Windows Server 2008 Standard, firewall disabled by Group Policy but ports are still filtered

Question

Hihi,

So vanilla install of WS2008R2S, disabled FW with GP and trying grab SNMP with another host on the same subnet. The output of both if/ipconfig's and nmap -p 161 is below. Both machines running in VirtualBox with the connections bridged to the wireless adapter which is the only active connection on the host machine.

[root@localhost ~]# ping 192.168.11.122
PING 192.168.11.122 (192.168.11.122) 56(84) bytes of data.
64 bytes from 192.168.11.122: icmp_seq=1 ttl=128 time=5.50 ms
^C
--- 192.168.11.122 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 455ms
rtt min/avg/max/mdev = 5.508/5.508/5.508/0.000 ms
[root@localhost ~]# nmap -p 161 192.168.11.122

Starting Nmap 5.21 ( http://nmap.org ) at 2012-02-09 13:53 GMT
Nmap scan report for WIN-ERO1FIMO8N5.xxxxxxxx.com (192.168.11.122)
Host is up (0.00041s latency).
PORT    STATE    SERVICE
161/tcp filtered snmp
MAC Address: 08:00:27:E7:AA:E0 (Cadmus Computer Systems)

Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds
[root@localhost ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:E5:CD:BD
          inet addr:192.168.11.101  Bcast:192.168.11.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fee5:cdbd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9396 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4493 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3784239 (3.6 MiB)  TX bytes:2109091 (2.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1301 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1301 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:142214 (138.8 KiB)  TX bytes:142214 (138.8 KiB)

[root@localhost ~]#





Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : xxxxxxx.com
   Link-local IPv6 Address . . . . . : fe80::c82a:4a79:50bb:1832%11
   IPv4 Address. . . . . . . . . . . : 192.168.11.122
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.11.200

Any ideas? :(

EDIT

Partial netstat output...

TCP    [::]:49155             [::]:0                 LISTENING
TCP    [::]:49156             [::]:0                 LISTENING
TCP    [::]:49157             [::]:0                 LISTENING
UDP    0.0.0.0:161            *:*
UDP    0.0.0.0:500            *:*
UDP    0.0.0.0:4500           *:*
UDP    0.0.0.0:5355           *:*
UDP    192.168.11.122:137     *:*
UDP    192.168.11.122:138     *:*
UDP    [::]:161               *:*
UDP    [::]:500               *:*
UDP    [::]:4500              *:*
UDP    [::]:5355              *:*

Might be a dumb question, but did you enable any SNMP services? — Chris S, Feb 09 '12 at 14:08
Update, went back through the GP and re-checked all settings, firewall is definitely disabled and I'm not getting port closed instead of filtered. What's going on? : — Jake, Feb 09 '12 at 14:09
And yes, SNMP is enabled / configured. Will try it from another machine. — Jake, Feb 09 '12 at 14:09
Where is GPO are you disabling the firewall? Computer Config -> Policies -> Windows Settings -> Security Settings -> Windows Firewall -> Windows Firewall -> Properties -> Firewall State? — Chris S, Feb 09 '12 at 14:19
Yes and it's showing as disabled and controlled by GP in the Windows Advanced Firewall GUI. Added partial netstat output to main post, hopefully will help. — Jake, Feb 09 '12 at 14:24

score 2 · Answer 1 · answered Feb 10 '12 at 16:08

2

Did you explicitly allow SNMP service to allow packets from remote host IP address (Services, SNMP, properties, Security). It will only allow localhost by default.

answered Feb 10 '12 at 16:08

Dusan Bajic

2,056
1
18
21

score 1 · Answer 2 · answered Feb 10 '12 at 16:18

1

This post here will walk you through configuring the SNMP Service to your liking.

http://aaronwalrath.wordpress.com/2010/06/02/monitoring-windows-server-2008-r2-with-snmp-and-cacti/

answered Feb 10 '12 at 16:18

JohnThePro

2,595
14
23

score -2 · Accepted Answer · answered Feb 18 '12 at 14:05

-2

Something very odd to do with the VirtualBox instance. No matter, thanks anyway!

answered Feb 18 '12 at 14:05

Jake

82
6

Windows Server 2008 Standard, firewall disabled by Group Policy but ports are still filtered

3 Answers3