Results 1 to 4 of 4

Thread: Contradictory Firewall Setup??

  1. #1
    skeezix Guest

    Default Contradictory Firewall Setup??

    I have a hardware router between my cable modem and my system. I have set up my firewall, probably incorrectly, as shown. Are the entries contradicting each other in terms of zones? What is the optimum setup for my system?
    <p align="center">

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    watcher Guest

    Default Re: Contradictory Firewall Setup??

    Dear skeezix:

    You have the network IP address/subnet mask for your LAN in the Internet zone which, by default, has High security, which will block file and printer sharing. I would change the name for that entry, ZoneAlarm SS, to something more meaningful like LAN, and place this in the Trusted zone. By the way, the network IP address above includes the IP address range 192.168.0.0-192.168.0.255. Therefore, you don't need those 2 entries, 192.168.0.1(router IP address) and 192.168.0.100, which is probably either your PC's private IP address or your cable modem IP address. Make sure your router is providing DHCP using a pool of IP addresses(usually 50) to choose from when assigning IP addresses to connected PCs. Also, ideally, it should provide DNS IP addresses as well. Otherwise, if you are using external DNS servers, add their IP addresses in the Zones tab and place them in the Trusted zone. Routers provide NAT, or Network Address Translation, which converts private IP addresses to a public IP address provided by your ISP and back again. This protects your PC from being directly attacked because private IP addresses are not routable on the Internet. In addition, you have an IP address in the Blocked zone. I would remove that from here and make an expert firewall rule in the Expert tab and block it here. Expert firewall rules are enforced before Zone rules so traffic from this IP will be dropped before it is processed by the Zone rules. Lastly, you are missing the local loopback address that should be here. See below:

    Name-Local Loopback Address
    IP Address/Site-127.0.0.1
    Entry Type-IP Address
    Zone-Trusted

    Hope this helps.

    WATCHER

  3. #3
    skeezix Guest

    Default Re: Contradictory Firewall Setup??

    Watcher,
    Thank you for your reply. I thought I had more entries than I needed but I wasn't sure.
    I should have provided more information:
    My system consists of two computers - mine and my wife's. Each is connected to a DataLink wired router, and that is connected to a Motorola cable modem. Neither computer acts as a server, just
    common old everyday home-use boxes.

    Mine
    runs WinXPSP2 with IE6, hers runs Vista, also with IE6. All updates are installed. Our service is through Bresnan, a moderately known provider in the intermountain area of the U.S.
    I know just enough about the modem settings to be dangerous. To myself, that is.
    1. Because we do not share printers or files, I set the LAN in the Internet zone 'way back when, when I set everything up. If this is still appropriate given the above information, please let me know.
    2. I deleted the 2 entries you mentioned (192.168.0.1 and 192.168.0.100). I don't really know what those are, I thought the computer used them to address the router. I do know that when going to &quot;WhatIsMyIP.com&quot;, my IPA changes every few weeks or so, but not at every reboot or internet connection.
    3. I haven't had any problems with my router that I know of. It works.
    4. Regarding the 68.142.200.12 blocked site, I can't recal what that is other than I added that entry about a month ago after tracing it back from my computer to some site I didn't feel comfortable with. I tried to make an Expert Rule but just became confused so I gave up on that and left the entry alone.
    5. With regards to the missing local loopback address, not sure what to say. I tried installing a &quot;local server&quot; (Apache XAMPP) so I could work offline with my website, but had considerable problems with it that went away whenever I disabled all ZA's Privacy settings. I started a thread about this in October/November and wound up just forgetting about local server stuff. Maybe the missing entry was part of the problem. I also make use of a rather large hosts file. I will add the entry as you suggested.
    6. The WinXP firewall is &quot;disabled&quot; but somehow I just don't have a warm and fuzzy feeling about it. My IE 6 &quot;home&quot; page is set to Google, but every once-in-a-while MS somehow comes up when I open IE6.
    I really appreciate your reply, I know it takes time to provide useful info as you have. If you have any other suggestions based upon my additional information, I sure would be interested in reading them!
    Skeezix

  4. #4
    watcher Guest

    Default Re: Contradictory Firewall Setup??

    Dear skeezix:

    I'll answer your post in the same manner that you presented it, in numerical order.

    1.Re your No.1, I would still leave your LAN in the Trusted zone whether or not you use file and printer sharing. It will give you the least problems when your router is in the Trusted zone. Since you are not using file sharing, I would disable it at the operating system level at both the connection and file system level. To do this, first go to Control Panel and open Network Connections. Right click Local Area Connection and click Properties. Uncheck, File and Printer Sharing for Microsoft Networks. Click OK to exit and exit Network Connections. Now, open Folder Options from Control Panel, click the View tab, and scroll down to the bottom of the list for, Use simple file sharing(Recommended). Uncheck this. If you ever want to enable file sharing, just reverse the process.
    <hr>
    2.When you go to a site like, whatsmyip.com, it is probably giving you the public IP address assigned by your ISP, not the actual PC IP address which is assigned by your router. Remember, your router is probably providing NAT as I stated in my previous post. You can verify this by clicking Start, then Run, type CMD, then click OK. At the DOS window that opens, type in, ipconfig /all, and note the space between the g and the /. Hit Enter. It will show your PC's IP address under IP Address field. It should be a private IP address and different from the one that displays on whatsmyip.com.
    <hr>
    3.Good to hear!
    <hr>
    4.I used the nslookup utility to see what IP address 68.142.200.12 was. It returned the following name: attach1.mail.vip.mud.yahoo.com. To set an expert firewall rule to block this IP address, you would do the following: a)Click the Firewall panel, Expert tab and, in the lower right, click the Add button. b)In the Add Rule dialog box that displays, follow the procedure for each field: Rank=1(assuming this is your first rule) Name=Deny IP Address State=Enabled Action=Block Track=None(unless you want to track it) Source-click on Any then click Modify button, highlight Add Location, then click IP Address. In the Add IP Address dialog box, Description=Deny IP Address, and enter IP address 68.142.200.12 in the IP Address field. Click OK. Destination-click on Any then click Modify button, highlight Add Location, then click My Computer. Protocol-click on Any, then click Modify button, highlight Add Protocol, then click Add Protocol. In the Add Protocol dialog box that displays, click TCP &amp; UDP in the Protocol field, Description=Explicit Deny IP Address, and leave Destination Port and Source Port as Other/Any, and click OK. Click OK in the Add Rule dialog box and, lastly, click Apply button in the lower right of the Expert tab.
    <hr>
    5.Please make sure the Local Loopback Address is listed in the Zones tab per my previous post. As for the HOSTS file that you use. Yes, you could add that hostname for the blocked IP address here but that would only prevent you from going to that website, not from them attempting a connection to your PC. The expert firewall rule set to block will.
    <hr>
    6.The Windows Firewall is disabled by default by ZA. The reason is that having 2 firewalls operating concurrently can cause unpredictable events. As for your browser, each browser can be configured for startup page, home page, and search page. Check to be sure your preferences are there. Hope this helps.

    WATCHER

    Message Edited by WATCHER on 11-15-2007 04:21 PM

    Message Edited by WATCHER on 11-15-2007 04:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •