Help with setting up file sharing AND remote desktop

wetodit · August 18, 2006, 12:13pm

Hello -
I’m trying to get this firewall set up but it seems to be a bit tricky.
For example, I want to be able to share files within my network and I also want to be able to use windows’ remote desktop to access my machine from somewhere else.
I’ve fiddled with it for a while but have had no luck so far. I’ve even tried “remote desktopping” into the PC while sitting at the PC and waited for a little popup asking if it was OK for the app to go online but that didn’t happen…
could someone help me out? ???
thanks!

W1nTry · August 18, 2006, 12:27pm

There are 3 effective components to CPF. THe application monitor, component monitor and the network monitor. First off the network monitor allows/disallows traffic of a specified type (or all depending on what protocols you select) and it controls the direction of said traffic. Hence there is an in/out option. Before you can remote desktop or even access the resource you have to have rule to allow such.
Eg.
Let’s call your internal LAN 192.168.0.1-10
If you want to access network shares and remote desktop to and from other machines you’ll need a rule like:
Permission: Allow
Protocol: IP In/Out
Source: IP range 192.168.0.1-192.168.0.10
Remote (Destination): IP range 192.168.0.1-192.168.0.10
IP details: ANY
That will allow the free flow of traffic in and out of your machine to any other machine on your network. If you’re using remote desktop, once such a rule exists, you’ll get the pop-up window asking for permission for the application to get out.
Now you can be more specific once yuh know the ports/protocols etc.
Say you were using VNCviewer.
Your rule would look like:
Permission: Allow
Protocol: TCP/UDP Out
Source: Any
Remote (Destination): IP of machine to be controlled
Source port: ANY
Remote port: 5901
Once such a rule exists you will get the pop-up and it will work.

The application monitor allows applications access to your network resource, however without a network rule to allow the type of traffic the application uses and to the specific resource IP, you will get the pop-up but your actual connection will fail. I hope this helps. IF I got anything wrong here the mods or such will correct me. But I am pretty certain this is accurate.

m0ng0d · August 18, 2006, 10:02pm

Welcome to the forums.

Another easier way is to use the Trusted Zone Wizard to define your home network and setup some initial rules for your LAN. Just make sure that the rules it creates are at the top of the Rule list.

(B)