Two Firewalls Too Much of a Good Thing

By Ronald Pacchiano | Posted August 05, 2005

I recently purchased a new PC for my home-based business and moved my old PC into the kids room. We have only the one printer and the kids need Internet access anyway, so I decided to setup a small network so they can print and surf the Web. It went smoothly except for one small problem. For some reason I can't seem to access either PC without first disabling my ZoneAlarm firewall. When the firewall is disabled, everything works fine. However, the moment I turn it on I lose all connectivity with the other PC. I don't understand why I have to disable my firewall in order to access my new PC. What am I doing wrong? Any suggestions you have to fix this would be helpful. Thank you.

Regardless of whether you're using a software firewall like ZoneAlarm's or a hardware firewall, both are designed to do essentially the same thing — protect your network from unauthorized access. In order to do this, the firewall needs to be placed between the network (LAN) and your Internet (WAN) connection. This placement allows the firewall to examine all incoming WAN traffic before it can make it onto your network. Any traffic not recognized by the firewall will be discarded. Since the firewall is supposed to be acting as a gateway to your network, all traffic moving behind it is considered trusted by the network and allowed to move freely between workstations.

If, however, you were to use the ZoneAlarm Firewall on both of your workstations, each system would in essence become a LAN. So even if they shared a workgroup name, they would still be unable to gain access to one another because the firewall is seeing the data request as originating from outside of its own network. To get around this you must do one of two things:

  1. Get rid of the ZoneAlarm firewall on each PC and just rely on your router's hardware based firewall to protect you (which is fine, by the way)
  2. Define rules within the firewall software that grant each PC full access to the other. This tells the firewall that it's OK for traffic to pass back and forth between these two systems. The ZoneAlarm documentation should give you the information you need to successfully configure that, or you could try contacting the company's tech support group and they should be able to walk you through it.

If I were you, I would just disable the software firewall altogether and stick with the hardware one. In my opinion it's the easiest, simplest and quickest solution.

I have two computers that I would like to network using a wireless connection. Both computers are using Windows XP Home Edition and are equipped with D-Link DWL-122 USB wireless adapters. The drivers for the wireless adapters have been installed and are listed as working in the Windows Device Manager on both systems. There is even a green "D" near the clock that indicates that the system is online. Yet in spite of this, the PCs can't seem to communicate with one another. The systems don't display in Network Places, I can't reach any of my share folders and, to top it off, I can't even ping from one PC to the other. I'm at a loss to explain this and don't know what to do next. Do you have any idea what might be wrong, and what would be the best way for me to go about correcting it? Thank you.

Trying to network two PCs can sometimes be frustrating — especially if you're not overly familiar with the basic networking principals. For instance, if you can't ping either PC, then you might as well stop trying anything else because something is fundamentally wrong with your current configuration.

The only time when a PC wouldn't respond to a ping and was configured correctly would be if you had a firewall running on that PC that was specifically set to not respond to the ping command. Also, just because the D-Link utility is showing that the system is online doesn't necessarily indicate that your network is configured correctly. It just means that the card can see the presence of another wireless adapter or access point.

Also, you didn't mention if these two PCs were going to be connecting to each other directly or if there was a router or access point involved. This makes a big difference in how the wireless adapter needs to be configured. If they are communicating directly with each other in a peer-to-peer network then the wireless adapters need to be set to broadcast in Ad-Hoc mode. If, on the other hand, a router or access point is being used, then you'll need to configure the network interface cards (NICs) to operate in Infrastructure Mode.

With that out of the way, we can start configuring your network. First, you'll need to double-check your IP settings. In a peer-to-peer environment (one without an access point or wireless router) you should make sure that both PCs are using a static IP address and that they share a common subnet mask.

A typical example for this would be to give PC1 an IP address of 192.168.0.2 and PC2 an IP address of 192.168.0.3. The 192.168.0.1 address would usually be reserved for the wireless router. Then each PC would be given a subnet mask of 255.255.255.0. If you're using a wireless router, then there is a strong possibility that the router is handling the IP address assignments dynamically via DHCP. However, you should still double-check the settings just to be safe.

Next you need to check to see if both computers are members of the same workgroup. Also, verify that both wireless cards are configured to use the same wireless settings. They should share a common SSID (just like the workgroup name), and they should be transmitting data on the same channel.

To make things easier on yourself, disable any WEP encryption you currently have in place. I understand that you want your data to be secure, but WEP can add a level of complexity to the network configuration that you just don't need right now. Once you have conductivity between your two systems, then you can go back and secure them with WEP.

When you do finally enable it, take your time and ensure that WEP settings on both cards are set to the same encryption level (64-bit, 128-bit, and so on) and are using identical encryption keys. If you follow these steps you should find yourself online in no time. I hope this helps.

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date