Windows 7 firewall exception incoming scope rule for different subnet


  1. sdowney717
    Posts : 705
    Windows 7 Ultimate x64
       New #1

    Windows 7 firewall exception incoming scope rule for different subnet


    This one problem kept my win 7 PC from being able to be pinged and share files from incoming ubuntu PC on another LAN with a different subnet.

    I have 2 lans, 2 routers, each using a different range of IP.
    One is on 192.168.1.x
    Other is on 192.168.200.x

    I have a static route to direct packets from forward LAN to the other LAN. Only thing was Windows 7 kept blocking that route UNLESS the firewall for the private network was turned off. Even if you turn on sharing, etc... Windows 7 firewall only allows for the subnet LAN it exists on.

    So you have to put in a rule and change the scope
    The exception is to add your local lan ip range.
    For me it scope exception is 192.168.200.0/24

    screenshot and also shows the pings from ubuntu PC on different LAN works.

    Click Action, new rule, then custom, keep clicking next till you get to scope. Under Local IP, enter your LAN as I did.
    Apply it and it works.
    Attached Thumbnails Attached Thumbnails Windows 7 firewall exception incoming scope rule for different subnet-firewallruleworks.png  
      My Computer
    Quote Quote

  3. chev65
    Posts : 8,870
    Windows 7 Ult, Windows 8.1 Pro,
       New #2

    That's good to know sdowney717, I wasn't sure if Windows could manage sharing between two different subnets but adding the subnet range to the firewall rules looks like it works pretty well for this.

    You can also connect to both subnets with a single NIC by adding the secondary subnet to the advanced TCP/IP settings in IPv4 properties.
      My Computer
    Quote Quote

  4. sdowney717
    Posts : 705
    Windows 7 Ultimate x64
    Thread Starter
       New #3

    Is what you mean called binding an ip to a NIC?

    If so, give me an example of what I would have entered for the nic card.
    (Pictures help)

    The win7 PC is on 192.168.200.30
    Router2 is on 192.168.200.1

    Router 1 is on 192.168.1.1
    WAN ip for router2 which it gets automatically from router1 is 192.168.1.100
    WAN port of router2 is plugged into LAN port of router1.

    I left DHCP on for both routers. I assigned a manual IP to the win7 PC.

    the static route from router1 is setup as

    Dest IP 192.168.200.0
    Subnet 255.255.255.0
    Gateway IP 192.168.1.100

    This lets router1 know that packets of 192.168.200.x need to go to the attached device router2 at 192.168.1.100

    I had to yank a netgear router off my LAN and use a Verizon 7501 to get the static route to work. Fo some reason the WGT624v3 netgear always jumped IP when I setup a static route. I even tried forcing it manually and it would not work. Routers that dont route! Caused a lot of head scratching.

    My router1 is a nice old Gateway G wireless router.
      My Computer
    Quote Quote

  6. chev65
    Posts : 8,870
    Windows 7 Ult, Windows 8.1 Pro,
       New #4

    Pictures aren't really required, it's the same as setting up a static IP but you type both routes into the advanced TCP/IP settings for which ever adaptor you want to bind the subnets too.

    For some reason you are saying WAN IP but the first one is a LAN IP.
    WAN ip for router2 which it gets automatically from router1 is 192.168.1.100
    WAN port of router2 is plugged into LAN port of router1.

    Usually for dual router set up's you will want to disable DHCP on the secondary router but with your dual LAN's it might not work the same.

    Normally you would plug the secondary router into the LAN port on the first router, then connect the other router's LAN port, LAN to LAN. But this would depend on what you are using the second router for.

    This dual subnet network is rather strange, and I'm trying to figure out why someone would need to do this with all the available options for NTFS sharing.
      My Computer
    Quote Quote

 

  Related Discussions
i think this one will help, i have a Play station 4 , they told me to do exception so you can find lobby when you play online, can you please tell me which exception that i need to do so i can find players to play with Thank you very much Jalal.
Hello, hopefully this is right subforum to start this thread :) I've googled on how to quickly and easily enable/disable single Windows Firewall rule without having to open the firewall, going into advanced options, and eventually manually finding my rule there. Best I've found was two...
Hello, I have a little problem with the Win 7 Firewall Advanced settings. When I create a new rule (whatever rule, out or in, block or allow ...) the new rule appear in the middle panel list box, but if a make a refresh with the refresh option on the right panel the new rule disappear. Same...
The current situation: I disabled network connectivity to a particular IP on my Windows computer. In other words, if my system tries to connect to the internet through that specific IP address, it will not be able to do so. I disabled the connectivity as mentioned above, by following...
I am attempting to run a (legitimate) ADCH++ hub from my computer. I am trying to restrict access to few certain IP blocks. The problem that I encounter is that the auto-created firewall rules Windows creates are not able to be changed. In Windows Firewall with Advanced Security, when I attempt...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:22.
Find Us