|
Reader's Favorites
Media Casualties Mount Administration Split On Europe Invasion Administration In Crisis Over Burgeoning Quagmire Congress Concerned About Diversion From War On Japan Pot, Kettle On Line Two... Allies Seize Paris The Natural Gore Book Sales Tank, Supporters Claim Unfair Tactics Satan Files Lack Of Defamation Suit Why This Blog Bores People With Space Stuff A New Beginning My Hit Parade
Instapundit (Glenn Reynolds) Tim Blair James Lileks Bleats Virginia Postrel Kausfiles Winds Of Change (Joe Katzman) Little Green Footballs (Charles Johnson) Samizdata Eject Eject Eject (Bill Whittle) Space Alan Boyle (MSNBC) Space Politics (Jeff Foust) Space Transport News (Clark Lindsey) NASA Watch NASA Space Flight Hobby Space A Voyage To Arcturus (Jay Manifold) Dispatches From The Final Frontier (Michael Belfiore) Personal Spaceflight (Jeff Foust) Mars Blog The Flame Trench (Florida Today) Space Cynic Rocket Forge (Michael Mealing) COTS Watch (Michael Mealing) Curmudgeon's Corner (Mark Whittington) Selenian Boondocks Tales of the Heliosphere Out Of The Cradle Space For Commerce (Brian Dunbar) True Anomaly Kevin Parkin The Speculist (Phil Bowermaster) Spacecraft (Chris Hall) Space Pragmatism (Dan Schrimpsher) Eternal Golden Braid (Fred Kiesche) Carried Away (Dan Schmelzer) Laughing Wolf (C. Blake Powers) Chair Force Engineer (Air Force Procurement) Spacearium Saturn Follies JesusPhreaks (Scott Bell) Science
Nanobot (Howard Lovy) Lagniappe (Derek Lowe) Geek Press (Paul Hsieh) Gene Expression Carl Zimmer Redwood Dragon (Dave Trowbridge) Charles Murtaugh Turned Up To Eleven (Paul Orwin) Cowlix (Wes Cowley) Quark Soup (Dave Appell) Economics/Finance
Assymetrical Information (Jane Galt and Mindles H. Dreck) Marginal Revolution (Tyler Cowen et al) Man Without Qualities (Robert Musil) Knowledge Problem (Lynne Kiesling) Journoblogs The Ombudsgod Cut On The Bias (Susanna Cornett) Joanne Jacobs The Funny Pages
Cox & Forkum Day By Day Iowahawk Happy Fun Pundit Jim Treacher IMAO The Onion Amish Tech Support (Lawrence Simon) Scrapple Face (Scott Ott) Regular Reading
Quasipundit (Adragna & Vehrs) England's Sword (Iain Murray) Daily Pundit (Bill Quick) Pejman Pundit Daimnation! (Damian Penny) Aspara Girl Flit Z+ Blog (Andrew Zolli) Matt Welch Ken Layne The Kolkata Libertarian Midwest Conservative Journal Protein Wisdom (Jeff Goldstein et al) Dean's World (Dean Esmay) Yippee-Ki-Yay (Kevin McGehee) Vodka Pundit Richard Bennett Spleenville (Andrea Harris) Random Jottings (John Weidner) Natalie Solent On the Third Hand (Kathy Kinsley, Bellicose Woman) Patrick Ruffini Inappropriate Response (Moira Breen) Jerry Pournelle Other Worthy Weblogs
Ain't No Bad Dude (Brian Linse) Airstrip One A libertarian reads the papers Andrew Olmsted Anna Franco Review Ben Kepple's Daily Rant Bjorn Staerk Bitter Girl Catallaxy Files Dawson.com Dodgeblog Dropscan (Shiloh Bucher) End the War on Freedom Fevered Rants Fredrik Norman Heretical Ideas Ideas etc Insolvent Republic of Blogistan James Reuben Haney Libertarian Rant Matthew Edgar Mind over what matters Muslimpundit Page Fault Interrupt Photodude Privacy Digest Quare Rantburg Recovering Liberal Sand In The Gears(Anthony Woodlief) Sgt. Stryker The Blogs of War The Fly Bottle The Illuminated Donkey Unqualified Offerings What she really thinks Where HipHop & Libertarianism Meet Zem : blog Space Policy Links
Space Future The Space Review The Space Show Space Frontier Foundation Space Policy Digest BBS AWOL
USS Clueless (Steven Den Beste) Media Minder Unremitting Verse (Will Warren) World View (Brink Lindsay) The Last Page More Than Zero (Andrew Hofer) Pathetic Earthlings (Andrew Lloyd) Spaceship Summer (Derek Lyons) The New Space Age (Rob Wilson) Rocketman (Mark Oakley) Mazoo Site designed by Powered by Movable Type |
Firewalling Problem OK, I think I've found the culprit. Zone Alarm does seem to be blocking UDP between host and client, and I can't figure out how to stop it without completely disabling my Internet firewall. It thinks that the ethernet adaptor for the LAN is to the internet, and it won't allow me to edit or change that. It's the only firewall I have, so I can't take it down. I may have to upgrade from the free version to Zone Alarm Pro, because while the Help menu says that there's an option for setting it up for ICS, it doesn't seem to display it for the version I have. [Update a few minutes later] I finally figured out how to change the zone for the adaptor from "Internet" to "Trusted." My LAN is working properly now, but clients are still not seeing the internet. [Late afternoon update] I'm having trouble thinking that it's a Zone Alarm problem at this point, because I'm watching the log, and I've seen no activity on the LAN being blocked, even when I attempt an internet connection from a client. I can ping the host machine, but I can't ping anything on the internet, either by name or IP. This is most frustrating. [Update a couple hours later] At Ian Woollard's suggestion, I momentarily disabled Zone Alarm, and that was the problem. It seems to work if I reduce the security level for the Internet Zone from "High" to "Medium." I'm not sure that I can configure it more specifically without getting the full version, though. Now the question is, do I spend the forty bucks on Zone Alarm Pro, or on a router...? I'm inclined to the former, because I can buy it on line, and it will be a good belt-suspenders system for when I get a good hardware firewall up. Posted by Rand Simberg at July 08, 2004 07:10 AMTrackBack URL for this entry:
http://www.transterrestrial.com/mt-diagnostics.cgi/2627 Listed below are links to weblogs that reference this post from Transterrestrial Musings.
Comments
Lets see for my zone alarm I have the following internet security settings. High security zone settings Blocks all other traffic except: Which version are you using? Zone Alarm Pro? I'm running the free one, but maybe I'll have to upgrade to get the flexibility and functionality I need. Posted by Rand Simberg at July 8, 2004 11:12 AMHmmmm...if ZA were the problem, wouldn't I be seeing blocked attempts in the log? There's no activity showing on the LAN--just hits from the outside on my internet adaptor. Posted by Rand Simberg at July 8, 2004 11:17 AMJust try turning ZA off for a few minute or two. It's very unlikely you'll be infected or attacked in that time. If you get connectivity, you have atleast isolated the problem. If you don't, you have atleast proved that it isn't that, or isn't only that. Posted by Ian Woollard at July 8, 2004 02:23 PMWhy not just use the firewall and router that come with XP? All you need is an extra network card in the puter that connects to the internet.On the puter that connects to the internet,right click my network places,click properties,right click the connection to the internet, click properties,click the "advanced" tab, fill in the internet connection sharing and firewall boxes.On the other card,plug it into your hub/switch. plug the rest of your puters into the switch/hub.there you have it. Posted by curtis kreutzberg at July 8, 2004 04:08 PMThere's lots of good stuff on ZA and ICS here: http://forum.zonelabs.org/zonelabs/search?q=ICS It looks rather like you can only use ICS with pro or plus versions of ZA. See: There's a description of how to set up ZA: http://don.hoover.net/index.html but they appear to be using ZA pro there. I've recently found that version 5 locks up my XP computer entirely, due to incompatibilities with a perfectly legitimate spam filtering program. and I was forced to drop down to ZA 4.5 which worked fine. So, I'm not entirely happy with ZA, it seems very opaque when it doesn't work. In your case a message from ZA telling you that they don't recommend using it with ICS and recommending an upgrade would have saved so much hassle, and more likely to land them a sale. Still, ZA has kept my computers safe for quite a while. Now I'm no network guru and momma is the local computer hardware type, but our experience here and at our last house were similar to yours and we found that ZA does not play well with XP. We went back to Win 2K and all is well. Of the ZA people and Win Tech Support neither had answers or solutions for our problems. They blamed, and here's the odd part, each other!! Posted by Steve at July 8, 2004 05:34 PMWhy not just use the firewall and router that come with XP? Great idea! If only I had (and wanted) XP... Posted by Rand Simberg at July 8, 2004 06:34 PMOh god, ZA and ICS!!! Arrghhh, I didn't see anything blocked in the logs when I once had the same problem at a client's house last year either. ZA sux IMHO, don't know what's better, but ZA sux. Posted by David Mercer at July 8, 2004 11:18 PM"Why not just use the firewall and router that come with XP?" Because XP firewall is broken to the bone. It will start up IP stack long before FW becomes active. I did use cheap D-Link router/firewall for quite long time with no problems whatsoever, it even did dynamic DNS. Don't use ZoneAlarm - nothing but grief down that road! Before I put a BSD box in front of my Windows machine I used Kerio Personal Firewall (http://www.kerio.com/us/kpf_home.html). That never gave me any trouble with ICS, and it is fully configurable for free - always a plus! The config is very easy too - basically turn it on, and it will default to blocking everything and asking you what to do when it detects activity. Authorize what you want, block the rest - after 10 minutes or so it will have seen all it needs to build a rule set. Posted by Dominic at July 9, 2004 02:38 AMI'd look at something other than ZA Pro. I've been using it for a while and when I rebuild my machine next (sometime this year) I'll be throwing it out. It's not just connectivity problems but I also find that certain web pages simply refuse to load with it turned on. I've checked with other ZA users and they have the same problems. I'd scrap Zone Alarm. I had the pro version for a month and it completely messed up the computer. I had to hack into the system in order to uninstall it. The darn thing would not recognize my password and I had no net connectivity for a month. Posted by Dave Allen at July 9, 2004 05:58 AMFrom your posts on this subject, you mentioned that you do, in fact, have a router back in California that will eventually be brought on-board in Florida, correct? I don't see the need to spend your money on yet another one to hold your pants up until that router makes it to FL. While I'm no ZA expert, it sounds like most other people here aren't too fond of it, but if you only need to use it for a short time, I would say go with the software solution for now, unless you think that you're going to need another router down the line. More likely, by the time you decide to install another router, Gbe will be more standardized, and you'll be stuck with two 10/100 routers. Just my $.02 (USD, not CND) Posted by John at July 9, 2004 08:06 AMPost a comment |