1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Suggestions for a better firewall?

Discussion in 'Networking (Hardware & Software)' started by kenton, 2005/02/16.

Thread Status:
Not open for further replies.
  1. 2005/02/16
    kenton

    kenton Inactive Thread Starter

    Joined:
    2004/01/21
    Messages:
    158
    Likes Received:
    0
    Windows XP, Home ed, SP2. Small LAN, 4 PCs.
    There are also few other LANs connected to same router(ISP). I need close/isolate our LAN for oustside connections, include this another LANs. Windows firewall is enabled, I configured all firewalls for 'Custom List' IP addresses: 'File and Printer Sharing' > Edit > TCP139,TCP445,UDP137,UDP138] > Change scope > set in 'Custom list' window local IP of our pcs, like this: 192.168.0.22,192.168.0.23, etc

    After a some time I found, that someone still can print documents on our
    printer from another(outside) LAN! Also, for experiment, I tried to exclude one local IP in one of our computer from 'Custom list' window, but nevertheless I still can print/browse on that PC from PC which has no permissible IP number.

    I found also, that system change the local IP numbers i have set in 'Custom list' window from 192.168.0.22 to 192.168.0.22/255.255.255.255 Why?
     
    kenton,
    #1
  2. 2005/02/18
    ReggieB

    ReggieB Inactive Alumni

    Joined:
    2004/05/12
    Messages:
    2,786
    Likes Received:
    2
    I'd recommend putting a hardware firewall between the router and your network (I am assuming you don't have control of the router as if you did you may be able to put rules on that to block access). Something like a Cisco PIX or a watchguard soho would do the job well and also provide excellent security. The default setting will allow no traffic initiated from outside to pass into your network. I haven't played with a PIX for a while, but certainly with the Watchguard it will do what you want by simply connecting it in and running the a very basic setup process.

    Another alternative may be to put a cheap router between your network and the internet router and then using routing rules to block the unwanted traffic. You could even use an old PC with two NIC in this role. However, doing this will be more complicated than installing a dedicated hardware firewall. For example, you'd have to create another network between the new router and the existing one, to allow you to route traffic correctly.

    The 255.255.255.255 after the address is the mask. 255 is equivalent to all 1s. Effectively it is network shorthand for "this address and only this address ". Without the 255.255.255.255, the address could be that of a network or subnet rather than a single node/IP.
     
    Last edited: 2005/02/18
    ReggieB,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...