stand alone firewalls

Hard to advise without a lot more detail!

In general - set your computers to pick up an IP address, etc, automatically, and then they will all end up on the same "subnet". Disable PC-based firewalls for now.

Reboot the PCs and then run "ipconfig" in a command prompt to see what IP addresses they have picked up. Try pinging one from the other. eg: ping a.b.c.d - replacing letters with numbers you got from ipconfig.

Once you can ping, you can create file shares on one, and map network drives on the other. You do both from within windows explorer.

If you always run your machines behind a hardware firewall, then you probably don't need a software firewall, except that they can alert you to the fact that something is running on your machine and making outgoing connections. I do use software firewalls.

Hope that helps!

I tried to run ipconfig, a window popped up briefly and then closed. I tried running ipconfig on my other computers and the same thing happened. It doesn't give me time to even look for an ip address....thanks for the help...tom

Try ipconfig /all (with a gap between g and /) and see if that works.

Robbie

I just sent an answer to this. I just realised what your problem could be. I think your problem is you are typing ipconfig into the run box. You have to type cmd then ipconfig into the box that opens. Try that and see if it works.

Robbie

Typing cmd first was what i needed to do to get the ip address. I use Zone Alarm and it has a place i can enter a range of ip addresses that it will allow through. If I put in a range of numbers, and i am guessing,

192.168.0.1 through 192.168.0.256, it will allow my computers on my network to see each other? DLink saaid i really dont need a software firewall if i am using my firewall. I disabled my firewall and ran a leak test. It didnt take anytime beofre the test broke through. Am i correct in assuming this range will work for what i need it to do?...thanks for your help...tom

Almost. 192.168.0.1 to 192.168.0.254 (not 256).

The '0' in each range this the address of the "Subnet", rather than any machine on it, and '255' is reserved for multicast communications.

The alternative way of specifying your local, private network is to define it in ZoneAlarm as a "subnet", with Address: 192.168.0.0 and "Subnet Mask" of 255.255.255.0.

Do i need to put these range of IP numbers in all my computers on the home network? Even if the main computer had Zone Alarm and the others have Norton? What is a loopback adapter, should it be listed? It is listed as a trusted site, but i do not recall adding it to my trusted sites.....thanks for the help...tom

Look at it this way: if you want the firewall on a given computer to "trust" one or more other computers which may be trying to connect, then you have to specify which the trusted computers are. It's common (but not universal) to trust any computer which resides on the same subnet - if that's the case, then you can put the whole subnet in the Trusted Zone.

A firewall will normally allow responses to a communication which was initiated from the computer (or group of computers) which it is protecting - this is why you can connect to any webserver anywhere and receive the pages. However, a firewall will block unsolicited incoming traffic unless it has a rule to allow it. So, you may not need to set up rules (by entering the subnet into the firewall's Trusted Zone) on a machine which only initiates communications. In practice, though, you're more likely to get it all working if all the firewalls agree on what range or subnet should be trusted.

Thanks very much for your time and help. It seems that the ip address range you gave me worked fine. I have a loopback adpator in my trusted zone. Do i need that, i dint add that to the zone...thanks tom

Bizarrely, I remembered that I'd forgotten to comment on the loopback adapter as I was falling asleep last night. (Must get out more...)

A network adapter is, ordinarily, a bit of physical kit which provides an electrical and logical interface between an external cable (or signal) and the "system" (motherboard, if you like). As I understand it, the "loopback adapter" is a logical entity which allows a system to route traffic to itself - it's useful to ping yourself sometimes to verify that TCP/IP is installed and working, for example. As there is no external interface, it's ok to trust it, and most firewalls make that reasonable assumption.

Thanks for the help,,,,I am not sure if i wrote back, but the range of numbers you gave me worked great. It seems i am protected and my network is doing what it is suppose to do. Thanks again for your help...tom

Looking back through the thread I'm troubled by one thing - that your testing of the D-Link shows holes.

While I understand that you ran LEAK TEST, it only really tests outbound connections, which many people don't need to be worried about, but they should monitor them in real-time.

Since you have a D-Link router that does NAT, as long as you didn't expose any ports inbound, nothing you don't invite will get INTO your network, that is a function of NAT in the router.

So, what that means is, if you don't connect to something, it can't connect to you. While this is not a firewall, it does mean that all the malware in the world can be hitting your public IP address and unless you have port forwarding enabled and directed INBOUND, the malware is not going to get into your network. Now, if you connect to a compromised website, a site with malware content, a download with malware, then that site you connected to can reach you.

If you follow normal safe practices and monitor the logs at the router, then you don't really need a personal firewall application. One last thing, if you are not following safe practices then it's very likely that you've already compromised your personal firewall application.