iphonogasm Posted August 2, 2011 Posted August 2, 2011 hi, i saw there was already a post on this but had some questions of my own. Ive just enabled NAT and am learning how to configure it. Ive setup a DMZ on my router to my server, all works fine and found that windows firewall was controlling my port forwarding rules... my question is am i able to disable windows firewall from controlling port forwarding and use my NAT device to configure it. I found that if i click on IPV4, NAT, Local Area connection and then in the tab "Services and Ports" it has some options for port forwarding? is this a possbility.. also i found in windows firewall there were heaps of ports open, or listed threre anyway, wouldnt this make using a DMZ quite unsafe? Thanks in advance!! Quote
ICTCity Posted August 2, 2011 Posted August 2, 2011 Hi, port forwarding can be made trough Windows Firewall or another firewall. From what *I* know, you cannot do it via "NAT" configuration. Windows firewall, in a network / domain environment, should be controlled with FIREWALL WITH ADVANCED SECURITY. Basically, Windows Firewall open ports for common communications (HTTP and so on). Let's make another example, if you install Bit Torrent, your firewall asks if the program is allowed or not. If you say YES, then, the current profile is updated. In Windows Firewall there are 3 types of profiles: Private, Domain, Public. Not all 3 have the same settings. You can easily lockdown your firewall removing ports that you don't need or by playing with settings of profile (right click on a profile and then read what you can do). If you need more help, let me know. 1 Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
iphonogasm Posted August 2, 2011 Author Posted August 2, 2011 Haha thankx heaps for your help mate your awesome! I dunno what id do without you Ill try this tonight Quote
iphonogasm Posted August 3, 2011 Author Posted August 3, 2011 i just had a nosey around with the windows firewall options and inbound and outbound rules. i created a rule to control a "port" and entered the ports (8016) remote and local, the only thing is it doesnt let me specify the destination IP eg (8016 >> 192.168.0.130) and therefor the port remains closed. Ive checked the net for guides on this, but can find absolutely nothing!! see pic below! Thanks!! [ATTACH]132.IPB[/ATTACH] Quote
ICTCity Posted August 3, 2011 Posted August 3, 2011 if you click on SCOPE tab you can specify both local and remote address. no? Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
iphonogasm Posted August 3, 2011 Author Posted August 3, 2011 I tried that. Added the local ip but it doesnt accept the connection Quote
ICTCity Posted August 3, 2011 Posted August 3, 2011 Remember that when a connection is made, the SERVICE runs on the same port (in your case it should be 8016), but the CLIENT, use a random port and you cannot predict which port will be used. In other words, you should write a rule which says: allow ANY or SPECIFIC IP from ANY port to connect to SPECIFIC IP and SPECIFIC PORT. Take a look here: http://lantoolbox.com/articles/configure-windows-firewall-using-command-line/ Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
iphonogasm Posted August 4, 2011 Author Posted August 4, 2011 Ok im pretty sure ive tried everything now. Ive tried setting up inbound rules in windows firewall with the specific port but it doesnt let me specify a internal host ip. I have an option for setting up a scope but this doesnt make sense as a scope is a range of ips eg 192.168.0.100 to 192.168.0.200. It asks for a remote scope and localnscope, however i just want it to accept connections from all wan ips and forward to a single internal host ie 3019 forwards to 192.168.0.130. I tried adding the single ip of the host in the local scope setting, still no go I also read somewhere that setting up port forwarding in windows firewall is not possible and has to be done through NAT. Also read about installing a "router" role. But cant find it anywhere. Im really despirate to get this going. Thanks! Quote
ICTCity Posted August 5, 2011 Posted August 5, 2011 I can forward traffic with windows firewall, and I'm not using NAT role... Try the following command: netsh routing ip nat add portmapping tcp 0.0.0.0 to retrieve the NIC name type: show interface let me know. Are you sure that your router is forwarding the traffic properly? Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts