none
ICS and the Firewall

    Question

  • Hello,

    I setup a Vista PC with a dial-up connection to the internet.

    I selected the location type as Public.

    Then I shared the internet connection (via ICS) to another Vista PC.

    My question is:

    Can I share files safely between the two Vista PCs?

    Since the location type is Public (not Private), I am worried that if I turn on network discovery & file sharing between the two Vista PCs (open holes in the firewall), I might get hacked from the internet.

     

    Monday, February 23, 2009 9:23 PM

Answers

  • I said above how to do that:
    Disable 'file and print sharing', as well as 'client for microsoft networks' on the public-side adapter.
    I did forget about a couple of settings, though:  also disable both LLTD services on that adapter.
    (this was also covered in the article that I linked to.)

    All that the network-location setting does is set those items automatically for you.  It doesn't do anything special.

    Also, enabling ICS does configure the Windows Firewall properly for that duty, just as it did in XP.


    [If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]
    • Marked as answer by Frank55555 Thursday, February 26, 2009 8:39 PM
    Thursday, February 26, 2009 4:37 AM

All replies

  • Yes, you can.
    Windows handles firewall exceptions on a per-interface basis.

    That said, you should make sure that you disable 'client for microsoft networks', as well as 'file and printer sharing for microsoft networks' on the internet (public) connection, but leave them enabled on the LAN (private) connection.

    More detailed instructions here:
    http://www.home-network-help.com/ics-host.html

    HTH,
    Chris
    [If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]
    Tuesday, February 24, 2009 5:24 PM
  • Hello,

    What you wrote is certainly true for the Windows XP firewall. However, the Vista firewall exceptions are linked to profile types (public, private, or domain). And since only one profile can run at a time, my question remains: when I setup ICS and select a Public profile (which turns off network discovery & file sharing by default), how can I turn on network discovery & file sharing between the two PCs without also creating those firewall exceptions on the (modem) network interface that faces the internet?    --I don't want to be hacked by the badguys.
    Wednesday, February 25, 2009 9:10 PM
  • I said above how to do that:
    Disable 'file and print sharing', as well as 'client for microsoft networks' on the public-side adapter.
    I did forget about a couple of settings, though:  also disable both LLTD services on that adapter.
    (this was also covered in the article that I linked to.)

    All that the network-location setting does is set those items automatically for you.  It doesn't do anything special.

    Also, enabling ICS does configure the Windows Firewall properly for that duty, just as it did in XP.


    [If this post helps to resolve your issue, please click the "Mark as Answer" or "Helpful" button at the top of this message. By marking a post as Answered, or Helpful you help others find the answer faster.]
    • Marked as answer by Frank55555 Thursday, February 26, 2009 8:39 PM
    Thursday, February 26, 2009 4:37 AM
  • Hello Chris,


    OK, got it    :)


    Thanks for your help


    Frank55555
    Thursday, February 26, 2009 8:41 PM