Configure Windows 7 Firewall or get other program?

[timebandit1]

Hi

I have difficulties to configure Windows 7 Firewall as I want it to work.
So I tried several other firewalls but those seems not to be good or easy enough to configure more advanced with.
So maybe Windows 7 Firewall is the way to go?

I have 2 network cards on Windows 7 Desktop.

Internet and one Internal Net. Internet is shared with the Internal network.

I want to open these TCP/UDP ports for all network computers for example:
21 25 43 53 80 81 113 123 137:139 161 411:413 443 455 45 993

ALL other ports shall be blocked.

For IP 192.168.2.6 all ports shall be open.

How do I configure the Windows 7 Firewall for this configuration?
Or can you recommend any other firewall software? I have tried Comodo and PC Tools Firewall Plus and some more I can't remember.

//Kensy

 

[z3r010]

I'm curious why you want to open all those ports, are you intending to run a web/mail/ftp server?

 

[WindowsStar]

If you really want to do this and be safe you will need to buy a hardware firewall. Configure the firewall to open those ports on the DMZ port of the firewall and then put the server/computer with those open ports in the DMZ. This way all your other computers will be protected on the LAN part of the firewall. Extremely simple and very safe.

 

[zzz2496]

Hmm... What do you mean by "open" all of those ports? What exactly do you want to do with the network? Are you hosting something? Are you serving something? Windows Firewall defaults as a NAT to other "intranet" nodes, technically you can't open all those ports for all of your intranet nodes...

zzz2496

 

[timebandit1]

Yes. I'm running some services that I need to open ports for. Also I want all other ports closed.
And some ports are for some applications that are configured for specific ports. And not all computers on the intranet should be able to have access to some ports.
Also is my Nintendo Wii installed as 192.168.2.6 and need all ports open as I havn't found out which ports really is neede for it yet.

Trying to understand Windows 7 firewall but it doesn't seem to work as I want.
I can make webbrowsing blocked on the Windows 7 computer but the LAN computers (192.168.2.2 and so on) can still access internet even then port 80-81 is blocked.
I want/need to block webbrowsing for a specific computer/IP.

Before I used a Linux computer and all this worked with the use of a simple Iptables script. There must be an application for Windows that can do this too?

 

[WindowsStar]

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

 

[zzz2496]

Use "Windows Firewall with Advanced Security", that'll give you what you need. If you have experience with iptables, I suppose setting up Windows Firewall is child play... But you need to note, Windows firewall, however it's "advanced" according to MS - it's still consumer targeted product. You don't get "mangle", you don't get "packet filtering", and many other advanced firewall functions.

If you are so inclined (and if you have a moderately powerful computer), you can install a Linux distro in a VM, bridge the VM guest network interface with your Host machine, and make it your gateway instead of using Windows 7's. I have one machine setup like this at my workplace, working wonderfully so far (but I use Linux as the Host OS).

zzz2496

 

[zzz2496]

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

I think he's making his Windows 7 as a "firewall" in a sense...

zzz2496

 

[WindowsStar]

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

I think he's making his Windows 7 as a "firewall" in a sense...

zzz2496

Windows 7 is really not designed to do this. I agree with you (zzz2496) better to use a VM with *ix or a *ix box or I would just buy a hardware firewall, extremely simple, much faster and so much less configuration needed. If the Windows 7 machine acts up it will be hard to troubleshoot in the future.

 

[timebandit1]

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

I think he's making his Windows 7 as a "firewall" in a sense...

zzz2496

Kinda yes. As the Windows 7 machine have the Internet connection and shares that connection to all other computers with diffrerent criteria. So it will act as a Server, Firewall, NAT.
I though this could be easily done with a software as in Linux it worked really well with just a script with some functions.
I "migrated" from Linux to Windows to get rid of an extra computer and try optimize things. Guess this can't be done without any hardware?

I'm trying with "Windows Firewall with Advanced Security" but this seems not to get the work done. All changes only affects the local computer/Windows 7 but the LAN computers can do whatever they want.

 

[zzz2496]

You can, virtualize ! But I'd use a "hardware" firewall/router instead of using Windows (any Windows) to do that... Btw, use the "better" routers - don't use consumer/"SOHO" class routers, the software embedded in them are "child play" compared to iptables...

zzz2496

 

[WindowsStar]

Here is a commercial grade firewall for cheap. I have owned several over the years work perfectly. Once you buy it, flash it to the newest release and then register it under your name and you will get free upgrades for a year. After that you will need to pay, but I wouldn't once everything is configured is will run for years and years without issues.

sonicwall 2040 firewall - eBay (item 160439009074 end time Jun-01-10 07:07:59 PDT)

 

[timebandit1]

I was hoping not to buy anything and manage with what I have.

So you mean that I can't make this I wanted without running VM or something? There's no Software that can do this like the Iptables functions in Linux?

 

[zzz2496]

There are other software firewalls out there that can do similar to what iptables can do... Windows firewall can do some of what iptables can do, but seriously, are you really really want to expose your Windows box to the world?

zzz2496

Ps. read my first post, in the "Advanced Security" mode, you should see all of Windows firewall's "options".

 

[WindowsStar]

I was hoping not to buy anything and manage with what I have.

So you mean that I can't make this I wanted without running VM or something? There's no Software that can do this like the Iptables functions in Linux?

I guess this depends on what you want. Do you care about security? Do you care about if someone gains access to your computer? Do you care about identity theft, etc. etc. etc.

If it were me under $400 is a very very small price to pay for keeping your identity and data safe. However if you really don't want to spend the money, second choice is to use and old computer with *ix on it and it will work great as a firewall. Or if you really want to not have another device then go with a VM and *ix load, but keep in mind if the VM is down others are down, if you need to reboot others are down, etc. The hardware is you best solution IMHO.

 

[timebandit1]

If it were me under $400 is a very very small price to pay for keeping your identity and data safe. However if you really don't want to spend the money, second choice is to use and old computer with *ix on it and it will work great as a firewall. Or if you really want to not have another device then go with a VM and *ix load, but keep in mind if the VM is down others are down, if you need to reboot others are down, etc. The hardware is you best solution IMHO.

Yes. If the VM is down/rebooting all other loose their internet etc. That setup I had for some years with a Linux computer acting as router/firewall. Now I want to replace Linux with Windows 7 as I also use that computer to watch movies and the sound system.
Just to make the using of that computer easier.

Ps. read my first post, in the "Advanced Security" mode, you should see all of Windows firewall's "options".

I have tried that out but still IP 192.168.2.5 (Laptop) can do whatever he want to. Getting full access to everything while Windows 7 (that has the firewall) can't do much.
The settings seems not to affect any computer connected to the second network interface (192.168.2.2).

 

[WindowsStar]

My best suggestion if you are trying to get away from *ix would be purchase/use a machine as a Windows Server. Install Windows Server 2003/2003R2/2008/2008R2 on that machine and you can configure Windows Server to do what you are asking. Windows 7 was not designed for this. Windows 7 is really a client operating system.

 

[zzz2496]

If it were me under $400 is a very very small price to pay for keeping your identity and data safe. However if you really don't want to spend the money, second choice is to use and old computer with *ix on it and it will work great as a firewall. Or if you really want to not have another device then go with a VM and *ix load, but keep in mind if the VM is down others are down, if you need to reboot others are down, etc. The hardware is you best solution IMHO.

Yes. If the VM is down/rebooting all other loose their internet etc. That setup I had for some years with a Linux computer acting as router/firewall. Now I want to replace Linux with Windows 7 as I also use that computer to watch movies and the sound system.
Just to make the using of that computer easier.

Ps. read my first post, in the "Advanced Security" mode, you should see all of Windows firewall's "options".

I have tried that out but still IP 192.168.2.5 (Laptop) can do whatever he want to. Getting full access to everything while Windows 7 (that has the firewall) can't do much.
The settings seems not to affect any computer connected to the second network interface (192.168.2.2).

Hmm... I'm confused, what exactly do you want this laptop NOT to be able to do?

zzz2496

 

[polarbear]

Hardware firewall is a must if you want to disable all other settings... Take the ppls advice or you will surely have other problems before long... GL