Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

XP Firewall ANY INBOUND TCP / UDP PORT to a host from a given subnet

Posted on 2009-04-27
14
Medium Priority
?
277 Views
Last Modified: 2012-08-14
Hi,

I need to create the following inbound rule within the Group Policy in Windows Firewall, ive not not much luck so far, can anyone help please? I need:-

Any Tcp/Udp port inbound from the following subnets:-

10.50.4.0/255.255.255.0
10.50.5.0/255.255.255.0
10.1.0.0/255.255.0.0
10.100.1.0/255.255.255.0
10.81.0.0/255.255.0.0
10.100.50.0/255.255.255.0
10.100.13.0/255.255.255.0

Any help or advice would be much appreciated.
0
Comment
Question by:revingtosh
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 30

Expert Comment

by:flubbster
ID: 24243693
Check out this tutorial here:

http://www.hammer-software.com/articles/mlxpsp2/MetaLAN_xpsp2_GroupPolicy.html

Follow steps 1-8, then skip down to "allowing Port Exceptions"
0
 

Author Comment

by:revingtosh
ID: 24243757
Hi,

Thanks for the advice sage, but im afraid that doesnt answer the question.  I  need to open all ports and if i were to adopt your methos i would need 65535 lines (1 for each port)
0
 
LVL 30

Expert Comment

by:flubbster
ID: 24244612
ahhhhhhhhhhhh... so?????????????? Don't like to type ?????? lol

sorry about that... I guess I mis-understood. Will look into it a bit more for you.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:revingtosh
ID: 24244818
Thanks flubbster that would be fantastic.

Basically ive got 1 month to roll out XP Firewall to 1000 clients without AD!  The problem is that we have several management networks that all need to speak to the clients on anyport.  If i dont get this right, it will mean a repeat visit to the local client machines!

So i need to get something down and dirty in place just to tide us over until the new AD envionment is up and running.

I hope to hear from you soon.

Mike

Mike
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24246069
Have you looked over TCP/IP Filtering ?
 
How to configure TCP/IP Filtering in Windows Server 2003
0
 

Author Comment

by:revingtosh
ID: 24248078
Thanks for the post dtewartjr:-

I work in local government, as such we have had legislation imposed on us says that we MUST have a firewall product installed.  

There are 3rd party products on the market that would do this ruleset, but we only have a month so the organisation settled on XP Firewall because it is already present.

Are we saying that my question isnt solveable with XP Firewall then?
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24250807
This article shows you a way to add a port range to the windows firewall
http://www.newagedigital.com/cgi-bin/newagedigital/articles/ms-firewall-ftp.html
 
 
 Also you could just create an exception for the  program or a service, rather than define port numbers. Then, when the program creates its listening socket(s), the firewall dynamically opens whatever ports the program uses, and restricts incoming traffic to that process only.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24250864
This may or may not pertain to what you are trying to accomplish
How to configure RPC dynamic port allocation to work with firewalls
0
 

Author Comment

by:revingtosh
ID: 24258680
Keep 'em coming guys please!

So far, nothing seems to accomplish what i want to achieve.  I am aware that other products on the market will allow this, so im at a loss at to why XP Firewall doesnt.

Mike
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 24260429
XP firewall is very basic. Have you tried either adding an exception for the program or service that you are trying to unblock? Here are some other ways to customize XP's firewall.
http://www.windowsecurity.com/articles/Customizing-Windows-Firewall.html 
0
 

Author Comment

by:revingtosh
ID: 24261136
The problem is that we dont really know what we have!

Our thought was to put something in place that allowed all traffice from the IT Management VLANs using a local group policy. Once the centralised GP is in place we were then going to tie it down further.

The whole point of this exercise was to avoid having to visit each PC more than once!

Mike
0
 

Author Comment

by:revingtosh
ID: 24277894
Anyone?
0
 
LVL 20

Accepted Solution

by:
MightySW earned 2000 total points
ID: 24281128
Hi,
Flubster may come up with something, but the XP firewall has only exceptions, meaning rules that allow programs to listen for incoming connections per application or on a certain port.  You cannot use wild cards with the XP firewall and what you are asking of XP is completely unobtainable.  You cannot create rule based policies that dictate *all traffic from a particular subnet.  Vista and 2008 firewalls actually do this, but it is still limited.

MS designed XP firewall for exceptions only.  They did not include a full feature set for ingress capability.  I know that this isn't what you wanted to hear, but maybe Flubster will come up with something.

0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question