I come from ZA Free and so far I had no problem with my network.
I tried to follow the Network Monitor rules you set in this forum as well as simply creating a Trust Zone, but I cannot succeed to get the 2 machines to see eachother.
What I do is the following:
PC
Create a Trust Zone, called LAN which ranges from (invented IP) 123.456.7.80 to 123.456.7.81
Run the Wizard and let it create the rules for a trusted network
Modify the created rules as follows:
Allow
IP
Out
Source IP: 123.456.7.80
Destination IP: Zone LAN
IP Details: Any
Allow
IP
In
Source IP: Zone LAN
Destination IP: 123.456.7.80
IP Details: Any
NOTEBOOK
Create a Trust Zone, called LAN which ranges from (invented IP) 123.456.7.80 to 123.456.7.81
Run the Wizard and let it create the rules for a trusted network
Modify the created rules as follows:
Allow
IP
Out
Source IP: 123.456.7.81
Destination IP: Zone LAN
IP Details: Any
Allow
IP
In
Source IP: Zone LAN
Destination IP: 123.456.7.81
IP Details: Any
I set the Master Browser to be my PC and not the notebook.
The ping works fine on both directions.
The rules are on top, then there are the installation ones with the Block & Log rule at the bottom.
The Block & Log rule is the one that does not allow the two machines to communicate, according to the logs.
I don’t know what to do anymore, hope you can help me to quickly solve this matter.
I think you need to allow broadcast traffic in, i.e, traffic to destination 123.456.7.255. The Wizard’s default rule is to allow traffic from trusted zone to any (not just your pc’s IP).
Keep in mind that Windows/netbios browser traffic is broadcast.
I guess you could either revert back to the default Wizard’s rules, or at add a broadcast traffic rule:
Allow
IP
In
Source IP: Zone LAN
Destination IP: 123.456.7.255
IP Details: Any
I’d recommend keeping the default Wizard’s rules so that you don’t have to worry about broadcast or multicast traffic (e.g media streaming, UPNP, …)
In your opinion, is it safer to follow the Trusted Zone way or the IP to IP way suggested in the Network Monitor rules in this forum?
I’m not aware of such a thread dealing with IP to IP.
The problem with a trusted zone is that it leaves your pc wide open to any host on the local network. If you have wireless, that makes it even less secure.
On the other hand, if you go the more secure way (IP to IP) you have add lots of rules, e.g, allow UDP port 138 from every pc to the broadcast address (x.x.x.255) for Windows networking. You’d have to research and figure out each and every protocol you need.
I have created a trusted zone for my local network, however, I’ve tightened up my wireless setup:
OpenWRT/X-WRT1 router with: WPA2/AES encryption, MAC filter list, Radio power reduced to cover a distance of only 50 feet, and a strong password.
So I guess it comes down to your security requirements. Either way, CPF is flexible enough to accommodate both approaches.
I have done exactly as you have described in your network, but still I think more can be done, that’s why I’m investigating.
There is something I noticed, as a difference with ZA Free:
When I go into My Network Places, the Network Location column was called “Local Network” in ZA, now I see “Internet”, I don’t know if I have to worry about it or not ???
Another strange thing, if I look at the logs of my PC, every 30 sec. the following log appears: