Advice needed for a network solution.

[adamski49]

Can someone offer me some advice on which way to go with my grand plan please.

I want to add a network storage device (Something like this or this What's the difference betwen the two? ) to store all my media, mainly music and photos, for all PC's to access plus media players by Hi-fi's (like this) and the TV (like this).

Small problem - I currently have ntl broadband distributed by a Linksys 4 port 802.11b wireless router. All 4 ports are taken by my CAT5 cabling (3 PC's and a PS2). The Linksys device is prone to locking up on a regular basis, say monthly, and requires a quick reset. Unfortuantely this normally loses the local network I have set up.

Questions as follows:

1. Do I need to upgrade my wireless to 802.11g for quality music streaming? If so should I go the whole hog and go for 108 MBps straight away?

2. a) If I don't need to upgrade to 802.11g can I just piggyback a Linksys 8 port hub/switch and connect everything to this?
b) Would this overcome the router reset problem and retain my network on all PC's?
c) Would the network storage device still be visible via the wireless router?

3. Option 2 - As I work from home, should I get a 'grown up' firewall type router to connect ntl broadband? Can I then attach an 8 port wireless broadcast device (if there is such a thing) to it?

4. Option 3 - How easy is it to set up a server using one of my old PIII PC's?

Blimey, that got a bit technical

I realise there is almost an infinite ways of achieving this but I'm looking for the most cost effective and future proof method as I don't want to do it all again next year. Any advice greatfully recived.

Cheers

Adam

 

[adamski49]

Despite the lack of replies I've gone ahead with option 2a and used an 8 port Linksys switch/hub to connect all PC's etc on the network and then used the uplink to connect to the Linksys Router.

Wow! Super fast net connection. Not sure why but it's definitely quicker.

However, can I get the PC's to see each other? Can I feck. Used the XP network wizard but I get a message along the lines of "Not accessible, might not have permission, contact administrator" and so on.

PC1 is XP Pro, Norton AV Pro and FW
PC2 & PC3 is XP Home, ZoneAlarm and AVG (both free versions)

All 3 PC's have a 3Com EtherLink XL 10/100 PCI NIC (3C905C-TX) so should happily talk to each other.

I'm guessing it's the firewalls screwing things up but Norton has the relevant IP addresses released (from previous networking, although not recently).

Any ideas?

What's the run command to get IP addresses for individual PC's?

What's the 'ping' command?

How do I get to the ZoneAlarm settings to free it up for a home network? (I skipped the wizard when I installed it as I wasn't connected to the net and now I can't find it).

I've been here before and it seems as though, just as I'm about to launch a PC out of the window, they all start communicating as if there was never a problem. Until then, any help greatfully appreciated.

Cheers

Adam

 

[Steve]

First off, ditch ZoneAlarm. You've got a perfectly adequate NAT firewall in the router.

Then ditch (or at least disable) Norton.

I think they're probably what's stopping you from connecting.

And the "run" command you're looking for is "ipconfig"

ping xx.xx.xx.xx , where xx.xx.xx.xx is the IP address.

 

[Clive]

What's the run command to get IP addresses for individual PC's?

What's the 'ping' command?

Go into a command prompt window - Start/Run/cmd...

ipconfig /all

will give you details of the IP address etc - repeat for all 3 machines

from each try and "ping" the others e.g. if PC 2 is 192.168.0.3 then from PC1 try
ping 192.168.0.3

 

[adamski49]

Thanks for the replies. Well, as I said, connections suddenly appeared although still barred. Removal of FW's solved it.

Steve - Are you saying that I can safely remove ZA and Norton FW and rely solely on the XP FW as I'm sat behind a NAT firewall? I don't recall seeing any mention of NAT (I will check) and it came with Norton Internet Security (spawn of the devil software!)

Adam (sitting nervously with the FWs down)

 

[ianf]

NAT stops any inbound connections to your network unless you specifically ask the router to forward requests on specific ports to a particular machine on your network. That machine needs a fixed ip locally for this to work. It knows about connections you make outbound and maps them for you. As long s you keep the list of forwarded ports down to a minimum needed for any services you want to be exposed the risk is low, especially as most routers like the netgear ones don't respond at all to requests they can't map.

The only need to run any firewall at all behind a NAT firewall is if you are paranoid about mysterious outbound connections and use zonealarm to warn of applications making them.

 

[adamski49]

NAT stops any inbound connections to your network unless you specifically ask the router to forward requests on specific ports to a particular machine on your network. That machine needs a fixed ip locally for this to work. It knows about connections you make outbound and maps them for you. As long s you keep the list of forwarded ports down to a minimum needed for any services you want to be exposed the risk is low, especially as most routers like the netgear ones don't respond at all to requests they can't map.

The only need to run any firewall at all behind a NAT firewall is if you are paranoid about mysterious outbound connections and use zonealarm to warn of applications making them.

I might give the impression I know what I'm talking about but I don't... so many things in and out (I assume) that I don't know what to allow and what to stop. Probably safer if I keep firewalls up

Strangely, only one of the ZoneAlarm protected PC's has a problem seeing the network!? I've disabled ZA, found the connections I want so I can update the media library and I'll see what happens when I turn it back on.

Adam

 

[adamski49]

Ok, it would appear that the only way I can have ZoneAlarm running and a happy, communicating network is if I cough up for ZA Pro so that I can configure the network settings

So, moving on. I've dumped ZA and run the Symantec security check on the two PC's and both come out with the same results. Lots of stealth ports (good) and closed ports (OK) but three open (bad).

ICMP Ping Ping. Ping is a network troubleshooting utility. It asks your computer to acknowledge its existence. If your computer responds positively to a ping, hackers are more likely to target your computer.

22 SSH. TCP connections to this port might indicate a search for SSH, which has a few exploitable features. SSH is a secure replacement for Telnet. The most common uses of SSH are to securely login and copy files from a server.

80 HTTP (Hypertext Transfer Protocol). HTTP is used to transfer Web pages over the Internet. Port 80 should be open only if you're running a Web server.

Can I close these manually? If so, how / where?

Alternatively, any suggestions for a simple and free firewall / security solution that will still allow networking?

Thanks

Adam

 

[Clive]

run the Symantec security check on the two PC's and both come out with the same results. Lots of stealth ports (good) and closed ports (OK) but three open (bad).

Alternatively, any suggestions for a simple and free firewall / security solution that will still allow networking?

What is this "security check" - is it an application that you run or a Web site that you go to ?

Do you know what the IP address of your router is (192.168.0.1 possibly?) try accessing through a web browser http://192.168.0.1/ - normally you would get a config screen.

If your IP addresses on the PCs start with 192.168.xx.xx and they can all access the Internet then you are using NAT and you really don't need anything else other that the router "Firewall"

 

[adamski49]

Clive

The security check is a web based one. Symantec (them of Norton infamy )

Yes, the router is 198.162.1.1 and then all PCs are assigned 192.168.1.xxx etc and they can all access the internet. I'll take your word for it that we're all hidden behind the NAT firewall.

I suppose with AVG, XP Firewall and Windows Defender all running plus regular AdAware and SpyBot checks I shouldn't be at risk.

Thanks for your help.

Adam

 

[Clive]

The security check is a web based one. Symantec (them of Norton infamy )

You should be able to configure the router to NOT respond to Ping (ICMP) - I can't imagine why 22/80 are open on the router (by default) - perhaps it is UPnP enabled and you have these services running through a UPnp aware service on one of your machines ?

Are you running a web server at home? (might be on the XP Pro box) if not it shouldn't matter too much since the incoming requests on 80 won't have anywhere to go. Maybe the router is configure for "external" admin - if so switch that off if you can.

 

[adamski49]

- I can't find 'ICMP' or 'External Admin' options anywhere in the router set up.
- UPnP is disabled on the router setup.
- 80 is not enabled (that's not to say it's disabled, just no tick in the enable box)

I'm not running a webserver (at least I don't think I am?) but I do use FTP software to upload/update my business website. If it's the XP Pro machine causing the issues I'm not too worried as this has Norton AV and FW running quite happily.

It's this Linksys router if that's any help and I've applied the latest firmware.

I won't change direction for a career in IT just yet

Thanks again

Adam

 

[Clive]

It's this Linksys router if that's any help and I've applied the latest firmware.

Page 25 of the User Guide linked from above. Check "Remote User Access" is disabled (that's what I meant by External Admin)

Page 24 talks about Applications and Gaming - Port Triggering & UPnp Forwarding - I presume you have nothing listed in there. I still don't know why 22/80 responded - have you checked via Shields up ? https://www.grc.com/x/ne.dll?bh0bkyd2

Page 21 talks about "Block WAN requests" to stop "pings" - it says it's enabled by default but you may want to check it.

 

[adamski49]

Page 25 - Access is restricted to one MAC address - I assume this is my ntl cable modem.

Page 24 - nothing selected.

Page 21 - Set up exactly as per the diagram

Wireless is off at the moment but when I enable it there is an SSID, WPA key etc before anyone can get on.

I passed the Shields Up with flying colours... then it dawned on me I'm at my XP Pro machine with Norton I'll go and try the others.

EDIT: Ok, all tested and all gave the same results. The only 'weak' point is Port 113 which is showing as closed rather than stealth. I'm considering uninstalling Norton FW if it's just sat there taking up memory.

Anyway, many thanks for your help. I owe you a beer or three.

Adam

 

[Clive]

then it dawned on me I'm at my XP Pro machine with Norton I'll go and try the others.

Erm, I think you have missed what the point of a Firewall Router is

If you have the UPnP option switched off on the router then it won't matter what you have running on the PC or where you check from - the checks will be against the (open) Ports on the router.

 

[adamski49]

Erm, I think you have missed what the point of a Firewall Router is

Highly likely I'll dump Norton FW then (see edit above).

Cheers

Adam

 

[Clive]

EDIT: Ok, all tested and all gave the same results. The only 'weak' point is Port 113 which is showing as closed rather than stealth. I'm considering uninstalling Norton FW if it's just sat there taking up memory.

Have a read of this https://www.grc.com/port_113.htm

Quote "UPDATE: The latest firmware update for the Linksys family of NAT routers has added an adaptive IDENT stealthing feature (though it is not enabled by default). So the Linksys routers will give you the best of both worlds. Bravo Linksys!"

But I can't see mention of that in your user Guide.

 

[adamski49]

It's not in the user guide as that's the original one identical to the one in the box. However, I found the setting at the bottom of the security page and have enabled it.

Run Shields Up again and it passed - all ports in stealth mode now!

Thanks again. 'Tis easy when you know how

Cheers

Adam