Hello wjmartin.
First of all, there is a possible solution to your problem, however, I don’t feel this is a problem that can be overcome through manipulation of the firewall alone, although setting some rules will be necessary.
The first thing to consider is how two computers of a Microsoft network communicate. To understand this, it is important to understand some terminology.
- Host name
The host name is a simple text string used to identify a computer on a network. Whilst it may take different forms, for the sake of simplicity, we will use the following:
computer1
computer2
enterprise
fred
Each computer on a network has a unique name assigned to it and it is this identifier that we humans use to decide which computers to connect to.
On Microsoft networks we also come across a variation of the host name, which is called the NetBios name, but that is for another conversation.
- IP Address
In addition to the host name, each computer is assigned a unique IP address. This address may be assigned either manually or automatically via DHCP (Dynamic Host Configuration Protocol).
Addresses today fall into a series of different categories. For the purpose of this discussion we will consider just two of these categories, Reserved or private addresses and public addresses. Public addresses are those that are used on the Internet and are typically assigned to Internet clients via DHCP, although sometimes they are also fixed.
Reserved or private addresses are those that companies or people with LAN’s use internally on their private networks. These networks are typically connected to the Internet via a gateway device such as a NAT (Network Address Translation).
The reserved addresses fall into three blocks, where each block can provide a range of unique IP Addresses.
10.0.0.0 - 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255
Another you may come across is:
169.254.0.0 - 169.254.255.255
This is reserved for use on Microsoft networks and is used to dynamically allocate an IP address in the absence of a DHCP server.
On a private network any of the aforementioned blocks of addresses may be used, however, because of the number of unique addresses that may be allocated from each range, most small companies and small LAN’s typically use 192.168.0.0…
- MAC Address
Finally, each computer attached to a network has a NIC (Network Interface Card) and each NIC has a unique identifier called a MAC (Media Access Control) address.
To summarise, each PC connected to a network has three unique identifiers. A host name an IP address and a MAC address, e.g.
computer1 - 192.168.1.1 - 00-0C-76-1E-4E-70
The usual way to connect to a computer on a Microsoft (TCP/IP) based network is via Network Neighbourhood, although there are several alternative methods. This process starts when a computer is selected from the interface or by manually entering the information. Lets look at what happens:
-
The computer is selected by name (computer1)
-
A process occurs where the name is resolved to an IP Address. This may be performed via DNS (Domain Name Service) or via a host table. (192.168.1.1)
-
The IP Address is resolved to the MAC address of the remote computer by ARP (Address Resolution Protocol)(00-0C-76-1E-4E-70)
-
A connection is established.
As you can see the process is quite involved and whilst it is quite possible to connect to a computer using the IP Address (if known) without recourse to the host name, connecting by using the MAC address alone is not easily achieved.
To reach your desired goal you will need to create a new ‘Zone’ and define a ‘Trusted Network’ in CPF, this will provide the necessary connectivity between your computers.
To provide the extra level of security for your shared folders, the best advice I can offer is to use the security built into XP (I assume XP home has similar features to XP Pro in this area?) Essentially this means creating an account for each user that needs to connect to the shares and then changing the default permissions on each share from Everyone/Read to explicitly allow only the defined user. By doing this, when someone needs to connect to a share of your computer they will be asked to enter a user name and password.
A little long winded, but I hope it help you understand the mechanics involved.
Toggie.