Whats the difference between local and remote addresses in 2008 firewall address

security windows-server-2008 windows-firewall

In the firewall advanced security manager/Inbound rules/rule property/scope tab you have two sections to specify local ip addresses and remote ip addresses.

What makes an address qualify as a local or remote address and what difference does it make?

This question is pretty obvious with a normal setup, but now that I'm setting up a remote virtualized server I'm not quite sure.

What I've got is a physical host with two interfaces. The physical host uses interface 1 with a public IP. The virtualized machine is connected interface 2 with a public ip. I have a virtual subnet between the two - 192.168.123.0

When editing the firewall rule, if I place 192.168.123.0/24 in the local ip address area or remote ip address area what does windows do differently? Does it do anything differently?

The reason I ask this is that I'm having problems getting the domain communication working between the two with the firewall active. I have plenty of experience with firewalls so I know what I want to do, but the logic of what is going on here escapes me and these rules are tedious to have to edit one by one.

EDIT: Whats the difference between these two rules:

  • Let traffic from local subnet 192.168.1.0/24 access the SMB ports
  • Let traffic from remote subnet 192.168.1.0/24 access the SMB ports

where I have a lan port with an ip of 192.168.1.1 I think theres no difference

Ian


Solution 1:

Local IP addresses are referring to IP addresses of adapters on the server itself. Let's say you have a multihomed server with 192.168.0.2 and 10.10.10.10. If you specify only 10.10.10.10, the firewall will not consider the rule as matching to the traffic if it hits 192.168.0.2 instead.

Remote IP addresses are the source IP address from which the traffic came from. If you put in 20.20.20.20, then the rule will only apply if the traffic came from that IP address.

In this example, if you wanted to block domain authentication traffic from the adapter with the public IP address, you would specify the public IP address(es) for the local IP, and all remote IP's for the rule set to deny this traffic.

To allow it for the local IP'ed adapter, you would make a rule that specifies the internal IP address for local, and then the range of IP addresses that would include your domain controllers as remote, with an allow rule.

Related

Hotmail marking messages as junk
Connecting to MySQL securely - MySQL's SSL vs Stunnel vs SSH Tunneling
ApacheBenchmark ab - SSL read failed - closing connection
What is preferable, "no-reply@" or "noreply@"? [closed]
Tips for maximizing Nginx requests/sec?
Is the Apache Directory directive supposed to be relative to the DocumentRoot or not?
Re-mount USB device after removal on Windows
Max number of socket on Linux
Support for virtual IPMI in a VM?
Can I enable both peer and md5 authentication for the same PostgreSQL local user in pg_hba.conf?
What's difference between monitoring, tracing and profiling?
SNMP Deprecated in Windows Server 2012