Cannot view network from command prompt

Product: CFP 3
OS: Windows XP Professional, SP2

With the firewall OFF, when I type “new view” from a command prompt, I can see all the computers in the network.

With the firewall ON, in training mode or train with safe mode, with the same command I get,
“System Error 6118 has occurred, The list of servers for this workgroup is currently not available”

I turn the firewall OFF and everything works fine.

A. I have not created any rules.
B. I have defined a network (192.168.0.1 to 192.168.0.254), called it Work, and used the first option in the “Stealth Ports Wizard” to define a trusted network, nothing else.

Appreciate any suggestions.

You’ll need to extend your network definition to include the LAN broadcast address 192.168.0.255. Microsoft file sharing makes a lot of use of broadcast traffic.

You may need to define some rules. This article Internet firewalls prevent file sharing - Windows Client | Microsoft Learn has details about the System Error 6118, and lists the ports that MS Networking protocols use. The broadcastt traffic should take of the problem, but if not, then it may be necessary to add some port rules.

Suggestion: don’t use an address range to define a network. Use an address mask instead (in your case, 192.168.0.0/255.255.255.0). If needed you can always exclude address range(s) from the network with an additional rule.

What is the advantage of using the address mask?

Al

It includes all possible addresses in the network, including the broadcast one.

I modified the range to include 255. Still no change.
I changed to a mask (see attached). Still no change.

I have the ranges separately as well as under the adapter (see graphic). Is this ok or should the ranges be only under the adapter?

Thanks, this is getting quite frustrating.

I also keep loosing access to the file server, I have posted that under another topic.

[attachment deleted by admin]

You may need to modify your Global Rules so that the Microsoft Networking broadcast packets from your LAN can be received by your machine. Something along the lines of “allow TCP or UDP in&out from myLAN to myLAN”. You may need to experiment some to get the proper port numbers in the rules, if you want to tighten up the rules. Watch your Firewall Events log, and see what it tells you. If that doesn’t seem to do anything, then I’ll ask that you post your Global Rules and your Application Rules.

Ok, here are my global rules and custom rules. Hope this helps, I have not added, modified or deleted any.
Thanks

[attachment deleted by admin]

Looks like a couple of additions may be needed. If you check CFP “Active Connections” you’ll see a list of applications, and what port they’re connecting to. The MS Networking ports are 135,137,138,139, and 445. My machine is showing the System process, and svchost.exe as being the port listeners. What they are listening for, is that broadcast traffic coming from other machines on your LAN.

Your Application Rules are showing rules for System and svchost.exe to allow only outbound traffic from your machine, and block traffic inbound to your machine. So, no MS Networking.

To change that, you need to add a rule like this to both System and to svchost.exe:

Allow In&Out
Protocol IP
From 192.168.0.0 mask 255.255.255.0
To 192.168.0.0 mask 255.255.255.0
IP Details any

and position this new rule before the default “block&log all” rule.

That’s probably a bit too permissive, but it should work. It can be tightened up later. Your Global Rules need to be tightened up also, but for the moment aren’t causing any problems with MS Networking.