Hi guys. I’m behind a westell modem/router and have just recently began sharing my connection with a friend across the hall again. I don’t want to share any files,etc… so I have turned off the server (lanman service). I have also turned off LAN DHCP in the router. He is using a netgear wireless plugged into usb on his pc to share connection. He is just using windows firewall and I am using comodo 2.4. I know there is good faqs but I think my sitution is a little different so thats why I am posting. Basically everything seems to be workin fine. I am network admin and have setup the security in the modem/router. I have not ran the “define trusted network wizard” and was just wondering if There is anything I am missing or that is not optimized by not doing so. I did notice the usual comodo log entries that I saw others post about… His Lan IP incomming port 137 (nbname), ICMP being blocked but our connections seem to be fine.
Guys ? Common help a Lan noob here. Basically I just want to know if I should Create this trusted zone or is this not really necessary since there is no file sharing. Was worried about if something malicious happened to the PC that I share the connection with that I wouldnt be affected by it till I looked at his PC. So can I create this zone with maybe some added rules and not have to worry as much ? So I don’t have to pm. Panic or Soya again. :Beer
I realize that more specifics/screenshot might be asked for.
Well if it was me in this Situation i would’nt
If you friend is connecting wirelessly to the router, then you don’t have to do anything. His connection is to the router, which handles his connection to the internet. The only common element is that you both connect to the one router.
You suggested that you might run the network wizard and add some rules to filter his traffic out. The nett effect of this would be the same as if you didn’t run the wizard in the first place, as the firewall will filter his traffic out if there is no declared trusted zone.
If your friend isn’t direct connecting to the router, can you provide greater detail in how he is connecting? Otherwise, I think you’re fine.
hope this helps,
Yeah he is connecting directly to the router via wireless. I think I am worrying about some things that I don’t need to. Still learnin about this. Thanks Ewen, your the best.
When I said
You suggested that you might run the network wizard and add some rules to filter his traffic out. The nett effect of this would be the same as if you didn't run the wizard in the first place, as the firewall will filter his traffic out if there is no declared trusted zone.there is actually one difference. Without a trusted zone, you'll still keep getting log entries from the router. what you can do to prevent these is as follows (and these instructions are based on the assumption your routers address is 192.168.1.1);
- Statically assign an address of 192.168.1.2 to your PC.
- Create a trusted zone of 192.168.1.1 to 192.168.1.2
- Log into your router and change the DHCP address allocation range so that it starts at a higher address than 192.168.1.2.
This way, you won’t get log entries from your router just chattering away and your friend can still get an IP from your router, but it’s clear of your trusted zone. The other measures you’ve taken to eliminate file and print sharing with your mate are fine.
The only drawback is that if your PC is a laptop and you go to another location, you’ll have to revert to a dynamic address. If your PC is a laptop, you could use the ethernet port with a static address when you’re near the router and use wifi dynamically when your away.
Unfortunately everything is a compromise. It’s just a case of finding the best one.
hope this helps,