I've set up a home network of two pc's sharing the same broadband connection via a D-Link (DI-604) router both pc's running WinXP pro. The problem is on a port scan it shows port 113 as closed. I have Zone Alarm on both computers and this now seems to be useless. With the router my ip address is 192.xxx.x.162 and the other pc is 192.xxx.x.110 whereas my ISP assigned address is 81.xx.xx.x When I do a port scan, the website picks up my ISP assigned address and scans that. And states port 113 is closed and all others are stealthed EVEN with Zone Alarm shut down. Without the router and zone alarm ON, ALL ports are stealthed. Obviously the router has some sort of firewall in, but is not stealthing port 113. Is there any way of stealthing this port and does anyone know why it is acting as such? Also, i do not wish to allow sharing of my two home computers, and was windering if activity I do on one pc can possibly be sent to the other by the router? i.e instant messages or webpages/pop ups being sent to either pc by mistake. Thanks for any help and explanations.

Yes ur on the right track...... A port scan (I assume ur using ShieldsUp at www.grc.com) will not go beyond the router, so ZA has minimal effect here (still keep it tho cos it provides an extra level of protection & reports any trojans trying to phone home !!) The reason the ports are stealthed without the router is prob due to XP's own Firewall. You can easily make all ur ports stealth mode by enabling a DMZ in ur router setup. Create a non-existant IP address which is outside ur DHCP range and try grc again !! :) Re instant messages/web pages etc - no, these can't be sent to the 'wrong' machine, if that were to happen the whole internet would be in chaos - so no worries there !!

Thanks keef, however i have disabled xp's firewall, so i persume ZA is still doing its job properly. One other thing.. how do I know an IP address is non existant? I have tried a few other port scans and they all say im stealthed in most cases and free from attacks, so that has assured me.

OK - a kwik lesson in IP addresses lol You can find more info on the net..... All IP numbers beginning 192.168 are addresses that are set aside for private networks only. They are non-routable over the internet. You need to look at the router setup/documentation to find the IP range of ur router. This is the range that ur router could automatically give to one of ur machines using DHCP. The range could be something like: 192.168.0.2 to 192.168.0.30. (the router will most likely use 192.168.0.1 for itself) (individual numbers don't go higher than 254 btw) Your machines will be set for 'Obtain IP Address Automatically' so obviously u don't want to use an IP address in DMZ that might be given by the router. In this instance, if u choose a class B network address like 192.168.10.99 for ur DMZ u will be well outside the router's range of available IP addresses. So just make up a private IP address that's well outside the router's range and enter that non-existant machine's number in the NAT Configuration's DMZ. Hope this makes sense !!

Thanks again and for your patience, Makes sense now! Cheers keef

http://support.dlink.com/faq/view.asp?prod_id=1068&question=113 I got the same router and I used this info to help.