Virtual PC - "Other Firewall Software is Running on Your Computer"

[grrr223]

So I've decided to use ipfw (the firewall in Panther) to protect Windows XP running on Virtual PC 6.1 with Shared Networking. Whenever Virtual PC is running I get this warning whenever I go to the Firewall panel in the Sharing preference pane in System Preferences:

Other firewall software is running on your computer.
To change the Apple firewall settings, turn off the other firewall software.

If I run "sudo ipfw list" in the Terminal I see that the following lines are added to my list of firewall rules.

00051 divert 49160 tcp from any to any 29000-29499 in
00052 divert 49160 udp from any to any 29000-29499,137,138,6970,6971 in
00053 divert 49158 udp from any to 127.0.0.1 29500 out

I assume this Virtual PC is modifying the firewall in order to share my powerbooks network connection, and since the firewall GUI in panther is just a front end for ipfw and can't recognize any complicate rules, it thinks I must have some other software installed that's modifying my rules.

Could someone PLEASE give some more info on what these lines mean and how secure is Virtual PC because of them? Should any additional precautioons be taken on the Virtual PC side to secure it from the outside world?Thank you!

 

[Nermal]

Do you have XP's built-in firewall enabled?

 

[grrr223]

No, I do not have the Windows XP Firewall on

I think those lines in my ipfw config file are just the way that Virtual PC diverts its traffic to share my powerbook's internet connection. I was wondering if the firewall in Panther is actually protecting Virtual PC or if there are still open ports going to the virtual machine?

 

[MisterMe]

Re: No, I do not have the Windows XP Firewall on

Originally posted by grrr223
I think those lines in my ipfw config file are just the way that Virtual PC diverts its traffic to share my powerbook's internet connection. I was wondering if the firewall in Panther is actually protecting Virtual PC or if there are still open ports going to the virtual machine?

VPC is an application. It can't open ports that are closed by the OS.

 

[grrr223]

I understand that it can't open ports that are closed by the OS, however, I am asking if it is telling the OS to open up ports for it to useby adding those lines to the OS's firewall.

Note: Those lines are the FIRST 3 lines of the config file before anything that Panther's firewall GUI adds.

 

[DVDSP]

I'm not running VPC but I was getting the same "other firewall" error in Sys Prefs. I followed the instructions here and now everything is fine, maybe it will work for you.

 

[grrr223]

Thanks DVSP, but it's not really an error. I just can't edit the firewall rules while VPC is running. But when I quit VPC it's fine again,and the rules are still there when VPC is running.

My question is just, Are the lines that VPC is adding the ipfw config file opening up any holes to virtual pc that should be protected with a firewall within VPC?

Thanks.

 

[grrr223]

Someone sent me an e-mail asking if I ever got an answer on this, and since I hadn't, I'm going to take this opportunity to raise the question again.

How secure is Virtual PC? How much protection does the firewall built into OS X provide (please see the original posts about the changes that VPC makes to the OS X firewall)? And, do these changes compromise OS X's security at all? For example, is VPC just tunneling it's way to the outside world, but OS X is still protected? In which case, a firewall running within windows would fix everything up again?

I'd rather not have to run a firewall on Windows, my company provides us with Norton Personal Firewall, because it slows everything down. I'd rather let OS X take care of it, but if OS X isn't taking care of it, then I guess I still need to take those additional steps.

Any help would be appreciated, thank you.

 

[udance4ever]

How secure is Virtual PC? How much protection does the firewall built into OS X provide (please see the original posts about the changes that VPC makes to the OS X firewall)? And, do these changes compromise OS X's security at all? For example, is VPC just tunneling it's way to the outside world, but OS X is still protected? In which case, a firewall running within windows would fix everything up again?

I'd rather not have to run a firewall on Windows, my company provides us with Norton Personal Firewall, because it slows everything down. I'd rather let OS X take care of it, but if OS X isn't taking care of it, then I guess I still need to take those additional steps.

Any help would be appreciated, thank you.

guess I'm not the only one wondering how secure VPC is!

I, too, don't want to install a firewall in VPC if I don't need to. I did encounter the "Other Firewall..." message while visiting the Firewall tab in the Sharing pane. I can also verify it goes away after quitting VPC and it doesn't matter whether you the built-in Windows firewall active or not.

This link is also cross-posted in another forum:

http://blogs.msdn.com/virtual_pc_guy/archive/2005/09/26/473890.aspx

It technically is for the Windows version of VPC so take it for what it's worth - I think his comments are equally applicable IMHO.