Networking XP Home and Win98SE (Fire Wall Questions)

Hello all,

I have 3 machines in the house shareing internet, 2 which are XP Home and mine which is WIN98SE. For about a year now all I have done is share the internet through a LinkSys Router. Now I have a need to network them together
and need some help understanding a few things.

I am very new to XP Home and am still trying to understand how to use it and all it settings and where to find them. I was for a long time useing Kerio 2.1.5 on all three (which probably wasn't nessicary) behind the router but I un-installed the firewalls on the XP machines due to the fact that the kids were haveing major problems/complaints with them.

I was not totaly comfortable with this desicion but never the less the kids won! This morning I have decided to reinstall the firewalls and want to network the three together for file sharing pourposes as we are working on a big school project for the kids and they will need my help and rather then spend my time in thier rooms (where I dont like to be) I would rather help them from my machine and grant them accses to folders I can create and store notes in.

I did some testing this am and found due to the fact that my firewall is still up I can see thier machines but thiers cant see mine. That is easy enough to fix but it means I have to either shut down my FW or re create rules for NET BIOS, PORTS 135-139 . As it is now I have NET BIOS 135, 137-139 BLOCKED COMPLEATLY as well as Denying accsess to all lower port 1-1023 to ALL Applications.

I went ahead in advanced and unchecked those rule settings and thier machines found mine very quickly to see if that was the problem and found it was. I am not confortable with letting these particular rules for NET BIOS go freely as they want to.

In as much as I understand what type of rules I need for my WIN98 machine, I need help understanding probably more stringant rules for WIN XP. I am not sure what to allow for NET BIOS with XP Home or how to set it up for all machines to be secure as they will all still have acsess to the net.

In the recent past I set up my sons machine for IPX for games with my machine as I do NOT allow them accses to the net to play the games with other unknowns. I am wondering as well should I terminate all current networking and start from scratch so that I know my machines are secure TOTALY .

I want a safe enviroment for all my machines as well as the kids and still allowing them accses to the net as well as the folders I would like to create for them to use. My machine has 4 partitions and they will not have accses to the C:\ . I will create accses in the D:\ and the E:\. The F:\ is a storage bin for all my backups.

I can save current rules of my FW to disk and use them as a guide line for thier rules but with XP there are alot more running services that I still need to learn about.. basicly (what/what not to block to the net) but need to start with re adjusting my rules in NET BIOS and granting the machines accses to each other.

I belive if I am thinking correctly is that accses would be a UDP Datagram from one machine to the other to comunicate properly on ports 135, and 137-139 on a trusted address group. If I list a trusted address group in Kerio it should in thoery bypass all other rules written for those ports, correct? thus leaving me the option not to have to change the current rule I have. I shure could use some help (as you can see) and any givin would be greatly appreciated. I am sorry for the lenghty post and I hope I have posted in the proper forum, I apologize if I havent.

Regards,
FireDancer

 

In this case I suggest you install NetBEUI on all three machines and use that for your internal sharing. It cannot see and is not seen by a firewall so you won't have issues there. It cannot see or be seen across a router unless you have a fancy one and do some really serious tweaking so basically your NetBEUI traffic is completely invisible from the internet.

NetBEUI on XP is not Microsoft supported but it's been around so long you are very, very unlikely to have problems with it and it does run perfectly well on XP.

How-To Install.

Once you have NetBEUI running and the File & Printer Sharing loaded (also necessary to share your files) you can further safeguard yourself by modifying the bindings on the network cards. By default, the settings will be to 'bind' all your active protocols like TCP/IP, NetBEUI, and any others to all features on the network card. But you can remove all except NetBEUI from the file sharing piece and TCP/IP won't even know it's there or try to participate.

On XP, you open the Network Connections from Control Panel and then Advanced tab and Advanced Settings button. You will see a screen much like the one pictured except that rather than only the Internet Protocol (TCP/IP) you will also see NetBEUI. You would remove the check mark by Internet Protocol (TCP/IP). Deed done and you could later undo it (rebind) just as easily if you had a need to.

9X has the bindings available so you can change them but I don't remember exactly where/what you click to get to them. Not very hard to find though. I have a vague memory that it may be part of the Advanced settings on the network card itself with 9X but I could easily be wrong.

 

Newt,

Thanks for replying and dropping a link. I followed the instrutions givin in the link and got Netbeui installed on XP without a hitch. Next I installed NetBeui on my win98 machine and started messing with bindings...ughhh I have a big mess now as my main machine wont acsess the net at all even with the firewall un-installed, so that tells me this process is going to be hand on learn from your mistakes LOL.

Anyways if I understand you correctly when binding I un check mark all features/protocalls from networking and or file shareing except NetBeui?
and I should have no problems with connecting to other machines as It will only use the protocall that is binded to it..being NetBeui correct?
all other features will will continue to act as thier supose to with out interfering with the network. I am gonna mess with it a bit more and I will post back tomorrow...with the outcome and maybe we can mess with it more if needed I know your busy. Thanks again for the help.

Regards,
FireDancer

 

An alternative approach: First I will assume you are using a "private" IP addressing inside your network (one that starts 10.x.x.x, 192.168.x.x 172.16-31.x.x) - which I would strongly recommend - and using a form of NAT on your router to convert internal addresses to valid public addresses as you go out over the internet. If this is the case, many decent personal firewalls will allow you to assign a "trusted" IP address range, which you can then set to the range of your internal network addresses. As the private addresses are invalid on the internet the only traffic using the trusted IP address range will be internal. If you want to be more secure, you can lock down the ports open to the trusted network.

Personally, I would avoid using NetBEUI if at all possible. It is a very ineffient network protocol and will cause a significant increase in network traffic, and the amount of processing carrried out by all the PC on your network. I like Newts alternative aproach, but would suggest using IPX rather then NetBEUI as the alternative internal protocol.

 

ReggieB,

Thanks for the reply yes I know of the TRUSTED ADDRESS in my firewall but am not to familiar with setting it up. I have IPX installed on both machines in the protocalls and and I do sit behind a router ( LinkSys 4 port ).

Where I am getting confused is what protocalls are needed and how to make them secure for my network and how to secure them. I added the IP (which is 192.168.x.x from machine #2 into the trusted group and check marked " For Microsoft Networking, Use these Rules instead of Filter Rules." The machine still wasnt allowed accses to my main machine for some reason.Shouldnt this bypass any filter rules written for the NetBios Ports 137-139?

I have many protocalls installed and not sure what I can keep and discard, like I said in my last post I started messin around and now the main machine will NOT acsess the net even with the firewall down so I know it is a simple setting somewhere in the bindings. I went back to all the protocalls and all the bindings are checkmarked for Networking and shareing.

At this point I am not sure where to start... again thanks for the reply

Regards,
FireDancer

 

What I have Set Now

I go to Network Neighborhood, right click, go to properties, and under configuration this is what I see for installed conponants...

Client Microsoft Networks
Dial Up Adaptor
SIS 900 PCI Fast Ethernet Adaptor
IPX/SPX- Compatable Protocall-> Dial Up adaptor
IPX/SPX- Compatable Protocall-> SIS 900 PCI Fast Ethernet Adaptor
NetBuei-> Dial Up
NetBuei-> SIS 900 PCI Fast Ethernet Adaptor
NetBios Support for IPX/SPX-> Compatable Protocall
TCP/IP Dial Up
TCP/IP SIS 900 PCI Fast Ethernet Adaptor
File and Printer Shareing for Microsoft Networks

Under each one of these (where it applys) for bindings, all boxes are checked marked.

Maybe this will shed some light on where I need to re start and make adjustments. Thanks again

Regards,
FireDancer

 

Hey all,

After much frustration and more problems ariseing I am going to walk away for a while. I have lost my internet connection on my win98 machine for some reason. The protocalls I have listed in the above post have seemed to just dissapeared into thin air and believe there is a ghost living in my machine.

I have uninstalled and reinstalled the lan drivers to no avail. I have reset all the protocalls (when I had them) LOL to there origanal settings...to no avail!

My Network Neighborhood shows the other machines in the list and vise versa from machine 2 but cannot accses anything from machine 2 ughhhh I am going to walk away for a bit. I thank you all for your input and hope that somewhere we can collectivly find the answer as to why all went so wrong so fast. I still believe it was when I messed with the bindings but I have since set that back to what they were and still no active connection to the net.

Maybe I just need to do something else for a bit and let it stew

Regards,
FireDancer

 

Hi Newt,
When you use NetBEUI, what items should you uncheck in your connections properties dialog box?

Thanks

 

Hi Newt,
Another question for this "Network Newbie "

What do you mean or do when you enable NetBEUI over TCP/IP?

Thanks

 

You mean NetBIOS over TCP/IP. This is not the same as NetBEUI.

NetBIOS is a protocol suite that I think derived from an IBM network system. It is basically the set of protocols that look after the passage of information between the network and the application within the PC.

In simple terms that I can understand, if an application wants to send or get information over the network it passes the job to NetBIOS to sort out. NetBIOS packages the data and prepares it for passge over the TCP/IP network. Network protocols work in a heirachy so you commonly have a stack that looks like this:

Application
NetBIOS
TCP or UDP
IP
Ethernet
Electrical Signals.

With NetBEUI, you replace the TCP/IP sections with NetBEUI and join broadcast city!

Application
NetBIOS
NetBEUI
Ethernet
Electric Signals

 

Hi Reggie,
Thanks for the reply.

We previously posted our continuing problem as "Entire Network Error" on this forum. Don't know if you have read it but we are still having the same problem.

Today we pinged both computers without any problem.

Any suggestions?

Thanks

 

See 'tother thread