I have a Windows Home Server at home and I decided I wanted it to be responsible for handing out DHCP and DNS addresses in the house. All very good, but when I set up the services none of it worked because of the built in Windows Firewall. While I could have just turned off the Firewall I decided to learn how to put the holes into the firewall to make it work with the firewall, thus maintaining better security.
A quick search of the web showed me many settings, but it did not seem to cover the whole picture – then I came across the MS site Windows Firewall Settings which has things broken down into these four handy sections that shall for ever more be my guides to ports and firewalls in the Microsoft world. What is more, as you will see later, the tips in here as to how to get things working, getting over common hurdles is quite stunning too:
Windows Firewall Settings: Optional Components
Windows Firewall Settings: Remote Administration Tools
Windows Firewall Settings: Server Roles
Windows Firewall Settings: Services
The two key entries for me are below – DHCP and DNS. Note that the DHCP entry has a wonderful tip saying that you will need to ensure 0.0.0.0 is included in the scope of the acceptable ports – i.e. you can not just set the scope to local network only. This was my 1st mistake
Windows Firewall: DHCP server
Add UDP ports 67 and 2535 to the Windows Firewall exceptions list on the DHCP server.
Important:
When you create a Windows Firewall exception for the DHCP protocol on a DHCP server, you must set the scope for the exception to Any computer including those on the Internet. If you leave it set to My network (subnet) only, all inbound DHCP Discover packets from client computers are dropped because the IP address of the packet is 0.0.0.0, which is not recognized by the computer as being part of the local subnet. This causes the DHCP process to fail and clients do not receive IP addresses.
Windows Firewall: DHCP server
On the DNS entry the thing which grabbed me was the ports other than 53 that were needed:
Windows Firewall: DNS server
Add UDP port 53 and TCP ports 53, 139, and 445 to the Windows Firewall exceptions list.
Windows Firewall: DNS server
Invaluable information!
ttfn
David
Posted
Thu, Apr 10 2008 9:55 PM
by
David Overton