Builtin Firewall Blocks Localhost Access (Even Open Ports)

Discussion in 'Windows Server' started by Michael Kennedy [UB], Jun 29, 2004.

  1. Hi,

    I am configuring a Windows 2003 Standard Edition Server and for reasons not
    worth going into we have to use some sort of software firewall. Currently
    this is a combination of the built-in Windows firewall (from the advance
    properties of the network connection) and IPSec to further filter the access
    to the open ports in the firewall.

    But there is a weird problem. I keep getting messages like this in my
    firewall log:

    2004-06-29 14:54:47 DROP TCP 127.0.0.1 192.168.0.64 3666 4026 40 R
    3232056443 3232056443 0 - - -
    2004-06-29 14:54:50 DROP TCP 127.0.0.1 192.168.0.64 3666 4026 40 R
    3232056443 3232056443 0 - - -
    2004-06-29 14:54:56 DROP TCP 127.0.0.1 192.168.0.64 3666 4026 40 R
    3232056443 3232056443 0 - - -
    2004-06-29 14:55:02 DROP TCP 127.0.0.1 192.168.0.64 3628 4026 40 R
    3216250718 3216250718 0 - - -

    where 192.168.0.64 has been substituted for the actual IP of the server.
    First of all, why is the firewall blocking access to localhost? Secondly,
    even after I have opened those ports in the firewall, they still show up as
    blocked in the firewall log for localhost (127.0.0.1).

    Please help if you have any ideas or comments.

    Also, I am trying to get NetBIOS file sharing to work for this server
    configuration. I have opened the ports that I can determine are necessary by
    looking at the blocked traffic in the firewall log. And this works OK for a
    short time, then the connection to the file shares seem to hang for a long
    time (1-5 minutes?) for no apparent reason. Anyone else got this to work?

    Thanks in advance,
    Michael
     
    Michael Kennedy [UB], Jun 29, 2004
    #1
    1. Advertisements

  2. Michael Kennedy [UB]

    S. Pidgorny Guest

    Inline:

    Using both? unnecessary overkill.
    If i get the log format right, the 127.0.0.1 is the source, not destination.
    Whatever the source is, the firewall blocks traffic to the external Ip, as
    it should do. The source IP might be spoofed, ot you have a process on your
    computer trying to access port 4026 on it - see if there is something
    listening on that port.
    Meaning port 4026? Anyway, you should NOT open ports unless you know what
    kind of traffic is expected to come.
    Yes, I did. The delay is because of NetBIOS name resolution, more
    precisely - lack thereof. Use fully-qualified domain name (like
    mycomputer.mydomain.net) to map to the resources, make sure DNS is in place.
    More importantly, use CIFS direct hosting (port 445) for file sharing - more
    secure and faster: you don't have to use NetBIOS nowadays.
     
    S. Pidgorny, Jun 30, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.