Configure Windows 7 Firewall or get other program?

timebandit1 · 31 May 2010

Hi

I have difficulties to configure Windows 7 Firewall as I want it to work.
So I tried several other firewalls but those seems not to be good or easy enough to configure more advanced with.
So maybe Windows 7 Firewall is the way to go?

I have 2 network cards on Windows 7 Desktop.

Internet and one Internal Net. Internet is shared with the Internal network.

I want to open these TCP/UDP ports for all network computers for example:
21 25 43 53 80 81 113 123 137:139 161 411:413 443 455 45 993

ALL other ports shall be blocked.

For IP 192.168.2.6 all ports shall be open.

How do I configure the Windows 7 Firewall for this configuration?
Or can you recommend any other firewall software? I have tried Comodo and PC Tools Firewall Plus and some more I can't remember.

//Kensy

z3r010 · 31 May 2010

I'm curious why you want to open all those ports, are you intending to run a web/mail/ftp server?

WindowsStar · 31 May 2010

If you really want to do this and be safe you will need to buy a hardware firewall. Configure the firewall to open those ports on the DMZ port of the firewall and then put the server/computer with those open ports in the DMZ. This way all your other computers will be protected on the LAN part of the firewall. Extremely simple and very safe.

zzz2496 · 31 May 2010

Hmm... What do you mean by "open" all of those ports? What exactly do you want to do with the network? Are you hosting something? Are you serving something? Windows Firewall defaults as a NAT to other "intranet" nodes, technically you can't open all those ports for all of your intranet nodes...

zzz2496

timebandit1 · 31 May 2010

Yes. I'm running some services that I need to open ports for. Also I want all other ports closed.
And some ports are for some applications that are configured for specific ports. And not all computers on the intranet should be able to have access to some ports.
Also is my Nintendo Wii installed as 192.168.2.6 and need all ports open as I havn't found out which ports really is neede for it yet.

Trying to understand Windows 7 firewall but it doesn't seem to work as I want.
I can make webbrowsing blocked on the Windows 7 computer but the LAN computers (192.168.2.2 and so on) can still access internet even then port 80-81 is blocked.
I want/need to block webbrowsing for a specific computer/IP.

Before I used a Linux computer and all this worked with the use of a simple Iptables script. There must be an application for Windows that can do this too?

WindowsStar · 31 May 2010

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

zzz2496 · 31 May 2010

Use "Windows Firewall with Advanced Security", that'll give you what you need. If you have experience with iptables, I suppose setting up Windows Firewall is child play... But you need to note, Windows firewall, however it's "advanced" according to MS - it's still consumer targeted product. You don't get "mangle", you don't get "packet filtering", and many other advanced firewall functions.

If you are so inclined (and if you have a moderately powerful computer), you can install a Linux distro in a VM, bridge the VM guest network interface with your Host machine, and make it your gateway instead of using Windows 7's. I have one machine setup like this at my workplace, working wonderfully so far (but I use Linux as the Host OS).

zzz2496

zzz2496 · 31 May 2010

WindowsStar said:

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

I think he's making his Windows 7 as a "firewall" in a sense...

zzz2496

WindowsStar · 31 May 2010

zzz2496 said:

WindowsStar said:

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

I think he's making his Windows 7 as a "firewall" in a sense...

zzz2496

Windows 7 is really not designed to do this. I agree with you (zzz2496) better to use a VM with *ix or a *ix box or I would just buy a hardware firewall, extremely simple, much faster and so much less configuration needed. If the Windows 7 machine acts up it will be hard to troubleshoot in the future.

timebandit1 · 31 May 2010

zzz2496 said:

WindowsStar said:

Confused: Are you trying to use your Windows 7 computer as a Proxy or Filtering system???

Blocking or opening ports on your Windows 7 machine will not affect the Wii unless you are using the Windows 7 as the connection to the internet.

I think he's making his Windows 7 as a "firewall" in a sense...

zzz2496

Kinda yes. As the Windows 7 machine have the Internet connection and shares that connection to all other computers with diffrerent criteria. So it will act as a Server, Firewall, NAT.
I though this could be easily done with a software as in Linux it worked really well with just a script with some functions.
I "migrated" from Linux to Windows to get rid of an extra computer and try optimize things. Guess this can't be done without any hardware?

I'm trying with "Windows Firewall with Advanced Security" but this seems not to get the work done. All changes only affects the local computer/Windows 7 but the LAN computers can do whatever they want.