17

In the firewall advanced security manager/Inbound rules/rule property/scope tab you have two sections to specify local ip addresses and remote ip addresses.

What makes an address qualify as a local or remote address and what difference does it make?

This question is pretty obvious with a normal setup, but now that I'm setting up a remote virtualized server I'm not quite sure.

What I've got is a physical host with two interfaces. The physical host uses interface 1 with a public IP. The virtualized machine is connected interface 2 with a public ip. I have a virtual subnet between the two - 192.168.123.0

When editing the firewall rule, if I place 192.168.123.0/24 in the local ip address area or remote ip address area what does windows do differently? Does it do anything differently?

The reason I ask this is that I'm having problems getting the domain communication working between the two with the firewall active. I have plenty of experience with firewalls so I know what I want to do, but the logic of what is going on here escapes me and these rules are tedious to have to edit one by one.

EDIT: Whats the difference between these two rules:

  • Let traffic from local subnet 192.168.1.0/24 access the SMB ports
  • Let traffic from remote subnet 192.168.1.0/24 access the SMB ports

where I have a lan port with an ip of 192.168.1.1 I think theres no difference

Ian

Ian Murphy
  • 1,329
  • 4
  • 19
  • 29

2 Answers2

11

Local IP addresses are referring to IP addresses of adapters on the server itself. Let's say you have a multihomed server with 192.168.0.2 and 10.10.10.10. If you specify only 10.10.10.10, the firewall will not consider the rule as matching to the traffic if it hits 192.168.0.2 instead.

Remote IP addresses are the source IP address from which the traffic came from. If you put in 20.20.20.20, then the rule will only apply if the traffic came from that IP address.

In this example, if you wanted to block domain authentication traffic from the adapter with the public IP address, you would specify the public IP address(es) for the local IP, and all remote IP's for the rule set to deny this traffic.

To allow it for the local IP'ed adapter, you would make a rule that specifies the internal IP address for local, and then the range of IP addresses that would include your domain controllers as remote, with an allow rule.

amargeson
  • 602
  • 3
  • 7
  • 1
    Whats the difference between these two rules: - Let traffic from local subnet 192.168.1.0/24 access the SMB ports - Let traffic from remote subnet 192.168.1.0/24 access the SMB ports where I have a lan port with an ip of 192.168.1.1 I think theres no difference, but the people developing this stuff know what they're doign and are not going to add pointless funcionality to the scope tab. ¿Why is it there? – Ian Murphy May 17 '10 at 10:30
-2

I could be wrong but I think it might have to do with the zone security that you get from going to Internet Options/Security. If you put the IP address in the local address area it will treat it as being in the Trusted Sites zone otherwise it treats it as being in the Internet zone.

heartlandcoder
  • 272
  • 1
  • 4
  • I don't think it has a link to the internet zones as 1) They are an IE concept and you don't need to have IE installed 2) You can have different settings for each user. There is only one firewall rulebase so it would be impossible to apply the rules based on zone settings for several conflicting users. Something similar did occur to me but I couldn't come up with any ideas which made sense. Ian – Ian Murphy May 17 '10 at 10:31