Problem with DNS Lookup behind XP Firewall
Last response: in Windows XP
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)
Hi,
We've recently rolled out Windows XP SP2 to our remote users and have
enabled the XP Firewall on all network connections, including the VPN
connection to the main office.
We are now experiencing problems wherein users can't access PC's on the
remote domain by name, only by IP address, when connected via VPN. Turning
off the XP Firewall for the VPN immediately solves this problem - so the
issue appears to be with DNS lookup through the XP Firewall.
Is there a way to add an exception to the firewall to allow these lookups?
File and Print Sharing is enabled on all Firewall entries and incoming ICMP
exceptions are enabled.
I'm a little baffled as why this setup doesn't work, but would be grateful
for any advice from somebody with more experience of Firewalls! Am I wrong
to try and firewall the VPN connection in the first place?
Regards,
Richard Tubb.
www.netlinktrading.co.uk
Hi,
We've recently rolled out Windows XP SP2 to our remote users and have
enabled the XP Firewall on all network connections, including the VPN
connection to the main office.
We are now experiencing problems wherein users can't access PC's on the
remote domain by name, only by IP address, when connected via VPN. Turning
off the XP Firewall for the VPN immediately solves this problem - so the
issue appears to be with DNS lookup through the XP Firewall.
Is there a way to add an exception to the firewall to allow these lookups?
File and Print Sharing is enabled on all Firewall entries and incoming ICMP
exceptions are enabled.
I'm a little baffled as why this setup doesn't work, but would be grateful
for any advice from somebody with more experience of Firewalls! Am I wrong
to try and firewall the VPN connection in the first place?
Regards,
Richard Tubb.
www.netlinktrading.co.uk
More about : problem dns lookup firewall
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)
My solution, on a small SOHO LAN, is to use a host file on my remote PC to map IP addresses to a
name. Note this is a work group environment. Hopefully one of the other MVPs or another
knowledgeable person can be of further assistance...
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"Richard Tubb" <richard@netlinktrading.co.uk> wrote in message
news![:o]( ":o")
SIqBEm8EHA.2568@TK2MSFTNGP10.phx.gbl...
> Hi,
>
> We've recently rolled out Windows XP SP2 to our remote users and have enabled the XP Firewall on
> all network connections, including the VPN connection to the main office.
>
> We are now experiencing problems wherein users can't access PC's on the remote domain by name,
> only by IP address, when connected via VPN. Turning off the XP Firewall for the VPN immediately
> solves this problem - so the issue appears to be with DNS lookup through the XP Firewall.
>
> Is there a way to add an exception to the firewall to allow these lookups? File and Print Sharing
> is enabled on all Firewall entries and incoming ICMP exceptions are enabled.
>
> I'm a little baffled as why this setup doesn't work, but would be grateful for any advice from
> somebody with more experience of Firewalls! Am I wrong to try and firewall the VPN connection in
> the first place?
>
> Regards,
>
> Richard Tubb.
> www.netlinktrading.co.uk
>
My solution, on a small SOHO LAN, is to use a host file on my remote PC to map IP addresses to a
name. Note this is a work group environment. Hopefully one of the other MVPs or another
knowledgeable person can be of further assistance...
--
Al Jarvi (MS-MVP Windows Networking)
Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...
"Richard Tubb" <richard@netlinktrading.co.uk> wrote in message
news
SIqBEm8EHA.2568@TK2MSFTNGP10.phx.gbl...> Hi,
>
> We've recently rolled out Windows XP SP2 to our remote users and have enabled the XP Firewall on
> all network connections, including the VPN connection to the main office.
>
> We are now experiencing problems wherein users can't access PC's on the remote domain by name,
> only by IP address, when connected via VPN. Turning off the XP Firewall for the VPN immediately
> solves this problem - so the issue appears to be with DNS lookup through the XP Firewall.
>
> Is there a way to add an exception to the firewall to allow these lookups? File and Print Sharing
> is enabled on all Firewall entries and incoming ICMP exceptions are enabled.
>
> I'm a little baffled as why this setup doesn't work, but would be grateful for any advice from
> somebody with more experience of Firewalls! Am I wrong to try and firewall the VPN connection in
> the first place?
>
> Regards,
>
> Richard Tubb.
> www.netlinktrading.co.uk
>
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)
Richard Tubb wrote:
> I'm a little baffled as why this setup doesn't work...
I agree with Robin's explanation, but think you should try to fix the VPN
first.
If you investigate, you will likely find that name resolution through DNS
never worked -- because your VPN connection doesn't push the internal DNS
servers and / or the correct DNS suffix to the clients. When it worked, the
resolution was working through NetBIOS broadcasts.
Getting DNS to work over the VPN would be preferable for the long term. If
not possible, Robin's suggestions should restore the service as well.
--
Chris Priede (priede@panix.com)
Richard Tubb wrote:
> I'm a little baffled as why this setup doesn't work...
I agree with Robin's explanation, but think you should try to fix the VPN
first.
If you investigate, you will likely find that name resolution through DNS
never worked -- because your VPN connection doesn't push the internal DNS
servers and / or the correct DNS suffix to the clients. When it worked, the
resolution was working through NetBIOS broadcasts.
Getting DNS to work over the VPN would be preferable for the long term. If
not possible, Robin's suggestions should restore the service as well.
--
Chris Priede (priede@panix.com)
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)
Richard Tubb wrote:
> We've recently rolled out Windows XP SP2 to our remote users and have
> enabled the XP Firewall on all network connections, including the VPN
> connection to the main office.
>
> We are now experiencing problems wherein users can't access PC's on
> the remote domain by name, only by IP address, when connected via
> VPN. Turning off the XP Firewall for the VPN immediately solves this
> problem - so the issue appears to be with DNS lookup through the XP
> Firewall.
My guess is that this is not a DNS problem, but a NetBIOS one. DNS lookups
are not blocked by Windows Firewall.
Maybe you should check that the "scope" of the File & Print Sharing
Exception in Windows Firewall includes explicitly:
(a) the subnets in use in your office LAN;
(b) the subnet ranges you allocate for VPN connections.
Do not rely on the default "My network (subnet) only" scope.
--
Robin Walker
rdhw@cam.ac.uk
Richard Tubb wrote:
> We've recently rolled out Windows XP SP2 to our remote users and have
> enabled the XP Firewall on all network connections, including the VPN
> connection to the main office.
>
> We are now experiencing problems wherein users can't access PC's on
> the remote domain by name, only by IP address, when connected via
> VPN. Turning off the XP Firewall for the VPN immediately solves this
> problem - so the issue appears to be with DNS lookup through the XP
> Firewall.
My guess is that this is not a DNS problem, but a NetBIOS one. DNS lookups
are not blocked by Windows Firewall.
Maybe you should check that the "scope" of the File & Print Sharing
Exception in Windows Firewall includes explicitly:
(a) the subnets in use in your office LAN;
(b) the subnet ranges you allocate for VPN connections.
Do not rely on the default "My network (subnet) only" scope.
--
Robin Walker
rdhw@cam.ac.uk
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)
hi richard
XP firewall should not be activatre on VPN connexion, it interfears with
sharing objects. This is what microsft is higly recommanding.
Go on technet and search for ICF and VPN
Hope it helps
Serge
MCP
"Richard Tubb" wrote:
> Hi,
>
> We've recently rolled out Windows XP SP2 to our remote users and have
> enabled the XP Firewall on all network connections, including the VPN
> connection to the main office.
>
> We are now experiencing problems wherein users can't access PC's on the
> remote domain by name, only by IP address, when connected via VPN. Turning
> off the XP Firewall for the VPN immediately solves this problem - so the
> issue appears to be with DNS lookup through the XP Firewall.
>
> Is there a way to add an exception to the firewall to allow these lookups?
> File and Print Sharing is enabled on all Firewall entries and incoming ICMP
> exceptions are enabled.
>
> I'm a little baffled as why this setup doesn't work, but would be grateful
> for any advice from somebody with more experience of Firewalls! Am I wrong
> to try and firewall the VPN connection in the first place?
>
> Regards,
>
> Richard Tubb.
> www.netlinktrading.co.uk
>
>
>
hi richard
XP firewall should not be activatre on VPN connexion, it interfears with
sharing objects. This is what microsft is higly recommanding.
Go on technet and search for ICF and VPN
Hope it helps
Serge
MCP
"Richard Tubb" wrote:
> Hi,
>
> We've recently rolled out Windows XP SP2 to our remote users and have
> enabled the XP Firewall on all network connections, including the VPN
> connection to the main office.
>
> We are now experiencing problems wherein users can't access PC's on the
> remote domain by name, only by IP address, when connected via VPN. Turning
> off the XP Firewall for the VPN immediately solves this problem - so the
> issue appears to be with DNS lookup through the XP Firewall.
>
> Is there a way to add an exception to the firewall to allow these lookups?
> File and Print Sharing is enabled on all Firewall entries and incoming ICMP
> exceptions are enabled.
>
> I'm a little baffled as why this setup doesn't work, but would be grateful
> for any advice from somebody with more experience of Firewalls! Am I wrong
> to try and firewall the VPN connection in the first place?
>
> Regards,
>
> Richard Tubb.
> www.netlinktrading.co.uk
>
>
>
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)
Yes.
You should not enable Internet Connection Firewall on virtual private
networking (VPN) connections, which are typically used to securely log in
to a corporate network. You should not enable ICF on client computers that
are part of a large company or school network with a server-client
structure. ICF will interfere with file and printer sharing in these
scenarios.
This is detailed in the following article:
Use the Internet Connection Firewall
http://www.microsoft.com/windowsxp/using/networking/lea...
Any update, let us get in touch!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Yes.
You should not enable Internet Connection Firewall on virtual private
networking (VPN) connections, which are typically used to securely log in
to a corporate network. You should not enable ICF on client computers that
are part of a large company or school network with a server-client
structure. ICF will interfere with file and printer sharing in these
scenarios.
This is detailed in the following article:
Use the Internet Connection Firewall
http://www.microsoft.com/windowsxp/using/networking/lea...
Any update, let us get in touch!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Related ressources:
- ForumSlow internal DNS-lookup
- ForumDNS Lookup Failure... With A Twist
- ForumSite replication problem due to DNS Lookup failure.
- ForumLosing DNS lookup , without losing ISP Connection
- Forumconfiguring DNS behind firewall
- ForumMy Linksys WRT54GS router is losing its DNS configuration ..
- ForumComputer will not find DNS automatically...
- ForumDNS lookup stops at 2 mx records
- ForumHow to tell if a firewall alert is suspicious or not
- ForumHow to tell if a firewall alert is suspicious or not
- ForumPossible DNS problem
- Forumproblem with DNS
- ForumMac, Windows XP , PS3, and Linksys Router disaster
- ForumHow many firewalls is too many?
- ForumSP4 kills DNS ?
- ForumDNS Configured or Not
- ForumPCMCIA slots need more power??? HELP!
- ForumRemote Desktop Client will not work with wireless Connection
- ForumRemote Desktop & Firewall
- Forumipsec tunnel works but l2tp doesn't with same certificates
- More resources
Read discussions in other Windows XP categories
!
