Transcript: Windows XP Professional and Windows XP Home Edition: Home Networking Series #7, June 1, 2004
Published: June 10, 2004
Chat Date: June 1, 2004
Please note: Portions of this transcript have been edited for clarity
Introduction
Moderator: Brian_B (Microsoft)
Welcome to today’s Windows Expert Zone chat. Our topic today is Home Networking.
Moderator: Brian_B (Microsoft)
We are pleased to welcome our experts for today I will have him introduce them introduce themselves now.
Host scottman: (Microsoft)
Hi - I am Scott Manchester, Lead PM for the Network Experience Team. I welcome your questions on Home Networking.
Host Erik: (Microsoft)
Hi. I'm Erik Johnson and I work in the network experience team testing Internet Connection Sharing and the Windows Firewall.
Moderator: Brian_B (Microsoft)
...and I am your pleasant, but firm Host; Brian Boston :). I am a Community Program Manager. While others may arrive during this chat, right now its just the three of us.
Start of Chat
Host: scottman (Microsoft)
Q: Is there anything that can keep a wireless home network secure from other people connecting to it?
A: You should enable wireless security (WEP or WPA) at a minimum. You can also enable MAC filtering and turn off your SSID broadcasts. What type of wireless AP are you using?
Host: scottman (Microsoft)
Q: Are there any plans to maybe create a more advanced version of ICS offering more features for advanced users?
A: We may add some minor enhancements to ICS in future versions of windows, but I suggest you use a dedicated router if you need advanced settings.
Host: Erik (Microsoft)
Q: I have 4 systems getting 4 separate IP's thru a switch. I use IPX/SPX currently to get them to communicate.. is there a better way?
A: Actually, IPX/SPX should work well for this, assuming you have control of who can access your broadcast domain. In other words, you'll want to make sure that none of your neighbors with IPX can reach your systems directly. If the 4 IPs are on the same subnet, it would also be safe to use TCP/IP assuming you have a firewall which lets you restrict access to a particular subnet or list of IP addresses.
Host: Erik (Microsoft)
Q: Erik if I use the same subnet and yes my firewall can restrict to a certain subnet will that stop the packets from going all the way to the ISP and back?
A: No. The firewall would just prevent incoming packets from outside of the IP addresses you authorize from being able to reach your file shares. The question of where the packets you send go is more of a question of routing. When you say that they go to the ISP and back, do you mean that the packets are being sent to the MAC address of the ISP's router? Theoretically, this should never happen if the sending machine recognizes that the destination IP is on his same subnet.
Host: scottman (Microsoft)
Q: Is there an easy way to forward (large) port ranges in ICS. Right now you can only forward single ports.
A: No there is no easy way to do it though you could technically script it (not recommended) using public ICS API's documented on MSDN. Here is the link to the MSDN ICS API - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ics/ics/internet_connection_sharing_and_internet_connection_firewall_reference.asp
Host: Erik (Microsoft)
Q: Any new networking tools in Sp2
A: See http://www.microsoft.com/presspass/newsroom/winxp/WindowsXPSPFS.asp for general details about XPSP2. One tool not mentioned in this doc is the Windows Smart Network Key. See http://download.microsoft.com/download/5/b/5/5b5bec17-ea71-4653-9539-204a672f11cf/WSNK.doc
Host: scottman (Microsoft)
Q: About the Firewall with SP2, is there any list of application that is allowed by default to access internet like Internet Explorer for example ?
A: The Windows Firewall only does inbound filtering so applications like IE will work by default. You can add applications to a (list) for inbound filtering.
Host: scottman (Microsoft)
Q: I have computers that will not share but I can see them in network places
A: You can view available file and printer shares via My Network Places but may not have the credentials to access them. Are you using "Simple File Sharing" - enabled by default on XP.
Host: Dave (Microsoft)
Q: Is there any tool(s) to troubleshoot networking problem regarding applications problems in a lan environment (other than the debug log...)
A: KB314067 on "How to troubleshoot TCP/IP connectivity with Windows XP" covers a number of tools useful for troubleshooting like ping, tracert, pathping, netstat, etc. The URL for the KB is http://support.microsoft.com/default.aspx?scid=KB;[LN];314067
Host: Dave (Microsoft)
Q: HOW do you troubleshoot "the page cannot be displayed errors"?
A: One reason this might occur is due to TCP/IP connectivity problems (again see KB314067).
Host: Erik (Microsoft)
Q: SP2: Why isn't port 80 blocked for all applications (e.g Corel Draw 12 searching for Update). Will this be changed in this way that every program/port will be blocked on the user's first start and he has to allow each program to access the
A: I haven't heard of any plans to update the firewall in XPSP2 to block outbound connections. This would be a larger effort than just watching port 80 (Corel Draw could easily use any other port to check for updates).
A: I would think that a change of this kind would require a lot of work to implement correctly and would have pretty massive impact on the end-user experience, but I couldn't comment on the official reasons why such a feature is not being included in XPSP2
Host: Salahuddin (Microsoft)
A: To add to Erik’s comments, we're considering outbound port blocking in future releases. This is a lot of work and was not possible during the XPSP2 timeframe.
Host: scottman (Microsoft)
Q: I have xp sp1a do I have to download xp sp2
A: I would recommend upgrading all previous versions of Windows XP to SP2 when it is released - Lots of security enhancements and a few new features.
Host: Erik (Microsoft)
Q: I don't really understand why I have to add my FTPClient to the white list and not internet explorer
A: This is more of a question of protocols than applications. Your FTP client is most likely attempting an active FTP, which requires your machine to be able to receive an inbound connection. Since the firewall you're working with disallows all inbound connections by default, the app needs to be whitelisted.. Conversely, IE does passive FTP by default, and in that flavor of the protocol all connections are established outbound to the FTP server. Since the firewall allows outbound connections, there's no reason to whitelist IE.
Host: Erik (Microsoft)
Q: Ok, Erik, it's just a question of stateful connection if I don't have misunderstood ?
A: You've got it. Passive FTP sends outbound packets to the server when connecting the data channel, so it creates state in the firewall. Active FTP requires the server to connect the data channel to a listening port on the FTP client, so when the connection arrives there's no state in the firewall to indicate that the connection should be allowed in. The final release of XPSP2 may be a bit different than what you're experiencing now in release candidates, though.
Host: Chris (Microsoft)
Q: does ICS support AOL Broadband UK?
A: Yes -> If you are connected to the Internet using AOL in the Untied Kingdom you can connect to the Internet via Internet Connection Sharing if you establish a connection using the new connection wizard You can also firewall the connection as well through this interface. Here's a link that can help you: http://support.microsoft.com/default.aspx?scid=KB;[LN];310563.
Host: Salahuddin (Microsoft)
Q: I have a home network n have norton firewall installed on them both how can I make it so I can access files on both? with out turning the firewall off?
A: You need to open TCP Ports: 139 and 445 and UDP Ports 137 and 138
Host: scottman (Microsoft)
Q: How come when you boot if your on a network it takes 3mins + sometimes for your pc to kick in
A: If you are booting with a domain joined PC it may be a script that is attempting to run when you boot. If this is a WG machine connected to a home network there may be other issues.
Host: Dave (Microsoft)
Q: from Neowin member, People have been experiencing trouble with slow general response time from their computer when they have a massive HOSTS file. This problem, however, can be get around by disabling the DNS Client. What's the connection?
A: The DNS client uses the hosts and lmhosts files in addition to using DNS to resolve names. Large hosts files are not recommended. http://support.microsoft.com/default.aspx?scid=kb;[LN];142309 describes the order.
Host: Salahuddin (Microsoft)
Q: I have an acquaintance who wants to setup his 2 home computers as a LAN. he has a router (I think wireless) and wants to be able to send files up and down stairs. The small networking wizard in Windows didn't work.
A: If the machines can ping one another then he can try to use the computer with the \\ipaddress and see if that works. If it does then we will need to add each computer to the other one's Hosts file.
Host: Erik (Microsoft)
Q: Why do I get really slow transfers on MSN messenger for no reason?
A: Nothing happens for no reason. ;-) MSN messenger will try several different methods to get a file transfer going between two peers (IPv4 and IPv6 direct connections both from the file sender and to the file sender). If all of these fail (due to NATs or firewalls preventing true end-to-end communication), then Messenger will fail over to relaying the file through a server. This is quite slow as you may have noticed.
Moderator: Brian_B (Microsoft)
I’d like to thank Scott, Dave, Salahuddin, Chris and Erik from the Network Experience Team for joining us today for this Windows Expert Zone Chat Microsoft Community Chat. If you asked a question that we didn't get to, we'll try to answer in the chat transcript of this session available soon on the Expert Zone site.
Moderator: Brian_B (Microsoft)
...and the rest of you for your questions and comments.
Moderator: Brian_B (Microsoft)
If you would like further information on home networking, check out the home networking web site at http://www.microsoft.com/windowsxp/homenetworking/.
Moderator: Brian_B (Microsoft)
Thanks for your interest and feedback! We are going to leave now. You are welcome to continue chatting in the lower window. This is a place for anyone in the Expert Zone community to connect with each other. We encourage you to use it anytime we are not doing a scheduled chat.
For further information on this topic please visit the following:
Newsgroups: Windows XP General Discussion
Transcripts: Read the archive of past Windows XP chats.
Website: Visit the home page for Windows XP
