<%mainShowBanner("ciu") %>

<%mainShowBanner("CIU-FLEX(CIU-2)") %>

Troubleshooting the Windows XP Internet Connection Firewall (ICF)

Are you using the Windows XP Internet Connection Firewall feature correctly? In this week's Q&A, we explain how and when ICF should be used. We'll also show you how to easily increase the range of your wireless network.

By Ron Pacchiano

Q. I have four computers connected to a DSL router with a built-in 8-port switch. Each system is using a static IP address and is running Windows XP Professional. Internet Connection Firewall (ICF) has also been enabled on each of the systems for security. All of the computers have access to the Internet and belong to the same workgroup, yet they can't see each other. When I disable ICF, though, I can gain access to all of the PCs in my workgroup. This leads me to believe that I'm doing something wrong. I shouldn't have to disable ICF in order to have a functioning workgroup, should I?

A. You are right in your assumption that you shouldn't need to disable ICF in order to have a functioning workgroup. Of course, this is providing that you have configured ICF correctly to begin with. You see, the role of the Internet Connection Firewall (ICF) is to protect your network from unauthorized access. In order to do this the firewall needs to be placed between the network and your Internet connection. This placement allows the firewall to examine all incoming traffic before it can make it onto your network, thereby protecting it from attack.

All traffic moving behind the firewall is considered to be trusted by the network. To prevent another user on the network from accessing restricted data on your PC or server, you need to assign rights to each user and folder on your network. The rights dictate what data can be accessed by which users.

If you are using ICF on all of your workstations, then every machine should be considered an individual network, which means all requests for data between those machines or networks will automatically be blocked.

In order to use ICF to protect your network, all of your systems will have to be configured to share the Internet connection from one of your PCs. This means that one PC (called the Host) will need to be equipped with two network adapters. One adapter will be used to connect to the Internet and the other to connect to a hub or switch.

All Internet requests made by your other PCs (called Clients) will then be routed through the Host PC. This way, ICF will only be monitoring the traffic coming in through the Internet connection, and each PC in the workgroup will be protected, even though they are not all running ICF.

Complete instructions for configuring Internet Connection Sharing for both the host and clients can be found at http://support.microsoft.com/default.aspx?scid=kb;en-us;306126.

However, our advice would be to just replace your current router with one that comes equipped with a hardware firewall and not bother with the headaches associated with ICF. Prices for these products have come down considerably in the last few years, and hardware firewalls are usually more reliable and easier to configure than ICF.

Q. I am using a D-Link DL-614+ wireless router and have a cable modem Internet connection. My office is located in the basement of my home. My wife can use her notebook computer throughout most of the house, but not outside on the balcony. The balcony is located on the second floor of the house off of the Master bedroom. The signal actually appears to get weaker in the bedroom, but it is useable.

Once outside, though, the signal completely disappears, even when the balcony door is open. Is there anything I can do to increase the signal strength to the balcony or perhaps replace the wireless card with something more powerful? I'm currently using a D-Link DWL-650+ card. Any suggestions would be greatly appreciated.

A. The range of wireless communications varies greatly depending on your environment. Whereas I might be able to get over 150ft from my wireless router, you might only be able to go 75ft. Many things can interfere with the signal. Everything from concrete walls to cordless phones can have a dramatic effect on range.

When I first read your question, I thought that your problem was being caused primarily by interference from the balcony door. I had to reassess this conclusion, though, when you said that the door was left open. Taking that into consideration, I would have to conclude that your balcony simply exceeds the range of your wireless network.

The way to get around this is to use a Repeater. When you first broadcast a digital signal, it is very strong. As it continues to travel away from its source, the signal strength begins to grow weaker. The farther the signal travels, the weaker it becomes, until finally it completely loses its integrity. This is referred to as Attenuation (Definition). A Repeater picks up the weakened signal, regenerates it, and then rebroadcasts it, thus extending the range of your network.

It wasn't until recently that affordable wireless repeaters became available. I actually reviewed one from D-Link a few months ago that would be perfect for you. While the D-Link AirPlus 900AP+ is marketed as an access point, it is user configurable to perform different tasks, typically as an access point or a wireless bridge, and a recent firmware update added Repeater functionality as well. The unit has a street price of about $85, making it quite affordable. My complete review is available online at http://www.80211-planet.com/reviews/AP/article.php/1492131.

[Editor's Note: D-Link also recently released the $99 DWL-800AP+ AirPlus 22Mbps Wireless Range Extender, an access point/repeater that extends the range of enhanced 802.11b+ wireless networks by up to 50%.]

After you configure the repeater to work with your network, simply plug it in somewhere on the second floor of your house near the Master bedroom. This should easily extend the range of your wireless network to cover the balcony. You can use the performance monitoring utility that was included with your D-Link PC Card to measure the signal strength, both before and after the installation. Hope this helps!

Use our feedback form to submit your questions on home or SOHO networking issues. We can not guarantee to answer every question we get, but we'll consider them all