Why doesnt this 2008 firewall rule work?

tribz · 10 Apr 2012 at 11:03

Any ideas why the below doesnt work? When enabled, it blocks the local network as well.

smargh · 11 Apr 2012 at 20:07

Enable logging.

Presumably you have other rules that allow LAN access to this SQL service? Is it confirmed that SQL is definitely listening for connections?

tribz · 12 Apr 2012 at 13:16

smargh said:
Enable logging.

Presumably you have other rules that allow LAN access to this SQL service? Is it confirmed that SQL is definitely listening for connections?

If I set 'Any IP address' in both local and remote it works fine and I can connect to the SQL app on the local network and also over the internet.

I think I may be misunderstanding the Remote section. Upon further reading, I think remote means another address on the local network and not what I took it to mean which is a remote address on the internet.

DustyMiller · 12 Apr 2012 at 15:22

Surely that external address will be nat'ed to a local address on your firewall, so the server never actually see's the real external address hence the rule not working.

tribz · 12 Apr 2012 at 16:19

DustyMiller said:
Surely that external address will be nat'ed to a local address on your firewall, so the server never actually see's the real external address hence the rule not working.

The router is Natting to the server address and that works fine.

What I'm trying to achieve is to restrict inbound internet access to the remote IP range listed.

As soon as I enter that remote range, both local and internet access goes off.

I think that remote in this instance applies to restricting outbound traffic to certain IP addresses, not inbound which is what I'm trying to do.

atomiser · 12 Apr 2012 at 17:57

What I'm trying to achieve is to restrict inbound internet access to the remote IP range listed.

Why aren't you doing this at your perimeter firewall then, as opposed to on the server itself? Unless I'm missing something...?

tribz · 12 Apr 2012 at 18:29

atomiser said:
Why aren't you doing this at your perimeter firewall then, as opposed to on the server itself? Unless I'm missing something...?

I dont have a perimeter firewall. Just a router with NAT.

matthab · 13 Apr 2012 at 12:05

Looks like abit of a mess to be honest.

I take it you are specifying a range, is this correct? (I havnt got time to work it out)
Is it in the right group (Outbound or inbound rule)?

Deleted member 77746 · 13 Apr 2012 at 17:15

tribz said:
I dont have a perimeter firewall. Just a router with NAT.

You should have one.

tribz · 13 Apr 2012 at 17:16

matthab said:
Looks like abit of a mess to be honest.

I take it you are specifying a range, is this correct? (I havnt got time to work it out)
Is it in the right group (Outbound or inbound rule)?

How is it a mess? I'm simply trying to restrict an inbound service to a range using the tools ive got, a nat'd router and windows firewall

Yes, it is in the inbound section of windows firewall.