DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall
How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall

image

I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house.  All very good, but when I set up the services none of it worked because of the built in Windows Firewall.  While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security.

A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world.  What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too:

Windows Firewall Settings: Optional Components

Windows Firewall Settings: Remote Administration Tools

Windows Firewall Settings: Server Roles

Windows Firewall Settings: Services 

The two key entries for me are below – DHCP and DNS.  Note that the DHCP entry has a wonderful tip saying that you will need to ensure 0.0.0.0 is included in the scope of the acceptable ports – i.e. you can not just set the scope to local network only.  This was my 1st mistake

Windows Firewall: DHCP server

Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server.

Important:

When you create a Windows Firewall exception for the DHCP protocol on a DHCP server, you must set the scope for the exception to Any computer including those on the Internet. If you leave it set to My network (subnet) only, all inbound DHCP Discover packets from client computers are dropped because the IP address of the packet is 0.0.0.0, which is not recognized by the computer as being part of the local subnet. This causes the DHCP process to fail and clients do not receive IP addresses.

Windows Firewall: DHCP server

 

On the DNS entry the thing which grabbed me was the ports other than 53 that were needed:

Windows Firewall: DNS server

Add UDP port 53 and TCP ports 53, 139, and 445 to the Windows Firewall exceptions list.

Windows Firewall: DNS server

 

Invaluable information!

 

ttfn

David

Posted Thu, Apr 10 2008 9:55 PM by David Overton
Filed under: , , , , , , , ,

Comments

Windows Server Firewall Exceptions for Remote Administration Tools « the back room tech wrote Windows Server Firewall Exceptions for Remote Administration Tools « the back room tech
on Thu, Apr 17 2008 4:30 PM

Pingback from  Windows Server Firewall Exceptions for Remote Administration Tools « the back room tech

jegs wrote re: How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall
on Sat, May 23 2009 8:32 PM

I have been trying to setup a home network to do a test deployment of Project Server, MOSS, Project Portfolio and SQL on separate virtual servers for the past month and a half.. I could never get the reach the DNS server from the other machines in order to join the domain I created in AD. Had several sleepness Friday and Saturday nights. I almost hit the roof when I found this link today (23-may-2009) and got the additional ports that needed to be opened! I had been to Microsoft site several times but there was so much information I did not know where to start reading.

Thanks David.

jegs.

Werner wrote re: How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall
on Thu, Oct 1 2009 2:17 AM

"... Any computer including those on the Internet ..." <- that it was, yeah! Thank you, now it works :)

Shane wrote re: How to get DNS and DHCP working on a Windows Server from behind the Windows Firewall
on Wed, Nov 17 2010 9:09 PM

THis worked for me . DNS and DHCP failed with Firewall turned on File and print server SBS 2003. Cheers

Add a Comment

(required)
(optional)
(required)  
Remember Me?

(c)David Overton 2006-23