I need a little help understanding configuring firewall with network

Hello all,

I have set up a machine network 1 WIN98SE machine and 2 XP (home) machines
and up until now all have been stand alone shareing Internet connection with there own seperate firewalls and rule sets. All 3 machines see each other over the TCP/IP with NetBios enabled on all 3. All have shared files and or printers.

The problem I am haveing is in my rules somewhere and I am haveing a major brain fart. All 3 machines sit behind a Linksys router useing Dynamic IP. I have enabled Microsoft networking in Kerio. I was taught here at Wilders along while back that if you want something to have access make sure you dont have anything that will block it higher up in the rule filters... welp major brain fart here as I can not see what would be blocking it. I have tried disableing certain rules as a process of elimination and it does not seem to matter what I do the only way to access the other machines is to shut down the firewall. That sucks!

In as much as I have tried adding the 2 other IP's on the other machines as well as the subnet mask that does not seem to work either even though the rule in Microsoft Networking tab in kerio says to use these rules instead of filter rules. Here are the rules just below DHCP, DHCP BROADCAST, and DNS all other rules below the last one you see are apps. Here is a capture hoping maybe someone can VERY NICELY tell me where my mistakes are. Thanks in advance.

Regards,
FireDancer

 

Hi FireDancer

Do your Kerio logs give any indication of what is being blocked?

Regards,

CrazyM

 

Hi CrazyM,

You know what I didnt even bother to check LOL how stupid I am so used to not logging stuff I didnt even think about it but Ill check and tell ya shortly
thanks for the idea.

FireDancer

 

CrazyM,

I am gonna have to post back tomorrow I cant get to other machines right now everyone sleeping but I will try to give you a better idea as I would like to get this figured out I know it just a rule some where that I am missing...sorry for waisting your time see you tomorrow thanks again

FireDancer

 

No problem, tomorrow it is

Regards,

CrazyM

 

Hello CrazyM,

Well after a little trial and error I got my machine and one other to communicate with the fire walls up. I went to Microsoft Networking in Kerio and checkmarked " allow for name resolution and also changed from specific IP's to Network Mask and I show them communicating and I have access to that machines shared files and vise versa.

As far as monitoring traffic via network mask, and microsoft networking in kerio the only way i can see at this time is to open up the firewall status screen and look to see who is connected to what port and what address it is that is connected. And I have found that the only way to close out the connections is to shut down a machine or reboot. I am thinking that in order to run fixed IP's I would have to configure the router as well, for fixxed IP"s I beleive. Which is a whole new ball game to me

I did write 2 new rules per your suggestion for the lan.

#1 ALLOW ECHO REPLY LAN BOTH DIRECTIONS <-> 0, 8 192.168.X.X- 255.255.XXX.X (NETWORK/MASK)

#2 ALLOW DEST UNREACH LAN -> 3 192.168.X.X-255.255.XXX.X (NETWORK/MASK)

I placed these above all other ICMP rules as you will see in capture.
My rules seem to be working fine in this order but still not sure if they need adjustment or if I can tweak my other ICMP rules. My BLOCK LOWER PORTS rule seems to be affective with the 3rd machine (it has no firewall up) as it tried to connect to my machine on a lower port and it was logged, but then gained access on a high port. Would this be because of the Kerio Microsoft filter rules?

As you can see in one of the capture my LAN rules are working when I ping the other machines. I think I need to undestand ICMP a bit I understand allowing certain apps/address' accessing my machine but the whole ping thing I have to larn more about and how to place the rules. I hope my post is understandable.

 

here is logs

 

logs #2