Windows Firewall blocking broadcast messages, can't get it to allow

1

1

I am in the 11th hour and desperately need help figuring out what is going on.

We have a game server that is broadcasting updates over 255.255.255.255 to our wireless devices. The messages are reaching the machine (verified through wireshark), but are being dropped by the local firewall. We have created rules to allow inbound traffic from UDP port 2304 as well as local port to the range seen below. We have gone as far as allowing all UDP ports for inbound and we still had the issue with the ports being blocked and showing up in the firewall log.

I am under the impression there is a superseding rule that is blocking this broadcast message but i cannot find anything in the gpedit local policy. Below is the blocked packets for reference.

System: Windows 7

Network: Static IPs, no Windows server/DHCP server.

2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2302 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2314 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2326 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2350 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2338 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2386 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2362 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2422 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2374 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2398 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2458 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2434 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2410 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2470 60 - - - - - - - RECEIVE 2014-09-30 19:26:11 DROP UDP 192.168.41.11 255.255.255.255 2304 2446 60 - - - - - - - RECEIVE

JeremyK

Posted 2014-10-01T19:00:35.683

Reputation: 121

1To verify that it's really the firewall, does disabling windows firewall allow the messages to get through? – Jim G. – 2014-10-01T19:02:57.583

I was under the impression that only things blocked by the firewall itself would shop up as DROP in the firewall log. Is that not the case? I am in the process of testing without a firewall on now to see if there are improvements or not, but hard to verify if the message gets through since the log stops reporting with firewall off. – JeremyK – 2014-10-01T19:07:08.163

Answers

1

Our best conclusion was that the network was being flooded with so much traffic that the firewall was acting out of the norm. Once we reduced the network load, it seems this problem went away.

JeremyK

Posted 2014-10-01T19:00:35.683

Reputation: 121

0

The 255.255.255.255 in the logfile is the subnet mask, the IP addresses sending the UDP packets is 192.168.41.11. You need to allow UDP Traffic from this IP address.

user3767013

Posted 2014-10-01T19:00:35.683

Reputation: 1 297

We have set the firewall to allow the ports seen in that log from any IP Address. The ports are still dropped according to this log. – JeremyK – 2014-10-01T19:31:06.523

Asked: 2014-10-01T19:00:35.683

Viewed: 6 532 times

Active: 2014-10-03T03:59:15.803