When I returned from a recent roadtrip, I can now no longer get to my Windows Home Server via the WHStray app or Print anything (it’s located on the WHS). I’ve browsed the setup/config on the Firewall and searched the fourms, but nothing seems to help. I’m sure I likely “blocked” something trying to access my PC on an open network while travelling, and that’s caused my problems now. Result is that I now have to have the Firewall turned off at home - bad idea!
Any help really appreciated. The only real info I can find is in the Firewall logs - blocked UDP traffic from Port 137 on the WHS [192.168.0.2]
That’s it! Port 137 (and 138) is used for Windows networking. What you may have done is to block a network that used the same network address range as your home LAN (192.168.0.X is very common). While you have probably done the right thing when you are away from home, the problem arises when you return (as you’ve discovered ;)).
One way around this is to set up firewall rules based on the MAC address of your home LANs devices, rather than the IP address.
To find the MAC address of your WHS server,
On your server, click START->RUN->CMD and press ENTER.
This will open a “DOS” window.
In the DOS window, type “ipconfig /all” (without the quotes) and press ENTER.
This will display the parameters of all network adaptors in your WHS box.
We’re looking for the PHYSICAL ADDRESS of the adaptor that is used to connect to your LAN.
Write this address down.
To create a rule using this address,
On your other PC, open CIS and click FIREWALL->ADVANCED->NETWORK SECURITY POLICY->GLOBAL RULES
Click ADD
In the Network Control Rule window, create a rule with the following parameters
Action : ALLOW
Protocol : TCP/UDP
Direction : IN
Description : Give this rule a meaningful name
Source Address : MAC ADDRESS - Type in the address we wrote down earlier
Destination Address : ANY (This means the PC running CIS)
Source Port : ANY
Destination Port : PORT RANGE - 137 to 139
Click APPLY
Use the UP button to ensure this ALLOW rule is above any exisitng BLOCK rules
In the Network Control Rule window, create a second rule with the following parameters
Action : ALLOW
Protocol : TCP/UDP
Direction : OUT
Description : Give this rule a meaningful name
Source Address : ANY (This means the PC running CIS)
Destination Address : MAC ADDRESS - Type in the address we wrote down earlier
Source Port : PORT RANGE - 137 to 139
Destination Port : ANY
Click APPLY
Use the UP button to ensure this second ALLOW rule is above any exisitng BLOCK rules
Click OK
I’d reboot just to make certain the rules get parsed properly.
That should do it. There’s probably a quicker, simpler way to do it, but setting the rules up manually, IMHO, gives you a better insight into how the firewall works.
Ewen - Thanks for the response and the suggestion. Tried it, and whatever was blocking the Server before, still is :-\
I’m guessing something under “Network Security Policy/Application rules” is the culprit… there seems a lot of nasty “Block” stuff under System and also svchost.exe. Question is, what can be changed/deleted safely… and which one is causing the problem? Can the firewall be somehow “reset” and then allow it to start learning all over again?
The Firewall rules we setup allow for inbound and outbound, but the traffic still needs to be allowed by an application level rule.
Question is, what can be changed/deleted safely... and which one is causing the problem?
The BLOCK action on System and SVCHOST.EXE are the root cause of the problem. I don’t know an easy way to find theone causing the problem other than reading through each one. You’re looking for a reference to port 137, 138 or 139. Please be aware it could also be a reference to a PORT SET and may have a name rather than a list of ports used. When you find the offending rule, delete it, reboot and wait for a prompt, whereby you can answer appropriately.
Hope this helps,
Ewen
P.S. If anyone knows a better way to identify the offending rule, please feel free to chip in.
Thanks for the pointers Ewen. Problem now fixed and I can slay massive amounts of trees on my printer again. Not quite sure which of the offending rules I deleted were causing it… and am a little worried I may have deleted some good stuff to.
Any ideas on what set of application rules should be there in a normal System and svchost.exe setup? I seemed to have several rules blocking to specific extraneous IPs (that I assume tried to ping me at some time and I “blocked”), and one that seemed to block almost everything – I deleted that last one and feel a little bit on edge about doing it :<(
