I have a Windows XP Professional connected to internet via dial-up, which is shared via a home LAN to a Windows 98 system. In my XP, I was using CFP CFP 2.4.16.174 and everything was ok. So I installed CFP 3.0.13.268. Since then, my Win98 can’t connect to internet unless via IP addresses, i.e., it doesn’t get name resolution anymore. Everything gets ok again when I dactivate CFP.
Trying to find the problem, I saw that Win98 uses my WinXP as DNS server (Win98 IP settings are got automatically thanks to WinXP internet connection sharing), but CFP blocks any request Win98 does do WinXP’s port 53.
How can I correct this? Right now, I’ve manually set Win98 DNS to a known remote DNS server. It’s working, but I think it is not the best thing to do.
Indeed, once I’ve installed .273 build, it was enough to delete “Windows Updater Applications” rule and to allow incoming DNS lookups for svchost.exe. But I got somewhat worried: the pop up ask me for allowing or blocking and etc; by allowing, the rule automatically created for svchost.exe allows every in/out request for every source/destination IP and port. I had to adjust it manually to restrict the permission for my home LAN. Isn’t the rule automatically created too permissive?
Yes, and the rules that you create to allow only LAN connections in Predefined Policies do not show up on the list of policies on the pop-up. That means that you have to edit any programs that you want to have a different policy from the ones on the pop-up. Also, it is common for people to just click Allow when they first get the pop-up for their Web Browser or Email Client even though the pop-up has the policy for them displayed beside the “Treat this program as…” button. It would be nice if that were the default action for browsers/email clients rather than Allow. A couple of tweaks that should be on their to do list.