1. Home
  2. Networking Firewalls
  3. What is happening when I ping against firewall?

What is happening when I ping against firewall?

Hello everyone

I posted this question and received some responses but it was in a General XP forum. I came across this one and I hope that it will attract a definitive solution. I know that cross-posting is discouraged but I feel that this re-post is justified as this group seems to be much more relevant to my problem.

A friend and I each have XP Pro, connected to ADSL. He connects via a cable (to a modem rather than a router) and I connect wirelessly via a router. He relies upon the built in XP firewall whilst I have one in the router as well as ZoneAlarm on my laptop.

We tried to ping each other's IP address: his efforts to ping me resulted in the packets all being lost. Neither my router's nor ZoneAlarm's logs reported anything unusual. When I tried to ping him, the packets were all transmitted correctly and none were lost. I called him and he told me that his firewall was disabled. I asked him to enable it and repeated the ping - the same response occurred.

I am confused! I was under the impression that the ping attempts from one to the other should have resulted in the packets all being lost if the firewall is configured correctly. Is this right? If so, does it suggest that his firewall isn't set up correctly? If so, can anyone guide me to where I could find instructions to help him? I think that a log can be set up in the XP firewall and I'd like to help him to activate this so it reports my ping attempts. I'll google myself in anticipation of your response but would like advice from those more experienced than I am. Another question (if my thought process is corect) is "why did neither of my logs report his ping attempts?"

Thank you for your time and patience.

Reply to
Tosca
Loading thread data ...

Thank you Steven for your prompt and helpful response. Even though English may not be your first language, I can understand it perfectly well and, if you don't mind my saying, it's infinitely better than if I tried your

*first* language (which I suspect is one of the many Oriental languages!).

I've spoken with my friend since posting and he told me that his XP firewall has the following checked in the Advanced Settings:

13737 UDP 8679 TCP

so I wonder if one or both of these are allowing my pings to attract a response. I'm inclined to ask him to uncheck them and then I'll ping him again.

I will ask him to set up the XP Firewall log so we can see what's happening. My router has a facility of responding to, or ignoring, incoming pings so I'll make a swap and ask him to ping me again. There's also a log which I can set up to see what's happening.

Fascinating, this home networking stuff, isn't it????

Reply to
Tosca

The reason that the remote guy can't ping him will be simply that his router is not responding to the pings.

An incoming ping won't be passed to the PC, as (unless inbound connection forwarding is specifically set up in the router) there is simply no mapping in the router to tell the router where to send it!

paul

Reply to
paul blitz

Thanks Paul. I've spoken with Netgear and they're fairly helpful in setting things up but if I ask some related "general enquiry" question, they're not so helpful! I didn't expect a telephone tutorial from them but they could have been a little more receptive! At least the response would have been instantaneous!

I set a log on my router and it did, as expected, identify the incoming pings. The router also has a setting to respond to incoming pings and I checked that, but it didn't do as expected! I haven't found out how to map from the router to the laptop, merely as an academic exercise. I'm heartened by the fact that the router rejects the pings. My pal isn't so fortunate though. He had Printer and File Sharing ticked so we undid that - and his PC still responded to my pings. The XP Pro firewall log identified them.

I hope that someone else has some ideas to try. He hasn't got a router and doesn't see the need for one so it looks like a software setup solution is in order.

Thanks again for your time and patience.

Reply to
Tosca

I read in one of Microsoft KB that if file and printer sharing is enabled (I think it is port 445) then automatically ICMP ping is enabled. This can be verified under Windows Firewall (for that particular network adapter, Control Panel, Windows Firewall/Advance/Settting/Advance/Network Adapter/ICMP Tab/Settings/ Allow incoming echo request. A "Tick" to the Allow Incoming Echo Request will allow his computer to be pinged.)

Setting the log file should be fairly simple. Its under the security logging, log drop and successful logging. Default log file can be read using a normal text editor and the location is "c:\\windows\\pfirewall.log"

If he wants to disable ping request, he must ensure that

  1. Windows XP Firewall is ON.
  2. File and printer sharing is set to disabled.

As for your case, your router or zone alarm might already have ICMP disabled and hence, he can't ping you.

Sorry but I can't seem to remember the Microsoft KB and English is not my first language. I hope you understand what try to convey.

Reply to
Steven Ung

Here are the ports that Micro$oft uses

formatting link
ping is the ident port 113...I think.

Reply to
Anonymous

The "ping" command doesn't use a port. It's an ICMP (internet control message protocol) ECHO request.

Reply to
DevilsPGD

In Message-ID: posted on Mon, 08 Nov 2004 22:16:59 -0700, DevilsPGD wrote: Begin

Sometimes referred to as port "zero"

Reply to
Bart Bailey

Fascinating information - thank you.

Reply to
Tosca

Umm you can call it cloud nine if you want, but ICMP doesn't have a port. It's a protocol on the same level as TCP or UDP.

ICMP has a "type" rather then a "port"

Reply to
DevilsPGD

ping is on port 3503...I just checked it.

Reply to
Anonymous

Thanks Steven for the comprehensive instructions - I'll check them out and report back when I've had chance to speak with him.

Reply to
Tosca

Thats pretty odd as it worked for me. Once ICMP ping is disabled you shouldn't be able to ping him. Pls check the following;

  1. Windows XP Firewall is ON.
  2. File and printer sharing is set to disabled.
  3. Make sure under Control Panel/Firewall/ICMP Setttngs/Allow Incoming Echo Request is unchecked.
  4. Make sure he did not specifically open any ports under Control Panel/Firewall/Exception. (perhaps its a good idea to uncheck all Exception in order to properly test)

Well you could use the firewall log information and specifically block the port under IPsec/TCP filtering but lets not talk about this yet OR get him to install Zone Alarm?

Reply to
Steven Ung

No problem on the help thingy. Just report back so that others can benefit and learn. TQ

Reply to
Steven Ung

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.