ass!!

Any help?

[Imaginos]

What are you firewalling them against besides each other?
If they are both connected to a hub then to a router and your Internet connecton, your router should be decent protection.

From the WinXP Pro ICF help:
Internet Connection Firewall Considerations
ICF and Home or Small Office communications
You should not enable Internet Connection Firewall (ICF) on any connection that does not directly connect to the Internet.
If the firewall is enabled on the network adapter of an ICS client computer, it will interfere with some communications between that computer and all other computers on the network. For a similar reason, the Network Setup Wizard does not allow ICF to be enabled on the ICS host private connection, the connection that connects the ICS host computer with the ICS client computers, because enabling a firewall in this location would completely prohibit network communications.

Internet Connection Firewall is not needed if your network already has a firewall or proxy server.

[legacy-colamann]

I'm not using a router, trying to find a fix this way before I go buy one.

[Imaginos]

Yow. Ok, so your broadband modem connects to your hub and assigns an IP address to any machine connected to that hub?
Do you know if it is doing NAT (machine IP's of 10.x.x.x or 192.168.x.x)?
What ISP are you with and what modem are you using? You may not need to buy a router depending on what hardware you already have.

[legacy-colamann]

My ISP is Shaw. Both my machines have a 24.x.x.x address,with Shaw they give an extra ip address here. So no NAT. My modem is just the regular one they gave me-Terayon.

[legacy-SJAndrew]

I don't think you're doing NAT. Every machine you're hooking to your hub as assigned a public IP address (Shaw must give you multiple public IPs).

Seeing as how you're not using NAT, you're missing out on one of the most fundamental type of firewalls. Personally, I trust my firewalling more to Linksys et al than I do to M$. And, in general, hardware firewalls are better than software firewalls (easier, more reliable et cetera).

My first recommendation is here:

http://www.newegg.com/app/ViewProduc...=BROWSE&depa=1

But, if you don't want to spend any money (and you have an old system laying around), a better solution may be here:

http://www.smoothwall.org

You can use this linux distro to make your own NAT router out of an old 486 box.

It's too bad you already bought a hub. Almost everyone's broadband NAT router comes with its own 4-port hub as well. I file share between my two systems all the time because behind the NAT firewall, there is no firewalling. Every system will be assigned a private IP in the same range (192.168.1.XXX) where they're on the same network. Effectively, the only firewalling will be at the router making file sharing transparent.

Unles you're *really* tight on money, I suggest the Linksys (or other) solution. It's very easy to setup and seems very reliable.

[legacy-colamann]

Ya I guess I might have to pick up a router. I got this hub free about 3 years ago.
I guess I was looking for a quick fix to this problem - like opening a port or something like that. Without losing my security. Well if there no other suggetions, I hope I get a router for Xmas.

[legacy-SJAndrew]

Originally posted by colamann
Ya I guess I might have to pick up a router. I got this hub free about 3 years ago.
I guess I was looking for a quick fix to this problem - like opening a port or something like that. Without losing my security. Well if there no other suggetions, I hope I get a router for Xmas.

That's kind of the thing....hubs always have all ports open. They're dumb; only a splitter. With a hub, all clients are network wise in the same position as they would be is they were hooked directly to your cable modem.

A router on the other hand has a processor and software onboard that can filter incoming packets. What NAT does (in addition to many other things) is drop incoming traffic *unless* it was requested by a client. As such, with a NAT router, you cannot receive any unsolicited TCP/IP inbound traffic.

When you open a port in a router, you're telling the router to direct all TCP/IP traffic received on a given port (like 7777 for UT servers) to a given IP address. It's a passthrough programmed by you.

Given their relative tiny price, a hardware NAT router is a must for and broadband user imho.

[legacy-Tembaco]

Hi

If you want to keep your Hub and security try to install another software like firewall (like Norton internet security or Sygate for example)
These firewalls you can easy configure (build trusted zones etc)

The firewall on XP is not verry friendly for use at all it can generate al lot of frustration

But offcourse a router or switch is much better than a hub

regards

[legacy-SJAndrew]

Originally posted by Tembaco
Hi

If you want to keep your Hub and security try to install another software like firewall (like Norton internet security or Sygate for example)
These firewalls you can easy configure (build trusted zones etc)

The firewall on XP is not verry friendly for use at all it can generate al lot of frustration

But offcourse a router or switch is much better than a hub

regards

With a softwall solution, you're at very least going to need to buy:

1) Software (one copy for each machine)
2) Hub -or- extra NIC for each machine and run all clients all the time using ICS over a direct cable connection

This pricing is much higher (unless you already have NICs/Hub/Software) than the $45 for a real NAT router.

IMO, a real NAT hardware router is the simplest, cleanest, easiest solution. And, even though the standard Linksys/Netgear/D-Link et cetera broadband router only has four ports, they can typically share the internet connection between 200+ clients.

And, you don't have to run and always-on bloatware like Norton that sucks CPU cycles and resources (no offense, I just think it's more cumbersome than helpful).

[legacy-Tembaco]

From his origanal post he said he allready used a hub. so i guess he allready has 2 nics cables etc.

I agree about the hardware router which i post allready. But i just gave him another option. because he only needs 2 software like firewalls. If he allready has a hub and 2 nic's. And i dont think the XP firewall is verry controllable

The thing about Norton taking to many resources and CPU
:bulb:

Well if u compare it against a harware solution the software solution always takes more from your resources. But I never expirenced extreme resource taking.


But i agree what you said about the router. Its the best solution. The only thing is you have to learn how to deal with NAT. Its not like most people think just plug it in and it works. Its a bit more to it.
Allthough there are some routers on the market which you can manage with a easy to use web interface which make it easier for people.

And to really good configure a router it can be cumbersome as well for a lot of people.