Editing Windows firewall ruleset for 2003 Std ?

From: Paul (paulo_at_digitalcraftsmen.net)
Date: 08/18/05


Date: 18 Aug 2005 08:41:31 -0700

I have an application that sends http request packets to a microsoft
loopback adapter on 172.31.1.1 (not 127.0.0.1 ), the response is then
sent out via the main interface on 172.31.1.2. The application is
actually an external loadbalancer doing low level MAC re-writing and
needing the answering machine to accept the IP address of 172.31.1.1.

This works perfectly until I turn on the windows firewall. I've
configured both the loopback and external interface to accept
connections on port 80 and can connect and get responses from both
ports on the command line. I found and used the microsoft netsh tool to
turn on logging for the firewall and found that the response packets
are being dropped on their way back out to the calling IP. So the
loopback is still recieving them and IIS is dealing with them and
sending them out through the external interface. The firewall is then
dropping them, I assume for spoofing.

The message in the firewall log is

DROP TCP 172.31.1.1 123.123.123.123 80 dest etc

So I think the firewall is dropping the outbound packets because they
are pretending to originate from the loopback IP but coming from the
external interface.

My question is how do I set the firewall to allow outbound packets on
ther external interface but from the IP of the loopback. The critical
thing is that I can't add the loopback IP to the external interface
because I need it to not respond to ARP requests while the main IP
should respond to ARP requests. The only way I know of to do this is to
have them on different interfaces.

thanks in advance

Paul

--
PrintWhatYouThink - Slogan tshirts for the individual
http://www.printwhatyouthink.co.uk/