This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows XP & Internet Connection Firewall


Andrew DeFaria wrote:
Greg Kremer wrote:

Rob,
Thanks a million.  That fix works.

Thanks again for your expertise.

Greg Kremer

rob2 at siklos dot ca wrote:

Go to the properties windows for your internet connection, and click on the Advanced tab. Here is where you probably enabled your firewall. Click on the Settings button and add a new service in the Services tab. In the name/ip address field, put the name of your computer. Put 6000 for both port numbers, and use TCP (i think). Before you click Ok, make sure you check the box for the service you just added.


It's amazing how quick people are to say "it doesn't work" without first checking around a little bit. My first inclination when I hit a problem like this was to try the Settings button and lo and behold there it was, plain as day, how to add a "service" by a port number.

Anyway, one thing that is a little confusing to me is the "In the name/ip address field, put the name of your computer" portion. It is clear that we are talking about two different computers here, his XP machine and his Unix box. So which name goes in that field? The description says "Name or IP address (for example 192.168.0.12) of the computer hosting this service on your network" and the "What's this?" help you can get to by right clicking on that description says "Provides a space for you to type the name or IP address of the computer on your home network where the service resides.". So I would think that you put in the name or IP address of the Unix box.


The "... put the name of your computer" input box is there because you can do some kind of DNAT with this "firewall". I. e. if this computer does internet connection sharing for your local network, you can make services running on boxes that don't have a public address publicly available by entering their local name or IP into this field. It has nothing to do with who might be allowed to connect to your computer and who might be rejected.


In fact I did this very same thing allowing a Linux box on my home network to display an XDMCP session to my Cygwin XFree86 server running on my XP box. But my question is this: Can only my Linux box with this IP address put up X traffic through this firewall? IOW if I get another Linux box with another IP address would I need to add another entry here for port 6000 from that IP address? Or can this Name/IP address be an IP range?


No, as said above, the source of packets coming in does not matter. If you start the "firewall" all incoming packets that don't belong to an established connection (I'm not exact here, I think) are dropped. If you want to allow connections to a port on this machine, you enter the name of this machine in the input field (the name of your local machine should appear there when you edit one of the predefined services). If you want too make DNAT, you enter the name or IP of the machine the packets should be sent to.


I think this gets (if just a tiny, tiny little bit) off topic...

Regards
  mks



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]