I'd found ZA was the trouble (as the trouble seemed to be) Hmm... but, I
thought I cross posted, though don't see the post on this ng.
http://groups.google.com/groups?hl=e...ws.astound.net
I do see plenty of useful responses here. (:
"N. Miller" wrote in message
om...
In article , says...
Probably irrelevant: In Win Network of both PCs, I've tried various
settings
for File & Printer Sharing: "Disabled", "Enabled", "Automatic", but
general
result is: some lack of visibility [2] occurs for the PC "Master
Browser"
set "Disabled".
In my LAN, I have the Windows Me computer running an MTA set with the
Master
Browser as "Enabled", and the other Windows Me computer set to
"Automatic".
The MTA reference is only because that computer spends the most time up
and
running; the computer which is on the longest is the only one which should
have the Master Browser enabled.
My pcs have been running fine theses few days with both Enabled. I wonder
why Master Browser has been given a setting? And wonder why recommendations
are always: "Set only one pc as Enable". I doubt I'll carry out an
investigation, unless the LAN stops running for causes seemingly related to
Master Browser.
PROGRESS: Web clues told me ZoneAlarm might be the hang up. This was
confirmed because both PCs see files properly if I shutdown both ZA.
Based on further web clues, I think I should be able to run ZA.
Because...
1 Shutdown Za on pc2. ZA on only pc1 with pc2's subnet in pc1 Firewall
Zones. Now, pc1 can see pc2 files. 2-way network usability between the
PCs.
2 (If pc2 ZA is running, it's ZA shows pc1 subnet IP "blocked" message,
when
pc1 tries to open Entire Network.)
(As I described in my follow-up to other cross-posted group(s), a bad Za
install was to blame. I had updated ZA with a "clean install" per ZA's
installer, but apparently the install wasn't *completely* clean. Or my
experience resulted from other freak happenstance.)
Hmmm. I am kind of stumped about this one. There should only be one
subnet;
all LAN computers are members of that subnet. If you intend for sharing
files and printers between them, that is. The firewalls on all PCs behind
the router should all be set to trust all addresses in the router's LAN
block. Your LAN IP should be a block in, say 192.168.0.0; with the last
dotted quad being anything from 1 to 254. Your ZA firewall should trust
all
addresses in that range; 192.168.0.1 to 192.168.0.255, with subnet mask
255.255.255.0. All copies of ZA on all PCs in the LAN should have that
established as a trusted network.
I think I may have acquired a misuse of the term 'subnet' as I interpreted
the term 'subnet' from ZA's "blocked IP" message.
The router is 192.168.0.1
pc1 is .2
pc2 is .3
If I find I can change the pcs to some other IPs within .2 to .255 range,
then I will (if only to keep numbering non standard in a simple, and
self-documented, manner).
ZA Help suggests allowing full 255 mask in ZA Firewall Zones, but I prefer
fewest necessary IPs (maybe for uselessly paranoid reasons). So, in ZA
Firewall Zones, I allowed only the two ip's assigned (term?) by the router
..2 and .3.
Trying to imitate subnet entry success on pc1, I'd like to add pc1
subnet to
pc2 ZA... But pc2's ZA is MISSING FIREWALL ZONES tab!!! So I can't add
pc1
subnet to pc2's ZA. . I installed slightly newer ver. ZA[3], but same
problem, Firewall Zones tab is not there.[4]
I am not familiar with ZA. Do you have an "Advanced" options setting which
needs to be enabled? Or maybe it is set to be on a gateway computer? Your
router is your gateway, and any software firewall should ***NOT*** be set
as
a gateway firewall.
I haven't touched anything that says "gateway". I believe I saw "gateway" in
only the router config.
snip
Footnotes:
Not relevant.
Not relevant.
(yes, as I suspected. Footnotes included only out of paranoia (: )
Both: Primary logon is Windows Logon, though MS Client Networks is still
listed. Both now have an automatic logon, user name "default". (password
are
blank, but for extra security, maybe I could store a password while
still
have automatic logon at startup?)
Windows Logon is good. Password isn't really necessary in a trusted
physical
environment.
Thanks for the confirm. The router is supposed provide a 'safe' LAN, and
logons are annoying. But, I'll try to stay reasonably aware of news, so when
someone manages to crack SPI, I'll search for a new solution.
No IIRC, or interactive games (no need for IPX/SPX). No server or remote
access uses anticipated.
Only affects a need for port forwarding in the router; don't worry about
it.
Standard Netgear router's settings, except I replaced password.
[1] Per grc "bondage" pages, I've fiddled with NetBEUI protocol, and
bindings. Eventually I noticed that only TCP/IP bindings allow Internet
access (because this router uses only TCP/IP?), so I've since Removed
NetBEUI. Result: ShieldsUp shows router (maybe with assist from ZA) is
stealthing all 1056 ports - good.
Actually, the Internet use TCP/IP. With the router in place, the GRC
"bindings" isn't entirely necessary. You can leave NetBIOS accessible
behind
the router because it should be blocking NetBIOS packets between the LAN
and
the WAN. ZA is not helping to maintain "stealth" on the router; indeed,
you
shouldn't see any incoming packets in the ZA logs at all.
I'm not using any software LAN (such as MS's NetBEUI/NetBIOS with ICS) And
my attempted variations suggest that Netgear can use only TCP/IP for LAN.
[2] Lack of visibility are balking at: 1) Entire Network", 2) not seeing
workgroup, or 3) not opening the (other) pc to see list of shared
folder/printers. After discovering Za blocking, in both PCs' Win Network
I've set File & Printer Sharing: "Master Browser" Enabled.
Only the computer expected to remain powered up the longest should be the
Master Browser; no other computer should be set as the Master Browser.
http://www.tomsnetworking.com/Sectio...le64-page7.php
select one computer that's always or most frequently on that doesn't have a
wireless network connection and let it run the Browse Master service
TIP: When you disable the Computer Browser service on each machine, keep it
shut off until only the Browse Master computer is left. Then turn on the
other computers, one by one
http://www.buildorbuy.org/browsemaster.html
When 2 or more PC's each think they have the Master Browser List, they argue
until resolving this conflict which takes on average 15 minutes before
normalcy returns and LAN/WAN access returns. Yes, this is by design!
Hmm. Maybe I've been lucky. Just coincidence I haven't seen trouble.
[3] ZoneAlarm Free. Zlsetup attempted on pc2 are today's download
5..0.590.043 and a previous recent version 5..0.590.015. That previous
5..0.590.015 is allowing me to use the zones tab on pc1
All copies of ZAF should be set to trust all IP addresses assigned by the
router.
(Exactly, and only, the two IP's Netgear assigns to the two pc's adapters.)
[4] Firewall Zones tab may have always been missing, when pc2 wasn't
networked. But I hadn't any reason to look for the tab. Hmmm.. comparing
ZA
dialog in both PCs... I see pc2 also lacks the "Preferences" and
"Product
Info" tabs in "Overview" dialog. And I think "Preferences" (and likely
Product Info) were missing before I downloaded the slightly newer
Zlsetup.
I always choose "clean install" during zlsetup.
Again, I suggest looking for something like an "Advanced" tab. I vaguely
recall (from using it three years ago) some such setting. BTW, I gave it
up
when I discovered that ZAF on a gateway computer could not be set to
maximum
security. Tiny Personal Firewall, the one which is now called Kerio
Personal
Firewall, had a special "gateway" setting for a computer acting as the
gateway in an ICS setup. Of course, now I have a router, so I don't use
that
gateway setting. But I got used to using KPF, so it stayed.
Similarly, I've been using ZA Free with Proxo (and occasional Adaware and
Spybot scans) for a few years, so I'm sticking with those. Mostly in hopes
of reducing Win resource wastage, I might try ZA's combo FW+AV. Deciding
will depend on news about ZA FW combo with Computer Associates AV. They
don't seem to be truly meshed.