4

My network has 2 subnets /25 and Linux server in each subnet. One of the subnets contains a Windows computer which is used for managing Linux servers via SSH; but there is problem with firewall on this computer.The firewall allows communication within the same subnet but blocks communication into (or response coming back?) the second subnet.

Network topology

I have tried to set inbound and outgoing rule, allowing PuTTY by wizard in main firewall control panel and nothing has worked me. Please tell me what I have done wrong or how to set up it correctly.

I have tested that when firewall is completely disabled, communication works.

I have tested that Windows blocks all ports. I can't use FTP or Remote Desktop Protocol either.

Wireshark shows black lines with TCP Retransmissions, TCP Surious Retransmission and TCP Dup ACK. Between these lines are black ICMP redirects.

Improve this question
3
  • I enabled logging DROPed packets in Widows firewall and no entry is written when firewall block the communication.
    – Misaz
    Commented Jun 17, 2016 at 20:48
  • Are you sure you applied the rules to the correct profile (i.e. private/public/domain)? What happens if you temporarily set inbound connections to be allowed by default?
    – Ben N
    Commented Jul 11, 2016 at 20:07
  • Relus are set to all profiles. If I set allowing inboud connection by default it works.
    – Misaz
    Commented Jul 11, 2016 at 20:52

1 Answer 1

Reset to default
4
+50

You can create a custom rule that allows all inbound traffic from a certain subnet. Open Windows Firewall with Advanced Security (wf.msc). Right-click Inbound Rules, then choose Add Rule.

  1. On the Rule Type screen, choose Custom.
  2. On the Program screen, choose All programs.
  3. On the Protocol and Ports screen, leave the default values (any protocol).
  4. On the Scope screen, leave the local IP set to Any IP address. Set the remote IP to These IP addresses. Click the Add button. In the This IP address or subnet field, type 192.168.0.0/24 to allow in all traffic from the two subnets. Click OK. Caution: This may expose the machine to attacks from other computers on the network. If possible, set more specific port/program rules.
  5. On the Action screen, choose Allow the connection.
  6. On the Profile screen, check the boxes corresponding to the profiles on which the rule should be active.
  7. On the Name screen, enter an appropriate name and description (if you like), then click Finish to apply the rule.

Alternatively, you can use netstat or TCPView to figure out what specific connections are made, then create more specific firewall rules for those.

Improve this answer
7
  • I set up rule as you described and nothing changed. On imgur.com/4dyc5FD you can see this rule. (my Windows is in Czech; Jakýkoliv and Vše means all, Povolit means allow, Ano means yes). Putty says Network error: Software caused connection abort. After every change I am restarting computer. There are one no value in column overrides. Every rule have this value set to no and I did not found how to change this value.
    – Misaz
    Commented Jul 11, 2016 at 21:14
  • @Misaz Interesting. Do any other programs now work when connecting to that subnet? If so, this other question might help. Are there any Block entries in the list? Do you have any antivirus program that could be causing trouble?
    – Ben N
    Commented Jul 11, 2016 at 21:22
  • no, I tested RDP and the same. There are just one rule blocking Node.js server on public profile. I added result of Wireshark to question while trying to connect to the server. The output is the same for SSH and RDP.
    – Misaz
    Commented Jul 11, 2016 at 21:32
  • @Misaz ICMP redirects can indicate less-than-ideal configuration. Are there other routers in play? Do the routers in between do any filtering? I'm also curious to see if anything happens if you change the firewall rule to 192.168.0.0/24. If not, does adding an identical outbound rule have an effect?
    – Ben N
    Commented Jul 11, 2016 at 21:37
  • I changed 192.168.0.128/25 in rule to 192.168.0.0/24 and that works! Thank you very much. The routers are just simple OpenWRT router with default firewall configuration.
    – Misaz
    Commented Jul 11, 2016 at 21:45

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .