Troubleshooting Q&A - July 29, 2005
Two Firewalls Too Much of a Good Thing
One Internet connection and two computers each running firewall software can mean PCs that refuse to talk to each other. Here's an easy way to break down walls. Plus, diagnosing the cause of a dysfunctional wireless network.
By Ron Pacchiano
Q. I recently purchased a new PC and moved my old PC into the kids room. We have only the one printer and the kids needed access to the Internet anyway, so I decided to setup a small network to give them access to these things. It went smoothly except for one small problem. For some reason I can't seem to access either PC without first disabling my ZoneAlarm firewall. When the firewall is disabled, everything works fine. However, the moment I turn it on I lose all conductivity with the other PC. I don't understand why I have to disable my firewall in order to access my new PC. What am I doing wrong? Any suggestions you have to fix this would be helpful. Thank you.
A. Regardless of whether you're using a software firewall like ZoneAlarm's or a hardware firewall, all are designed to do essentially the same thing protect your network from unauthorized access. In order to do this, the firewall needs to be placed between the network (LAN) and your Internet (WAN) connection. This placement allows the firewall to examine all incoming WAN traffic before it can make it onto your network. Any traffic not recognized by the firewall will be discarded. Since the firewall is supposed to be acting as a gateway to your network, all traffic moving behind it is considered to be trusted by the network and allowed to move freely between workstations.
If, however, you were to use the ZoneAlarm Firewall on both of your workstations, each system would in essence become a LAN. So even if they shared a workgroup name, they would still be unable to gain access to one another because the firewall is seeing the data request as originating from outside of its own network. To get around this you either have to one of two things:
Personally, if I were you, I would just be to disable the software firewall altogether and just stick with the hardware one. In my opinion it's the easiest, simplest and quickest solution.
Q. I have two computers that I would like to network using a wireless connection. Both computers are using Windows XP Home Edition and are equipped with D-Link DWL-122 USB wireless adapters. The drivers for the wireless adapters have been installed and are listed as working in the Windows Device Manager on both systems. There is even a green "D" near the clock that indicates that the system is online. Yet in spite of this, the PCs can't seem to communicate with one another. The systems don't display in Network Places, I can't reach any of my share folders and, to top it off, I can't even ping from one PC to the other. I'm at a loss to explain this and don't know what to do next. Do you have any idea what might be wrong and what would be the best way for me to go about correcting it? Thank you.
A. Trying to network two PCs can sometimes be frustrating especially if you're not overly familiar with the basic networking principals. For instance, if you can't ping either PC, then you might as well stop trying anything else because something is fundamentally wrong with your current configuration. The only time when a PC wouldn't respond to a ping and was configured correctly would be if you had a firewall running on that PC that was specifically set to not respond to the Ping command. Also, just because the D-Link utility is showing that the system is online doesn't necessarily indicate that your network is configured correctly. It just means that the card can see the presence of another wireless adapter or access point.
Also, you didn't mention if these two PCs were going to be connecting to each other directly or if there was a router or access point involved. This makes a big difference in how the wireless adapter needs to be configured. If they are communicating directly with each other in a peer-to-peer network then the wireless adapters need to be set to broadcast in Ad-Hoc mode. If, on the other hand, a router or access point is being used, then you'll need to configure the network interface cards (NICs) to operate in Infrastructure Mode.
With that out of the way, we can start configuring your network. First, you'll need to double-check your IP settings. In a peer-to-peer environment (one without an access point or wireless router) you should make sure that both PCs are using a static IP address and share a common subnet mask. A typical example for this would be to give PC1 an IP address of 192.168.0.2 and PC2 an IP address of 192.168.0.3. 192.168.0.1 would usually be reserved for the wireless router. Then each PC would be given a Subnet mask of 255.255.255.0. If you're using a wireless router, then there is a strong possibility that the router is handling the IP address assignments dynamically via DHCP. However, you should still double-check the settings just to be safe.
Next, check to see if both computers are members of the same workgroup. Also, verify that both wireless cards are configured to use the same wireless settings. They should share a common SSID (just like the workgroup name) and they should be transmitting data on the same channel.
To make things easier on yourself, I would also disable any WEP encryption you currently have in place. I understand that you want your data to be secure, but WEP can add a level of complexity to the network configuration that you just don't need right now. Once you have conductivity between your two systems, then you can worry about securing them with WEP. When you do finally enable it, take your time and ensure that WEP settings on both cards are set to the same encryption level (64-bit, 128-bit, and so on) and are using identical encryption keys. If you follow these steps you should find yourself online in no time. I hope this helps.
Use our feedback form to submit your questions on home or SOHO networking issues. Please be as specific as possible. We cannot guarantee to answer every question we get, but we’ll consider them all.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|