Have two desktops with XP pro and XP home connected with a cross-over cable (or a hub for that matter) and getting their addresses automatically; (TCP/IP protocols and microsoft file sharing). They can both see and access the shares on each other - even with the Windows firewall turned on.

If I turn the Windows firewall off on both PCs and install either AVG-7.5 firewall or ZoneAlarm the access gets lost in both directions until the firewall is inactivated or uninstalled.

I just cannot seem to be able to configure the firewalls to allow file sharing to work.

Any tips of how and what to configure to allow the file-sharing on the LAN?

The next stage would be to safely share a DUN connection on the XP pro box but I would like to get my head around configuring a firewall for the LAN first because I will want to have a software firewall (not the MS ICF) running when I go on line.

I am not a big fan of ZA. It's been a while since I used it. There has to be an exception or a rule setting that will allow you to not block traffick from a range of IP addresses. Poke around and you should be able to find it. However I would get:

Kerio (http://www.sunbelt-software.com/Kerio.cfm) or Sygate (http://www.filehippo.com/download_sygate_personal_firewall/)

I personally prefer Sygate but it asks a lot of questions.

For Sygate you would Right click on the Tray Icon and choose

Advanced Rules
Add
On the General tab enter the name and click the radio button for allow this traffic.
One the hosts tab choose IP addresses and choose the range of IP addresses in your LAN. e.g. 192.168.1.1-192.168.1.10

Click OK and you are ready to rock n roll

Thanks classic' - Sygate seems easy to configure and works just fine. I used to use it and went to Kerio some time back - cant remember why but weren't they taken over by Symantec or something similar.

I too find ZA a bit of a hog and have known it upset my systems in the past - even though it was the first PF that I ever used and almost the first utility that I ever purchased! I couldn't get Kerio to allow the PCs on the LAN but I must have another crack at it. That is why I tried ZA and the new firewall incorporated with AVG-7.5 (30day trial) - but couldn't fathom the settings on either of them.

BTW, since it is a small network 2-4 PCs max (at the moment), is it safer to fiter by MAC address or by IP range. In particular I'm thinking ahead to when ADSL gets installed and I can use a router that comes with the package. At that point, with the router running the DHCP, does the router also have a MAC address of its own that would need adding to the allowed addresses in the PF.

I have at last begun to understand how one configures a router by accessing it from a browser. I had always imagined there would be a set of buttons on the machine but now see its all done via software. Nothing like actually getting one's hands on the hardware of course.

Sygate was bought by Symantec and promptly discontinued. This is old stuff that is still out there on the web. I still think it's less of a hog than ZA.

BTW, since it is a small network 2-4 PCs max (at the moment), is it safer to fiter by MAC address or by IP range.
Personal preference. If you are going to fix other people's PC's than MAC filtering is pain in the a**.

In particular I'm thinking ahead to when ADSL gets installed and I can use a router that comes with the package. At that point, with the router running the DHCP, does the router also have a MAC address of its own that would need adding to the allowed addresses in the PF.
I would avoid the all in ones unless you can configure them. I don't know what happens on the other side of the pond, but here there is no manual or documentation with router/modem combos. You need to call the ISP to get any changes made. I always have them disable the router and use my own.

To answer Paul's first question, the ZA settings for LAN are in the "Trusted Zone".
You add the individual IPs of the PCs you want to allow access (or add the LAN IP range) to the Trusted Zone and the PCs are then unblocked from communicating with each other.

I have one PC running ZA, one SygatePF, two Kerio.
They all work but the Sygate and Kerio download files 20% faster than ZA for me.

.... (tip toes in)

You are not the average user Paul, so I feel safe in my recommendation...
Just use windows firewall and remove the other junk software. Buy a router that does firewalling.

...(tip toes out).

Thanks again for all the thoughts. BB has arrived in this area and its touch and go now whether I am going to be near enough to the exchange to be able to get it at my house (where I would undoubtedly experiment) but my vet now has it installed (along with a wired/wireless router with NAT and a firewall) and wants me to network his two desktops.

Does anyone use NetBeui (http://support.microsoft.com/kb/301041) these days and would it not be a pretty good security approach on a small network - or should it be sent to the trash can?

Has anyone tried the new AVG firewall or have any comments on it?

NetBeui is dead, TCP/IP is so much better.

Buy a router that does firewalling.
Actually really good advice, a hardware firewall is always a great help for security, even for advanced users like Paul, or Paul's customers.