Windows XP & Internet Connection Firewall

Markus Schönhaber mks99@t-online.de
Thu Apr 10 06:03:00 GMT 2003 

Andrew DeFaria wrote:
> Greg Kremer wrote:
> 
>> Rob,
>> Thanks a million.  That fix works.
>>
>> Thanks again for your expertise.
>>
>> Greg Kremer
>>
>> rob2@siklos.ca wrote:
>>
>>> Go to the properties windows for your internet connection, and click 
>>> on the Advanced tab.  Here is where you probably enabled your 
>>> firewall.  Click on the Settings button and add a new service in the 
>>> Services tab.  In the name/ip address field, put the name of your 
>>> computer. Put 6000 for both port numbers, and use TCP (i think).  
>>> Before you click Ok, make sure you check the box for the service you 
>>> just added. 
>>
>>
> It's amazing how quick people are to say "it doesn't work" without first 
> checking around a little bit. My first inclination when I hit a problem 
> like this was to try the Settings button and lo and behold there it was, 
> plain as day, how to add a "service" by a port number.
> 
> Anyway, one thing that is a little confusing to me is the "In the 
> name/ip address field, put the name of your computer" portion. It is 
> clear that we are talking about two different computers here, his XP 
> machine and his Unix box. So which name goes in that field? The 
> description says "Name or IP address (for example 192.168.0.12) of the 
> computer hosting this service on your network" and the "What's this?" 
> help you can get to by right clicking on that description says "Provides 
> a space for you to type the name or IP address of the computer on your 
> home network where the service resides.". So I would think that you put 
> in the name or IP address of the Unix box.
> 

The "... put the name of your computer" input box is there because you 
can do some kind of DNAT with this "firewall". I. e. if this computer 
does internet connection sharing for your local network, you can make 
services running on boxes that don't have a public address publicly 
available by entering their local name or IP into this field. It has 
nothing to do with who might be allowed to connect to your computer and 
who might be rejected.

> In fact I did this very same thing allowing a Linux box on my home 
> network to display an XDMCP session to my Cygwin XFree86 server running 
> on my XP box. But my question is this: Can only my Linux box with this 
> IP address put up X traffic through this firewall? IOW if I get another 
> Linux box with another IP address would I need to add another entry here 
> for port 6000 from that IP address? Or can this Name/IP address be an IP 
> range?
> 

No, as said above, the source of packets coming in does not matter. If 
you start the "firewall" all incoming packets that don't belong to an 
established connection (I'm not exact here, I think) are dropped. If you 
want to allow connections to a port on this machine, you enter the name 
of this machine in the input field (the name of your local machine 
should appear there when you edit one of the predefined services). If 
you want too make DNAT, you enter the name or IP of the machine the 
packets should be sent to.

I think this gets (if just a tiny, tiny little bit) off topic...

Regards
   mks



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

More information about the Cygwin mailing list