4

I'm running Vista x64 at work (upgrading to Win7 on Monday), and I've had a problem for awhile. When I have Windows Firewall turned on, I'm unable to connect to my machine from any other machine on the network. Turning it off makes my machine discoverable by other boxes, but I'd rather not do that, even though we have a firewall protecting our network from the outside.

I've gone through the firewall settings and checked exceptions for everything I could imagine might be related. Network Discovery, for example, is definitely checked and allowed, but navigating to \MACHINENAME from any other machine gives "The network name cannot be found."

Traceroute and ping both seem to know my machine's IP address, but time out. I'm assuming they know the IP because I'm connected via Citrix from my work machine to the box I'm testing the connection from.

Turning off the firewall completely makes everything work fine, but I've recently started using VPN so I can develop from home and RDP into my machine at work for mail and files. The VPN client uses split-tunneling, so if my home system gets owned, I don't want to get blamed for something getting into the network because everything on my work system was wide open.

TL;DR version: What are the minimum exceptions/ports-opened in Windows Firewall that would allow the system to be seen by other machines on the LAN and to open an RDP connection?

EDIT: After talking with my admin, we determined that machines on the same subnet can ping and RDP to my machine just fine, but machines on a different subnet can't. We assume it's just that the rules are a little more lax in the firewall for the same subnet. Is there a way to tell it to let other subnets access it using the same rules?

Chris Doggett
  • 143
  • 1
  • 6

2 Answers2

2

Is there a way to tell it to let other subnets access it using the same rules?

Yes, - Windows Firewall rules can apply to specific remote networks. So an inbound connection can be allowed when it originates from the local subnet, or it can be allowed when it originates from a specific address, or it can be allowed if it originates from "anywhere".

Check the particular rule.

For example, Control Panel ..> Windows Firewall...-> Advanced Settings ....> Inbound Rules ....>

enter image description here

Cheeso
  • 572
  • 3
  • 18
1

Go to "Windows Firewall with Advanced Security" on your win7 box right click inbound rules->new rule->predefined->select remote desktop-> Set the rest of the options as you please (best to not enable connection security until you are sure it works the way you want)

Also it won't show up in network unless it is sharing files, so just remember your machine name

yasth
  • 355
  • 1
  • 3
  • It has shared directories, and I can't get to them, nor to \\MACHINENAME\C$ without it saying "The network name cannot be found." Even ping and tracert can't find it with the firewall on. – Chris Doggett Jun 25 '10 at 16:09
  • does nslookup from your domain server return the proper IP address for the computer name? – jer.salamon Jun 25 '10 at 17:47
  • @xjerx: I'll ask the admin, as I don't have access to the domain server (I'm just a developer). – Chris Doggett Jun 25 '10 at 18:06