4

My network has 2 subnets /25 and Linux server in each subnet. One of the subnets contains a Windows computer which is used for managing Linux servers via SSH; but there is problem with firewall on this computer.The firewall allows communication within the same subnet but blocks communication into (or response coming back?) the second subnet.

Network topology

I have tried to set inbound and outgoing rule, allowing PuTTY by wizard in main firewall control panel and nothing has worked me. Please tell me what I have done wrong or how to set up it correctly.

I have tested that when firewall is completely disabled, communication works.

I have tested that Windows blocks all ports. I can't use FTP or Remote Desktop Protocol either.

Wireshark shows black lines with TCP Retransmissions, TCP Surious Retransmission and TCP Dup ACK. Between these lines are black ICMP redirects.

Misaz
  • 666
  • 3
  • 11
  • 24

1 Answers1

4

You can create a custom rule that allows all inbound traffic from a certain subnet. Open Windows Firewall with Advanced Security (wf.msc). Right-click Inbound Rules, then choose Add Rule.

  1. On the Rule Type screen, choose Custom.
  2. On the Program screen, choose All programs.
  3. On the Protocol and Ports screen, leave the default values (any protocol).
  4. On the Scope screen, leave the local IP set to Any IP address. Set the remote IP to These IP addresses. Click the Add button. In the This IP address or subnet field, type 192.168.0.0/24 to allow in all traffic from the two subnets. Click OK. Caution: This may expose the machine to attacks from other computers on the network. If possible, set more specific port/program rules.
  5. On the Action screen, choose Allow the connection.
  6. On the Profile screen, check the boxes corresponding to the profiles on which the rule should be active.
  7. On the Name screen, enter an appropriate name and description (if you like), then click Finish to apply the rule.

Alternatively, you can use netstat or TCPView to figure out what specific connections are made, then create more specific firewall rules for those.

Ben N
  • 42,308