none
Can't get a connection go pass the Windows Firewall RRS feed

  • Question

  • Hi,

    I am trying to setup a service on a Windows 7 Pro workstation to be available from another one. So I have added a rule to the "server" workstation firewall to allow the inbound connection. Unfortunately this failed to make the connection possible. So I have progressively removed all the criteria from the rule so I have now:

    Name: Allow inbound connection

    Group: <left blank>

    Profile: All

    Enabled: Yes

    Action: Allow

    Override: No

    Program: Any

    Local Address: Any

    Remote Address: Any

    Protocol: Any

    Local Port: Any

    Remote Port: Any

    Allowed Users: Any

    Allowed Computer: Any

    But the "server" firewall logfile (pfirewall.log) continues to list the dropped frames:

    2015-01-06 19:13:11 DROP TCP 192.168.1.2 192.168.1.1 49261 3690 48 S 1825293571 0 8192 - - - RECEIVE

    I have verified that deactivating the Windows firewall allows the service to be functional. Reactivating it, blocks again the connection.

    Additional information in case it could be useful: the "server" networking is built around a bridge that gathers the physical network interface and 2 virtual network interfaces. Moreover, 2 different IP addresses are allocated to the bridge (one that belongs to each of the virtual networks). The service is provided by the physical machine (not any of the virtual machines running on the "server")

    I would appreciate any idea that could explain how a so broad Inbound rule can be ineffective.

    Regards,
    Philippe

    mardi 6 janvier 2015 20:02

Réponses

  • Hi,

    I finally found the origin of the issue. It comes from the association of the rule with a service. This attribute is not listed in the rule summary and not even in the rule detailed properties. You have to enter the dialog to select the service to know that an association has already been defined.

    Moreover this association can almost never give a functional Inbound rule. The reason is that it matches only the frames SENT FROM the selected service (as described in the help, unlike the association to a process that matches both frames sent and Received by the program). The interest of such a limited attribute is questionable!

    Regards,

    Philippe

    • Proposé comme réponse FangZhou ChenModerator lundi 2 février 2015 01:14
    • Marqué comme réponse PhCh lundi 2 février 2015 19:36
    mercredi 7 janvier 2015 19:51

Toutes les réponses

  • Hi Philippe,

    Can you set a log on the Windows Firewall via the following means

    1. Launch Command Prompt as Administrator (right-click cmd and run-as administrator)

    2. Type>   netsh advfirewall set currentprofile logging filename c:\fwlog\firewall.log    

    3. Type>   netsh advfirewall set currentprofile logging maxfilesize 2048

    4. Type>   netsh advfirewall set allprofiles logging droppedconnections enable

    5. Leave CMD open and test the issue again a few times noting the system time as you test

    6. Check the directory c:\fwlog for the firewall.log file

    7. Go back to CMD window and type netsh advfirewall set allprofiles logging droppedconnections disable

    The aim here is for you to review the log and see if you can figure out what is causing it to drop.

    You can if you wish try a reset on the firewall but please NOTE this will reset ALL settings on the firewall and previous configurations will be lost

    This is achieved by running command   netsh advfirewall reset     then rebooting the host.

    Regards,

    M


    If you find my information useful, please rate it. :-)

    mardi 6 janvier 2015 21:01
  • Hello,

    I have entered the suggested commands but I don't see how they can be useful! They have just changed the location of the firewall log file. I was using the default log file location. Now the log is placed in c:\fwlog and is called firewall.log instead of pfirewall.log. But it still logs exactly the same thing I have listed in my post.

    Regards,

    Philippe

    mercredi 7 janvier 2015 08:39
  • Hi Philippe,

    I was hoping the change would log more in-depth info but sadly not if its giving you the same.

    Have you checked the private network rules on the firewall?

    What is the Network Type showing as in Network and Sharing Centre? Is it Public network or Work Network??

    M


    If you find my information useful, please rate it. :-)

    mercredi 7 janvier 2015 16:22
  • Hi,

    I finally found the origin of the issue. It comes from the association of the rule with a service. This attribute is not listed in the rule summary and not even in the rule detailed properties. You have to enter the dialog to select the service to know that an association has already been defined.

    Moreover this association can almost never give a functional Inbound rule. The reason is that it matches only the frames SENT FROM the selected service (as described in the help, unlike the association to a process that matches both frames sent and Received by the program). The interest of such a limited attribute is questionable!

    Regards,

    Philippe

    • Proposé comme réponse FangZhou ChenModerator lundi 2 février 2015 01:14
    • Marqué comme réponse PhCh lundi 2 février 2015 19:36
    mercredi 7 janvier 2015 19:51