I can ping a Windows XP PC with the firewall off but I can't when the firewall is on. Why?
2014-04
For the ping
command, I have read (e.g. try this link), there's no port required. Yet I have a PC on my network which I cannot ping. Strangely, I can connect to using Remote Desktop
.
However, I am able to ping it (as well as connect to it with RDP
) when I turn off the firewall. How should I configure the firewall so that I can ping the machine even with the firewall on? I tried looking it up (the ping
command i.e.) in the list of firewall exceptions but I couldn't find it.
Ping uses ICMP not TCP so it is not like a normal program when opening the firewall settings.
To enable ICMP Ping packets open the Windows Firewall configuration icon in Control Panel and go to the Advanced
tab and click the ICMP settings button
From there check the box for Allow incoming echo request
, that is the message type that represents ping.
IMHO blocking ICMP packets is generally not a good idea for your network health and I would recommend checking all of the boxes to allow all types of ICMP packets unless you have a specific reason not to.
You're right, ping doesn't use a port. It also doesn't use TCP or IP. It uses a protocol called ICMP. If you set up an exception, that's the protocol to use.
I have Windows XP Professional, SP3. I'm running a webserver which listens on port 80. I have a dedicated ip address. Localhost on 80 resolves ok:
http://localhost:80
but I cannot get it to resolve externally:
http://external.ip.address:80
I can however get another port to resolve externally:
http://external.ip.address:1234
The Windows personal firewall is turned off. I've also stopped IIS. Is there something else that could prevent this from working?
I presume you have restarted IIS/turned it back on.
This will be down to one of two things:
1) You have not set up your router correctly. Whilst some applications such as games can use UPnP or other technologies to "bypass" / create rules on the router, many server based applications are designed for corporate environments which do not allow this. You will need to forward the ports yourself. Take a look at Port Forward for information on how to do this if you are not sure.
2) Your ISP blocks it. This is unlikely if you have been issued a static IP, however it is possible - a lot of ISPs block port 25 and 80. If this is the case, you can ask them to unblock it, however no guarantees that they will. It depends on their policy.