Compuetr nerds, internet gurus and any other IT, please.

Discussion in 'Off Topic [BG]' started by Andy Daventry, Aug 12, 2003.

  1. At home we have three computers networked. LAN on XP. All computers run XP (unfortunately...I am an old luddite who prefers '98, but for some reason I can't easily configure my rather strange monitor on '98...but so be it).

    Net access is through a cable modem on one of the machines. All machines show the same IP to the internet.

    We use zone alarm on all three machines, but tests (mucking about with , that is) and common sense suggest that we only actually need it on the one machine that the cable modem is plugged into.

    Can experts please confirm this before I uninstall the surplus copies? Many thanks.
  2. hyperlitem

    hyperlitem Guest

    Jul 25, 2001
    Indianapolis, IN
    i work in an IT department. I have never actually encountered this direct problem but id say your right. Common sense does say that should do it. Id compare it to a firewall. You only put a firewall on teh computer that is connected to the cable. I hope that helps.
  3. Thanks. Zone alarm is, of course, a firewall.
  4. wulf


    Apr 11, 2002
    Oxford, UK
    Check the Zone Alarm logs on each of the three machines - do the two that aren't directly connected show any attacks?

    If you've got a firewall machine that actively filters all requests, your theory stands up... but if the connected machine is just sharing the connection without checking all the traffic you could get problems.

    Log files are the system admin's secret source of information... ;)

  5. Brooks


    Apr 4, 2000
    Middle East
    If you want to have more peace of mind, you could do what I do - the machine that connects to the Net has Zone Alarm Pro. All the others have SyGate Pro. So, for someone to get into my machine, they have to pass through both Zone Alarm and SyGate.
  6. Right, so if my log shows any activity originating from outside the LAN, then it means that we are sharing a connection.

    Or it might be because the security level on the modem machine is set on medium (has to be..when it's set on high, only that machine can access the net).

    Hmmm...we are using the free version of ZA. The pro version allows more careful network settings. I'll have to buy it ( :) )! And then test again.

    The point is that having active ZA on all machines leads to permissions probs with file sharing.
  7. FretNoMore

    FretNoMore * Cooking with GAS *

    Jan 25, 2002
    The frozen north
    Instinctively I would say you only need one firewall, on the PC that is the router between your local LAN and the Internet. That assuming your traffic is routed by one machine. Typically it would have two ethernet cards. One connected to your LAN hub, with this card and all other PCs in your LAN having IP numbers from the "internal" series (192...). The second card is connected to the Internet and usually is given an IP address automatically from you ISP via the DHCP protocol. With this "normal" setup your router PC is the only one that needs a firewall, it "filters" the communication between the two Ethernet domains so to speak.

  8. wulf


    Apr 11, 2002
    Oxford, UK
    It's really a question of whether the central machine is acting as a proper firewall - if the other machines show activity in the ZA logs, then the answer is that it's not, and it's safest to leave the software on each machine.

    Can you set up ZA to allow access to whatever is running when you do your file transfers between machines?

    Note that I'm making some guesses here. I run the free version of ZA on my home machine but, at present, that's the only computer I've got running, therefore my comments are speculation based on how I approach other problems that I meet at work (where we have a network manager and much more sophisticated firewalling than the free ZA, good as it is at home.

  9. Robert B

    Robert B Supporting Member

    Jan 21, 2000
    Hampton, Va USA
    I do believe you are correct. This from Microsoft:

    "If your network uses Internet Connection Sharing (ICS) to provide Internet access to multiple computers, it is a good idea to turn on Internet Connection Firewall on the shared Internet connection. However, you can turn on Internet Connection Sharing and Internet Connection Firewall separately. It is a good idea to turn on Internet Connection Firewall on the Internet connection on any Windows XP-based computer that is connected directly to the Internet."

    and this:

    "If you use Internet Connection Firewall in conjunction with Internet Connection Sharing, Internet Connection Firewall tracks all of the traffic that originates from the computer that is running Internet Connection Firewall and Internet Connection Sharing, and tracks all of the traffic that originates from private network computers. Internet Connection Firewall compares all inbound traffic from the Internet to the entries in the table. Inbound Internet traffic is permitted to reach the computers in your network only if there is a matching entry in the table that shows that the communication exchange began in your computer or private network."

    You can read the whole article HERE
  10. Fuzzbass

    Fuzzbass P5 with overdrive Supporting Member

    I used ZoneAlarm pro alone and it worked great. But then I got an Xbox with Xbox live, and wanted to connect both Xbox and PC to the net. So, for around forty bucks I got a Netgear DSL/Cable firewall router. I still have ZoneAlarm Pro installed on the PC, but whereas I once got a regular stream of messages in the logfiles, now I get none... the router blocks all those pings and internet noise crap.

    Anyway, forty bucks seems pretty inexpensive for so much security. Setting up the router was a breeze even for me... I'm not a hardware geek.
  11. Thanks for the ideas, people. I am getting a LOT of stuff in my log, so I guess keeping the prohram in place is a sensible idea.

    Robert, unfortunately, my attention slips after reading more than three sentences of any Microsoft article...They are a pain to read, which is odd as often what they say is quite simple and straightforward when you unravel it.

    They could have said, "The Internet Connection Firewall keeps a record of requests starting from computers on the network it protects, and only lets traffic from the internet through into the network if it has been specifically requested."

    Which means the same thing and is also, IMHO, readable.

    Fuzzbass, that is an excellent idea, and could solve our problems. If we can isolate the home network through a physically separate firewall, life would be more simple.
  12. you put a hardware firewall (in most cases a firewall/router) right after the cable modem, which then feeds into the first computer. router or not, thats the way it is. if youre using one computer for an internet gateway, then yeah...zonealarm will do.