Firewall issues on dual NIC server

---

• From: Scott S. <ScottS@xxxxxxxxxxxxxxxx>
• Date: Thu, 19 Jun 2008 13:26:01 -0700

---

I've just setup a new Windows Web Server 2008 machine.
I installed the OS and joined it to my domain, setup some shared folders and
copied some files on to it. I had it running really well on the LAN.
Then I insttaled a 2nd NIC which I connected directly to our external router
and assigned it a static internet IP.
I could see the preliminary "under construction" website and things were
looking good. I then ran a port scan on the external IP and it had lots of
stuff open.
I went into "Windows Firewall with Advanced Security" and found LOTS of
rules to allow "Core Networking" and "File and Printer Sharing". The Core
networking stuff looked fine, but the "File and Printer Sharing" definitions
existed 3 times each, one for each profile "Private", "Domain", and "Public".
So I remeoved the Public versions of each of those.
The the port scan only showed port 80 open ... again I thought all was well.
But now I can no longer find that machine or access its shares from the LAN
NIC!
But it can get to the other machines on the LAN.

Network and Sharing center shows the LAN NIC and a "Domain network" with
"Local only" access and the Internet NIC as "Public network" with "Local and
Internet" access. It also shows Network discovery as "Custom" and File
sharing a "On".

I tried turing the firewall off for the Private and Domain profiles, but it
makes no difference. No matter what I try, and I've tried a lot, I get one
of 3 things:
1) Nothing works
2) Everything works but leaves lots of open ports it Internet
3) Internet access is perfect but inbound LAN access doesn't work, outbound
ok.

Does anybody know how to get the firewall to either guard just the Internet
NIC, or how to have different rules for each NIC?
.

---

• Follow-Ups:
  • RE: Firewall issues on dual NIC server
    • From: Scott S.

• Prev by Date: Re: Certificate Enrollment on behalf of others on a W2003 Standard Server
• Next by Date: Firewall not loading on start
• Previous by thread: Certificate Enrollment on behalf of others on a W2003 Standard Server
• Next by thread: Re: Firewall issues on dual NIC server
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Linux als Router ... # Enter all trusted network interfaces here. ... # which should be available to the internet and set FW_ROUTE to yes. ... space separated list of ports, ... # Packets to silently reject without log message. ... (de.comp.os.unix.linux.misc) Re: Using Remote Desktop From an SBS Domain ... I don't have much experience with this type of Internet access (at least not ... allows all "outbound" traffic from your private network to flow freely to ... UDP port (synchronize time with an external Network Time ... Hopefully next week I can attempt a connection while my ISP watches the ... (microsoft.public.windows.server.sbs) Re: Using Remote Desktop From an SBS Domain ... between me and the Internet and that is as much as I know. ... computer that is on a remote network now. ... Internet connection, bypassing my SBS/ISA network all together. ... the port number you connect to from 80 to a port of your ... (microsoft.public.windows.server.sbs) pftpx failing on freebsd 5.4-stable ... I'm trying to get ftp working from my lan to the internet. ... # when being port scanned. ... pass in quick on $ext_if inet proto udp from $isp_dhcp_server port bootps to ... (freebsd-net) Re: Intrusion Attack ... how does your PC connect to the Internet? ... Its connected through LAN through LAN card, but I dont have details about ... do you have or use a WiFi connection? ... Yes we are on LAN so I am connected to one of the workgroup network. ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2008-06