Hello,
I have a problem with the Windows XP firewall (SP2), when I browse our web server with Internet Explorer or Firefox.
- With the Windows Firewall disabled, Wireshark can see Internet Explorer or Firefox is sending a number of SYN packets in quick succession to our web server, which we acknoledge with SYN-ACK packets. I can see too that the Windows client sends sometimes a RST packet. But the browsing of our web server is always OK.
- If I then enable the Windows XP firewall and do the same, the browsing of WEB server initiates sometimes the unaccess of our web server (during
I can see (with Wireshark) then that the Windows firewall dropped some SYN-ACK packets. Moreover, the Windows client closed the TCP port of this connection in progress before receiving SYN-ACK packet.
In the Windows XP firewall (pfirewall.log), I can see that the firewall dropped the connection of ou web server (10.12.1.2) with number 1064 TCP port (because the Windows client closed this port before receiving SYN- ACK packet) :
16:12:55 OPEN TCP 192.168.1.71 10.12.1.2 1329 80 - - - - - - - - - 16:12:55 CLOSE TCP 192.168.1.71 10.12.1.2 1329 80 - - - - - - - - - 16:12:55 DROP TCP 10.12.1.2 192.168.1.71 80 1329 44 SA 550383384 1616135431 4096 - - - RECEIVE 16:13:00 DROP TCP 10.12.1.2 192.168.1.71 80 1329 44 SA 550383384 1616135431 4096 - - - RECEIVE 16:13:10 DROP TCP 10.12.1.2 192.168.1.71 80 1329 44 SA 550383384 1616135431 4096 - - - RECEIVEWhy the firewall closed the TCP port in this example? Which are the conditions of closing a TCP port? Do you have an idea that explains this default, please?
I searched in newsgroup and googled around, but no hint to explain it.
I had the same default with Kerio firewall. I tried to understand how firewall works under Windows. But it's not easy. I understand that there are 2 zones of control "Hook" : one between NDIS and IP layer and an another between TDI (Transport Driver Interface) and Winsock. Then I don't see rules applied which concerns my problem. Is there a Web link where I should see?
Thanks
Cedric