Whats the difference between local and remote addresses in 2008 firewall address

In the firewall advanced security manager/Inbound rules/rule property/scope tab you have two sections to specify local ip addresses and remote ip addresses.

What makes an address qualify as a local or remote address and what difference does it make?

This question is pretty obvious with a normal setup, but now that I'm setting up a remote virtualized server I'm not quite sure.

What I've got is a physical host with two interfaces. The physical host uses interface 1 with a public IP. The virtualized machine is connected interface 2 with a public ip. I have a virtual subnet between the two - 192.168.123.0

When editing the firewall rule, if I place 192.168.123.0/24 in the local ip address area or remote ip address area what does windows do differently? Does it do anything differently?

The reason I ask this is that I'm having problems getting the domain communication working between the two with the firewall active. I have plenty of experience with firewalls so I know what I want to do, but the logic of what is going on here escapes me and these rules are tedious to have to edit one by one.

EDIT: Whats the difference between these two rules:

  • Let traffic from local subnet 192.168.1.0/24 access the SMB ports
  • Let traffic from remote subnet 192.168.1.0/24 access the SMB ports

where I have a lan port with an ip of 192.168.1.1 I think theres no difference

Ian


Solution 1:

Local IP addresses are referring to IP addresses of adapters on the server itself. Let's say you have a multihomed server with 192.168.0.2 and 10.10.10.10. If you specify only 10.10.10.10, the firewall will not consider the rule as matching to the traffic if it hits 192.168.0.2 instead.

Remote IP addresses are the source IP address from which the traffic came from. If you put in 20.20.20.20, then the rule will only apply if the traffic came from that IP address.

In this example, if you wanted to block domain authentication traffic from the adapter with the public IP address, you would specify the public IP address(es) for the local IP, and all remote IP's for the rule set to deny this traffic.

To allow it for the local IP'ed adapter, you would make a rule that specifies the internal IP address for local, and then the range of IP addresses that would include your domain controllers as remote, with an allow rule.