Hey, I'm a regular reader of Tom's, and since Microsoft tech support hasn't replied to me, I figured this would be a good place to get the word out about what I'm 99% sure is a bug in the WinXP SP2 firewall. Here's the setup....
I have a WinXP box with file/print sharing enabled that acts as a dedicated server for my small home LAN. I also use it (since it's the only machine I leave on 24/7) as a VPN server, so I can access my files remotely. The whole LAN is behind a NAT router, and has private IPs in the 192.168.1.x range. The server has a static IP of 192.168.1.2, and the "Incoming" network connection is set to give out IPs in the 192.168.1.11-20 range, which means it always takes 192.168.1.11 for itself.
Before installing SP2, remote VPN clients were able to access the machine at EITHER of those IPs, which makes sense, as it's set to forward traffic to the LAN. After installing SP2, though, only the RAS address worked, 192.168.1.11.
It's a problem because I use a couple of laptops both locally AND remotely, and simply kept an LMHOSTS entry for that machine. But if its IP changes, mapped drives will fail and stuff. But I see that as an aside - the behavior should not have changed.
Well, after lots of time messing with routing tables and stuff, I tried dropping the Windows SP2 firewall. And it worked - VPN clients were able to ping and access 192.168.1.2 again. But no collection of exceptions or other settings could get it to work. And if the firewall was blocking, it should have raised alerts when it blocked incoming requests. Also note that machines on the LAN could access 192.168.1.2 with no problem.
I encourage anyone with the requisite hardware on hand to try it out. If you can find a mistake I made in routing or firewall setup, please let me know, but I'm pretty sure I've tried everything.
And if I'm right and it is a bug, this seems as good a place as any to make people aware of it.
I have a WinXP box with file/print sharing enabled that acts as a dedicated server for my small home LAN. I also use it (since it's the only machine I leave on 24/7) as a VPN server, so I can access my files remotely. The whole LAN is behind a NAT router, and has private IPs in the 192.168.1.x range. The server has a static IP of 192.168.1.2, and the "Incoming" network connection is set to give out IPs in the 192.168.1.11-20 range, which means it always takes 192.168.1.11 for itself.
Before installing SP2, remote VPN clients were able to access the machine at EITHER of those IPs, which makes sense, as it's set to forward traffic to the LAN. After installing SP2, though, only the RAS address worked, 192.168.1.11.
It's a problem because I use a couple of laptops both locally AND remotely, and simply kept an LMHOSTS entry for that machine. But if its IP changes, mapped drives will fail and stuff. But I see that as an aside - the behavior should not have changed.
Well, after lots of time messing with routing tables and stuff, I tried dropping the Windows SP2 firewall. And it worked - VPN clients were able to ping and access 192.168.1.2 again. But no collection of exceptions or other settings could get it to work. And if the firewall was blocking, it should have raised alerts when it blocked incoming requests. Also note that machines on the LAN could access 192.168.1.2 with no problem.
I encourage anyone with the requisite hardware on hand to try it out. If you can find a mistake I made in routing or firewall setup, please let me know, but I'm pretty sure I've tried everything.
And if I'm right and it is a bug, this seems as good a place as any to make people aware of it.
Facebook
Twitter
Instagram