Built-in firewall in windows allows connection from unauthorized IP

I

ixSci2010-10-22 15:36:54

Windows

ixSci, 2010-10-22 15:36:54

Good day to all!

The problem I'm having is this: I have Windows 7 Home premium with built-in firewall enabled. Firewall works in block inbound\allow outbound mode.
There is VirtualBox on which some ports are forwarded from the host machine. The firewall has rules for VirtualBox that allow inbound traffic on any protocol and port for this application. The only limitation is IP addresses, which are hardcoded into Scope/remote IP adresses. I have 4 IP addresses registered there (let's call them 1,2,3 and 4, respectively). Attempts to get into virtualBox ports with IPs that are not in the list fail miserably (which means everything works as it should). BUT! There is an IP address 5, which is not in the list and from which a person can easily bypass this rule! I don't know if this is a bug or a feature. But the fact remains, a person with an IP that is not on the list of allowed ones easily bypasses the firewall. Can anyone explain what I am facing?

A little more to the given:

My computer is behind a router, the router is in NAT mode. A person with IP=5 also sits at the router and nat. The only thing that unites us is one provider, as a result of which IP addresses (external, which are with routers) are from one pool.

Thanks in advance to everyone who wants to help!

Reply

Answer the question

In order to leave comments, you need to log in

7 answer(s)

B

bdmalex, 2010-10-22
@bdmalex

Can anyone explain what I am facing?
I think you need to contact Microsoft...

A

Albertum, 2010-10-22
@Albertum

Listen with a sniffer, for example, Wireshark, to all network interfaces in each situation - maybe something will clear up.

I

ixSci, 2010-10-22
@ixSci

I looked, I see passing packets and that's it. And I don't understand why :)

I

ixSci, 2010-10-23
@ixSci

Yes, a virtual server is registered in the router. Could you explain about playing with src and dst. And why it does not affect other addresses?

B

Backspace, 2010-10-24
@Backspace

In general, in vain you used only one number for IPs in the description of the problem - it’s not clear. They would invent subgrids at least so that you can see which IPs are in which grids. First, check the Bypass Nodes option on the Advanced tab in the rule settings. If it does not help, there are two ways to solve the problem.
The easiest one is to remove the default gateway in the machine spinning in virtualbox and enter static routes to the required 4 IPs, but at the same time it will fall off the Internet (if you don’t let it through the proxy) :)
The second is ipfw for Windows , which is guaranteed to close what not necessary. I can send the rules by mail, if that.

A

Ajex, 2010-10-24
@Ajex

You have made a block for INPUT traffic, but transit traffic passes through NAT, your blocking rules do not apply to it.
I am more than sure that the block will work inside the virtualbox (maybe it can be done there, also on the router). Windows also passes packets through itself without filtering.
In general, there is little information, it is difficult to present the whole picture. I recommend that you do not get hung up on the fact that Windows is not working correctly, but look for an error in yourself.

A

Ajex, 2010-10-24
@Ajex

Well, look, if you are familiar with Linux, it will be easier to understand.
There is an iptables firewall in ubuntu, there are various filtering chains there. For example, INPUT and FORWARD
INPUT are all that come to this
FORWARD machine