Builtin Firewall Blocks Localhost Access (Even Open Ports)

From: Michael Kennedy [UB] (mkennedy_at_REMOVETHIS.unitedbinary.com)
Date: 06/30/04

  • Next message: Jonathan Maltz [MS-MVP]: "Re: help:site hacked" 
    Date: Tue, 29 Jun 2004 15:04:15 -0700

    Hi,

    I am configuring a Windows 2003 Standard Edition Server and for reasons not
    worth going into we have to use some sort of software firewall. Currently
    this is a combination of the built-in Windows firewall (from the advance
    properties of the network connection) and IPSec to further filter the access
    to the open ports in the firewall.

    But there is a weird problem. I keep getting messages like this in my
    firewall log:

    2004-06-29 14:54:47 DROP TCP 127.0.0.1 192.168.0.64 3666 4026 40 R
    3232056443 3232056443 0 - - -
    2004-06-29 14:54:50 DROP TCP 127.0.0.1 192.168.0.64 3666 4026 40 R
    3232056443 3232056443 0 - - -
    2004-06-29 14:54:56 DROP TCP 127.0.0.1 192.168.0.64 3666 4026 40 R
    3232056443 3232056443 0 - - -
    2004-06-29 14:55:02 DROP TCP 127.0.0.1 192.168.0.64 3628 4026 40 R
    3216250718 3216250718 0 - - -

    where 192.168.0.64 has been substituted for the actual IP of the server.
    First of all, why is the firewall blocking access to localhost? Secondly,
    even after I have opened those ports in the firewall, they still show up as
    blocked in the firewall log for localhost (127.0.0.1).

    Please help if you have any ideas or comments.

    Also, I am trying to get NetBIOS file sharing to work for this server
    configuration. I have opened the ports that I can determine are necessary by
    looking at the blocked traffic in the firewall log. And this works OK for a
    short time, then the connection to the file shares seem to hang for a long
    time (1-5 minutes?) for no apparent reason. Anyone else got this to work?

    Thanks in advance,
    Michael

  • Next message: Jonathan Maltz [MS-MVP]: "Re: help:site hacked"

    Relevant Pages

    • Re: How to Maintain an IIS Server?
      ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ...
      (microsoft.public.inetserver.iis.security)
    • Re: How to Maintain an IIS Server?
      ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ...
      (microsoft.public.inetserver.iis.security)
    • [NT] Vulnerability in Server Service Allows Code Execution (MS08-067)
      ... Vulnerability in Server Service Allows Code Execution ... This security update resolves a privately reported vulnerability in the ... Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker ... Firewall best practices and standard default ...
      (Securiteam)
    • Re: NETFW.INF, Preconfigured Firewall settings and dialogs
      ... it is Windows Server 2003 SP1 firewall that i'm using. ... Using the document '832017 Port Requirements for the Microsoft Windows ... > to achieve the following goal: some ports are open by default and others ...
      (microsoft.public.windows.server.networking)
    • Re: CEICW fails at firewall config
      ... Do you or do you not have ISA 2000 or ISA 2004 installed on the SBS server? ... Do you have 2 NICs in the SBS? ... CEICW fails on firewall configuration every time. ... >>> Call to Creating the protected networks access rule returned ok. ...
      (microsoft.public.windows.server.sbs)