simple network query

[pmv]

Just want to connect two PCs to allow file/printer sharing and perhaps a lan game.

Both have zone alarm free.

Have them connected via ethernet X-over cable.

One has modem connection via usb.

Both XP SP3

Have used network setup wizard, but it doesn't work and I think my problem is how to configure zonealarm.

I guess I need to add the IP address of the other PC to the zone alarm trusted zone?

How do I know what the other PC IP address is? Is a LAN always the same IP?

Do I not only get an IP address when I connect to the net? Much of the time neither PC will be on the net. Also I would rather have the option of connecting either PC to modem directly, not have to power both up and go through the host PC every time. One is often on the net, other only rarely.

Thanks.

 

[Lemon law]

I have the same basic set up, but a different firewall. And yes you may be correct, your firewall may be blocking it, but lets not rule out the possibility that its not the firewall.

To do a basic ICS set up, you need two working network interface or on board Nic's, one on each computer. Then you need the following working network protocols on both computers, TCP/IP, client for microsoft networks, and file and printer sharing for microsoft networks. Even before you try to run the network set up wizard, once the crossover cable is connected, it should show limited connectivity on the task bar.
With the host computer connected to the internet, run the net work set up wizard on the host computer, and then on the client computer.

If things went right, your connectivity will change to fully connected, if not, right click on it and try to repair it on both ends, which may give you other clues on whats wrong. Meanwhile, you can go to the host computer, click start--run--type cmd in the dialog box, then enter or OK, in the newly opened up dialog box, type ipconfig /all ( note space between the g and the / ) Your host computer should have a network
address of 192.168.0.1 and when you do the same on the host, it should have an network address of 192.168.0. xxx where xxx=any number between 2 and 254. Each computer some be able to ping itself and
its network companion. Same start, run--cmd, then ping 192.168.0.1 or xxx.

That is your basic ICS troubleshooting, but without going into a superlong post, just PM me and I will see what I can do if this does not set you right. And by the way, see if you can briefly disable zone alarm to rule the firewall in or out. If nothing else, you can use msconfig to take zone alarm off the start up list, without having to uninstall and then reinstall zonealarm to get that one piece of information.

But if you want, " Do I not only get an IP address when I connect to the net? Much of the time neither PC will be on the net. Also I would rather have the option of connecting either PC to modem directly, not have to power both up and go through the host PC every time. One is often on the net, other only rarely.

Then also consider a wired or wireless router, those will take patch cables, not one crossover, but may also meet your needs, although it may take more expensive hardware to do it.

 

[Sparky654]

A wored or wireless router also adds an extra level of security between the internet and your computers. I have heard that even ppl with only one computer connected to the internet it's a good idea to have a router connected between the modem and your computer for the extra firewall and other security built in to them.

 

[pmv]

@lemonlaw - thanks. I had done the things in your paragraph 2, but needed to change the settings for the host PC to use static IP addresses for the local network and then add them to zone alarm's trusted zone on the client. That seems to mean my host PC now has 2 IP addresses - a static one for the local network and a dynamic one created when connecting to the net. Is this true?

OK, I've sort of gotten it working. I can't believe how complicated it turned out to be (made slightly more complicated by the fact I have zone alarm and windows firewall both turned on, out of sheer paranoia).

File and printer sharing works, but internet connection sharing doesn't.

What I'm paranoid about though is accidentally creating a hole in my internet/firewall protection.

Windows troubleshooter says that to use internet connection sharing I actually need _two_ NICs on the host PC. I am a bit baffled by this, as surely if the net connection is via USB it isn't using the NIC for that? Is the network card being used even when I connect the modem via a USB port rather than the ethernet port on the card?

Another thing I am puzzled by is that trying to run the network set up wizard so that each PC has the option of connecting to a network while having its own internet connection (i.e. not using internet connection sharing) gives a warning that it will make shared folders accessible to the net, which obviously I don't want. But why does this not happen to the host PC when using internet connection sharing?
In fact I'm confused about this. If one PC, the host, can have net access without making its shared folders entirely public, why can't both PC's do it?

@Sparky
I've thought about a wireless router but that's a significant cost (when you add in the receiver widgets on each PC) and seems overkill for just two PCs, plus I then have to research routers (like, why do they vary in price by a factor of 10? What's wrong with the cheap ones?).

I wonder though if I could do the same thing via my external broadband modem. It has ethernet and USB connectors and if I connect both PCs at once, can I create a local network that way? Does the fact its a modem not a router make a difference?



Ah, the reason net connection sharing doesn't work is that to make it work the client machine needs to 'get IP address automatically' rather than use a fixed one. Then I have to set zone alarm on the host to 'trust' all 192.168.0.x addresses.

Now it tells me I have a working internet gateway connection, but still I can't actually access the net from the client machine.

 

[Sparky654]

Are the 2 computers close to the modem? If so a simple wired router with a 4 port switch should be all you need, as long as both computers have network cards installed. They just need to have network cable going to the out ports of the router. Then router will handle your incoming IP and assign each comp its IP when needed. Both comps should be able to run with dynamic IP addressing. Then just run the wizzard on 1 comp, save the settings to a flash drive and run the wizzard from the flash drive on the other comp. The only thing I dont know about is Zone Alarm as I haven't used that for several years and I know it has changed a lot since I've used it.

One issue Ive ran into with AVG internet security (what I use) is AVG's firewall conflicted with the windows firewall. I had to go to the windows services and turn off the windows firewall, then all was fine. I know some 3rd party firewalls turn off windows firewall and some don't so that may be one of your hangups.

While Zone Alarm is running, go to the security center to see if your windows firewall is off.

I will warn you though, I am not an expert by any means and have stumbled across some of this stuff by accident on my 4 computers (1 wired and 3 wireless). I have set up some simple networks for friends. but they didn't have 3rd party firewalls.

 

[Lemon law]

To pmv,

To start out with, its never a good idea to have two software firewalls, given the fact that zone alarm free is better than the windows SP2 firewall, its time to disable that sp2 one. Go to the windows firewall in the control panel, disable the sp2 firewall, and then go to the security center in the control panel, click on the firewall recommend tab, place a check mark in the box saying I have a firewall I will monitor myself. Its been my experience with all other third party firewalls, that failing to do that will cause the sp2 firewall to disabled internet connection sharing, in and of itself. And I find, even with a third party firewall, every time I happen to re set up ICS, something I can now do in a few minutes, I have to clunk the sp2 firewall on its head, before I can get internet sharing to work. Simply because every time anything changes, the sp2 firewall turns itself back on, to ruin and not save the day.

I suspect the dynamic address you refer to is your modem to isp address, your host computer should have a unchanging default address of 192.168.0.1. No static addressing needed. In terms of your client computer, I usually accept whatever xxx address ICS chooses, and then later make it static per KB 309642. Which will prevent a trainwreck if your client computer ever tries to choose a networked address of 192.168.0.1. in the ICS state.

In terms of, " Windows troubleshooter says that to use internet connection sharing I actually need _two_ NICs on the host PC. I am a bit baffled by this, as surely if the net connection is via USB it isn't using the NIC for that? Is the network card being used even when I connect the modem via a USB port rather than the ethernet port on the card?", that refers to an alternate method of setting up ICS in the event your modem connects to the host computer using an ethernet cable, since your modem connection is by USB, you do not need that second NIC on your host computer.

In terms of getting your zone alarm free to work with your ICS, you may have to, gasp, read the zone alarm help files on how to do it. But I use the comodo3 free firewall, and it uses net work zones, accepting every
network ICS address from 192.168.0.1 all the way up to 192.168.0.255 as addresses in the permitted range not to firewall out. IMHO, the freeware comodo3 is vastly superior to zonealarm free, and I can tell you exactly how to set comodo 3 up for ICS in a few simple steps. Zonealarm, I am not familiar with. I am somewhat familiar with the freeware version of the online armor firewall, and it too has its totally different gotcha's in terms of networking, until you learn to configure your firewall for networking. Almost every soft ware firewall will kill networking in its default state.


But with static addressing, I can send my client computer on line by itself using its own modem, but the nature of ICS means that the client cannot share its internet connection with the host.

But bottom line for you pmv, if you are going to use zonealarm free or any other third party software firewall, turn off the sp2 firewall, failing that, ICS will not work right off the back.

 

[pmv]

@lemon law & Sparky

Thank you for taking the time to give a detailed reply. I appreciate it.

I'm fairly sure I've figured out the Zone Alarm issue. My ignorance is less about Zone Alarm and more about how IP addresses work in general. Am I right then that 192.168.0.x is _always_ a local network address - I'm not going to find someone coming in from 'outside' with that IP and so being treated as 'local' by Zone Alarm?

But I've now managed to do it the other way, similar to Sparky's suggestion, as my modem is apparently also a 'sort of router', with a USB and ethernet socket that can be used together (and allegedly has a built-in firewall, though the manual doesn't explain anything about it other than saying it has one)

It seems to be working, with both PCs connected to the modem/router, both have net access and can also share files. Though I've yet to test if I can still use file sharing and printer sharing without being connected to the net - would have to turn on the modem on with the phone lead unplugged to check.

Its fortunate it seemed to work right away as I find the various settings in the modem/router setup pages utterly incomprehensible.

Oh I do have one remaining question - when specifying which IP addresses to treat as 'local' (zone alarm 'trusted zone') do I have to worry about 'subnet'? I can't figure out what that means exactly. Is the range of IP addresses sufficient?

 

[Lemon law]

Its seems to me pmv, that you are spending too much time wondering how it actually works, when very thick books are written to explain that, bottom line, get ICS working and wonder later.

If you have to temporarily disable zone alarm free to see if its a firewall problem, do so, but get internet sharing going to prove it works as a troubleshooting step one.

And if internet connection sharing works when both the sp2 firewall and the zone alarm are not factors, then you know its a firewall problem and know which tree to bark up.

And for that matter, you have confirmed your host computer IP address is 192.168.0.1 as I predicted, now what happens when you try ipconfig /all on the client computer?
If your client computer does not come up with an address of 192.168.0.xxx where xxx is some number between 2 and 254, you know you have some other problem to solve first.

We can't help you without knowing what is happening on your end.

 

[JackMDS]

Let Reset all the above and start with posting the model of you Modem.

If it is a Modem/Router then you are going very wrong about the whole issue.

If it is a Modem only with Ethernet output too, say by by and a prayer to the USB. get a Router and configure a real Network.

Real network looks like this, http://www.ezlan.net/router.jpg

 

[kevnich2]

Originally posted by: JackMDS
Let Reset all the above and start with posting the model of you Modem.

If it is a Modem/Router then you are going very wrong about the whole issue.

If it is a Modem only with Ethernet output too, say by by and a prayer to the USB. get a Router and configure a real Network.

Real network looks like this, http://www.ezlan.net/router.jpg

I second this. Screw this whole X-over cable and ICS garbage, your simply wasting time. As far as "significant cost", you can get a Asus WL-520Gu wireless router for about $45 depending on where you look. If that is significant cost, then I would suggest getting rid of your computers as those are much more significant cost. Also, axe the software firewalls. Go with the asus router and you won't need the software firewalls. I have seen those software firewalls screw up more network stacks than anything else (and most end up requiring a reinstall) The Asus WL-520Gu is also ddwrt capable but is fine with just the stock firmware.

 

[pmv]

Well I think I have everything working this way now (using both connections on the modem/router rather than the X-over cable).

I prefer it this way to ICS as I don't want to have to turn on host PC to access net from client PC, and because with ICS (which I couldn't quite get working anyway) the client PC would behave wierdly if the host PC wasn't turned on and the X-over cable was still plugged in (partly freezing sporadically, as if it were expecting to be able to communicate with other machine).

This way I can use either machine on the net without turning the other one on, or use both at once, and share files and the printer. It seems to all be working.

Its an MT882, which I thought was only a modem but is mentioned on many web sites as a 'modem/router'.

e.g.

http://www.kitz.co.uk/routers/SmartAX.htm

or

http://prasshhant.blogspot.com...cting-2-computers.html

Though admittedly I didn't follow the final part of the instructions there, both PCs are set to get DNS server automatically. It seems to work.

The other step was to make the entire 192.168.1.x range 'trusted' by zone alarm on both machines (it seems to work regardless of whether windows firewall is on or off, presumably because file/printer sharing is on its exceptions list)

If I'm doing something wrong and creating a security problem, by all means let me know. The bit I'm most unsure about, security-wise, is adding that range to the 'trusted' zone, but from googling I understand that that range can never be used by non-local traffic?

oh, and the mt882 apparently has its own firewall, though I'm not sure I'm confident enough about that to remove the software ones. The only information I have is that it has a firewall, don't know anything about it or its configuration.

 

[JackMDS]

http://www.ezlan.net/routers1.html

 

[Lemon law]

To pmv,

As JackMDS points out, there is no reason to remove your software firewall, but with any network set up, be it ICS, or via a router, there will be a learning curve.

And if nothing else, like the sp2 firewall, the NAT protections one might get with a router only monitors incoming coming traffic, and any descent third party software firewall will add some incoming protections, plus add the outgoing protections a router does not provide.

Think of it as malware robbing a bank, even if it can somehow get into the the bank (your computer in this analogy ), it does the crook no good if the crook can't get the money ( your personal information in this analogy ) out and into their hot little hands. And hardware and software firewalls share a common weakness, if you the user tell them you want the appealing bit of malware laden eye candy, both hardware and software firewalls will roll out the red carpet. But at least the better software firewalls will offer you log files to see what your incoming and outgoing internet traffic is and where its going.

In terms of a software firewall, I recommend the freeware comodo3 one, but if you insist on the zone alarm free, to smooth your configuration learning curve, try http://forums.zonelabs.com/zonelabs

 

[pmv]

@JackMDS
Thanks, I am reading through that, hopefullly will clear up my remaining confusion about the topic.
@Lemonlaw
Yeah I did once know that about router vs software firewalls, but forgot it again. I was responding to kevnich2's suggestion of removing software firewall. Given that mt882 has a hardware firewall I guess I have actually been more secure than I thought I was but as you say there are reasons for keeping both. I'll bear in mind the comodo suggestion for the future, but probably will stick with zonealarm now I am getting the hang of it, unless they wreck it with the next upgrade, as sometimes happens with these sorts of products.

 

[kevnich2]

I don't understand what you mean about using both usb & ethernet. a cable modem will allow you to use one or the other, not both. A residential cable modem will only lease out 1 IP address, so I'm not quite sure what it is that your doing. I don't know why I'm suggesting this again as I know it's just going to go in one ear and out the other but just trust us, go with the simple method and just get a wireless router, connect that to your cable modem and then connect the computers to that. Get rid of the software firewalls, nobody knows why these are a bad idea until all of a sudden their internet stops working, they spend hours troubleshooting and blaming their ISP and come to find out the software firewall they have installed is what is causing it. I have seen this from Zone Alarm, Norton, Mcafee, pretty much all of them. Sometimes you get lucky and just uninstalling it and it fixes it but most times it messes up the network stack and is pretty much un-fixable. But hey, what do I know, I only do this for a living and see 3-4 of these every day.

 

[pmv]

@kevnich2

Thing is, a wireless router requires buying USB receivers for both PCs, with the cost of the router itself that's a non-negligible amount of money, I see no point spending money if its not necessary. The router/modem I have allows you to use both USB and ethernet to set up a network, see the links in my earlier post. I wasn't aware of it myself till I googled for info, but many web pages emphasize that its actually a router/modem not just a modem (its called a router in the manual, which I hadn't actually noticed before, probably because when I got it I didn't really know what a router was and it was advertised as a modem). I haven't had any problems with zone alarm, apart from not being clear how to make it work with ICS, and my understanding is as lemonlaw says above a hardware firewall doesn't block outgoing communication from any malware that might have found a way on to the system. Thank you for the suggestions though.

 

[kevnich2]

If the computers are close enough right now to be connected with a cross over cable, why would you need usb receivers? Just plug them in with an ethernet cable directly to the router?? Just because it's a wireless router doesn't mean every computer has to be connected wirelessly.

As far as software firewall blocking outgoing connections to stop malware, I work on spyware infections all day long, a software firewall, is NOT going to stop it. All the spyware/malware infection will do once it gets on is hose the antivirus and firewall software that you have installed. By design, yes, it should work that way but believe me, it doesn't. Which is why I very sternly recommend AGAINST using them as it doesn't offer any more protection than not having it (as long as you have a hardware firewall in place for inbound protection). But like I said originally, what do I know?