Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3E94A82B.8070401@t-online.de>
Date: Thu, 10 Apr 2003 01:09:31 +0200
From: =?ISO-8859-1?Q?Markus_Sch=F6nhaber?= <mks99 AT t-online DOT de>
Reply-To: cygwin AT cygwin DOT com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4b) Gecko/20030406
X-Accept-Language: de-de, de, en-us, en
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Windows XP & Internet Connection Firewall
References: <3E946D8F DOT 4020705 AT wright DOT edu> <00ec01c2fecb$180c2320$cc0aa8c0 AT adexainc DOT com> <3E94712E DOT 1000403 AT wright DOT edu> <1049916443 DOT 31520979f07a3 AT horde DOT siklos DOT ca> <3E9475AE DOT 6030706 AT wright DOT edu> <3E9495AB DOT 1070202 AT Salira DOT com>
In-Reply-To: <3E9495AB.1070202@Salira.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Andrew DeFaria wrote:
> Greg Kremer wrote:
> 
>> Rob,
>> Thanks a million.  That fix works.
>>
>> Thanks again for your expertise.
>>
>> Greg Kremer
>>
>> rob2 AT siklos DOT ca wrote:
>>
>>> Go to the properties windows for your internet connection, and click 
>>> on the Advanced tab.  Here is where you probably enabled your 
>>> firewall.  Click on the Settings button and add a new service in the 
>>> Services tab.  In the name/ip address field, put the name of your 
>>> computer. Put 6000 for both port numbers, and use TCP (i think).  
>>> Before you click Ok, make sure you check the box for the service you 
>>> just added. 
>>
>>
> It's amazing how quick people are to say "it doesn't work" without first 
> checking around a little bit. My first inclination when I hit a problem 
> like this was to try the Settings button and lo and behold there it was, 
> plain as day, how to add a "service" by a port number.
> 
> Anyway, one thing that is a little confusing to me is the "In the 
> name/ip address field, put the name of your computer" portion. It is 
> clear that we are talking about two different computers here, his XP 
> machine and his Unix box. So which name goes in that field? The 
> description says "Name or IP address (for example 192.168.0.12) of the 
> computer hosting this service on your network" and the "What's this?" 
> help you can get to by right clicking on that description says "Provides 
> a space for you to type the name or IP address of the computer on your 
> home network where the service resides.". So I would think that you put 
> in the name or IP address of the Unix box.
> 

The "... put the name of your computer" input box is there because you 
can do some kind of DNAT with this "firewall". I. e. if this computer 
does internet connection sharing for your local network, you can make 
services running on boxes that don't have a public address publicly 
available by entering their local name or IP into this field. It has 
nothing to do with who might be allowed to connect to your computer and 
who might be rejected.

> In fact I did this very same thing allowing a Linux box on my home 
> network to display an XDMCP session to my Cygwin XFree86 server running 
> on my XP box. But my question is this: Can only my Linux box with this 
> IP address put up X traffic through this firewall? IOW if I get another 
> Linux box with another IP address would I need to add another entry here 
> for port 6000 from that IP address? Or can this Name/IP address be an IP 
> range?
> 

No, as said above, the source of packets coming in does not matter. If 
you start the "firewall" all incoming packets that don't belong to an 
established connection (I'm not exact here, I think) are dropped. If you 
want to allow connections to a port on this machine, you enter the name 
of this machine in the input field (the name of your local machine 
should appear there when you edit one of the predefined services). If 
you want too make DNAT, you enter the name or IP of the machine the 
packets should be sent to.

I think this gets (if just a tiny, tiny little bit) off topic...

Regards
   mks



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/