locked
Allowing iSCSI through firewall RRS feed

  • Question

  • Hello, I just picked up the DroboPro and plugged it into my second onboard nic.
    After a couple of hours of trying to figure out why it connects via USB but not iscsi, i disabled the onecare firewall and everything worked.

    I'm allowing the drobo dashboard in teh onecare firewall settings, on the programs tab but that doesn't seem to be enough. 

    How do i enable iscsi thorugh the firewall just to my internal network?
    Thursday, May 28, 2009 2:28 AM

Answers

  • strum7,

    Missed the part in your first post about the second nic.  I believe this might be your problem since as I recall, OneCare will automatically treat all networks as public in this case.  I believe the original reason had something to do with the PC being used as a router, but this really doesn't matter, you just need to confirm if this is really true.

    Since you have confirmed the configuration with Drobo, I'd take that information to OneCare Support yourself.  They'll either confirm what I've said or try to provide a solution.  I wouldn't mention my guess about the two nics above, just mention the configuration and see if they come up with it independently.

    OneCareBear


    Windows OneCare Forum Moderator
    Thursday, May 28, 2009 8:30 PM
    Moderator

All replies

  • You're asking in the wrong place, you should be asking Drobo Support.

    Article ID 0417 : Which TCP/UDP ports need to be opened on a firewall for Droboshare?
    http://www.drobo.com/support/knowledgebase.php

    Use a portion of the above title or "iSCSI firewall" in the Knowledge Base "Search for" box to find articles relating to these issues.

    OneCareBear
    Windows OneCare Forum Moderator
    Thursday, May 28, 2009 4:39 AM
    Moderator
  • Hello oneCareBear,

    I would agree this is a Drobo issue if this was happening with Windows Firewall as well as onecare firewall.  I've already worked with Drobo and were able to get the right ports open to make it work with Windows Firewall. 

    But no matter what ports we open, Onecare firewall still blocks it.  After a bunch of searching, I've downloaded Microsoft Network Monitor to see if there is something blatently being blocked but there isn't and I'm not knowledgable enough to trace through that the other stuff.

    Can Onecare firewall work on two network cards on the same machine?  Is there a way to force onecare to open all ports between two IP addresses/devices but keep everything else running as normal? Here is some info on my machines IP address:

    Computer nic 1 --> goes to network and internet
    192.168.1.111
    255.255.255.0

    Computer nic 2 --> plugged into DroboPro directly
    169.254.22.103
    255.255.0.0

    IP address of the DroboPro
    169.254.213.234
    255.255.0.0

    I'm not a network guy so not sure if this is one subnet or two, and if it's two does Onecare work across two subnets?

    The case is still open with them and they are researching it still but I think they are going to push this back on Microsoft soon..

    Thursday, May 28, 2009 5:33 PM
  • strum7,

    Missed the part in your first post about the second nic.  I believe this might be your problem since as I recall, OneCare will automatically treat all networks as public in this case.  I believe the original reason had something to do with the PC being used as a router, but this really doesn't matter, you just need to confirm if this is really true.

    Since you have confirmed the configuration with Drobo, I'd take that information to OneCare Support yourself.  They'll either confirm what I've said or try to provide a solution.  I wouldn't mention my guess about the two nics above, just mention the configuration and see if they come up with it independently.

    OneCareBear


    Windows OneCare Forum Moderator
    Thursday, May 28, 2009 8:30 PM
    Moderator
  • Hi OneCareBear,

    I've now set the IP address to such so that everyone is one one flat network.

    Computer nic 1 --> goes to network and internet
    192.168.1.111
    255.255.255.0

    Computer nic 2 --> plugged into DroboPro directly
    192.168.1.125
    255.255.255.0

    IP address of the DroboPro
    192.168.1.130
    255.255.255.0

    As soon as I turn on OneCare firewall, I loose connectivity to my drive.  Soon as I turn it off, everything works.  If I turn on the default windows firewall, everything works. 

    I have no clue what what's being blocked by OneCare.  I have the same ports and applications allowed on both.

    Thanks

    Saturday, May 30, 2009 2:32 AM
  • I don't think it matters how you configure the networks, I believe the problem is that the oneCare firewall will automatically set at least one network to Public when two NICs are detected, even if you try to manually set both to Private.  I'm assuming here that you are using Vista, since that's where this usually occurs, but I believe even Windows XP will do something similar within the friewall settings if two or more are detected.

    Here's another thread where this is mentioned, though there may be better discussions you could search for with words like 'nics' or 'multiple' in the Search Forums box above.

    Firewall with multiple NICs
    http://social.microsoft.com/forums/en-US/onecarefirewall/thread/a90ed616-cb1d-410b-bcd4-d210f642b5e4/

    Based on these previous issues, I'd try moving the DroboPro to nic 1 assuming it's behind a router/nat firewall and disable nic 2.  If this works it's fairly clear the second nic is the issue.

    In case you aren't aware, OneCare will only be supported through the end of your subscription into 2010 anyway, so you might want to consider your options for the short and long term.  Since the replacement, 'Morro', will be anti-malware only and won't include a firewall, this issue will disappear at that point anyway.  See the Announcement 11-18-08 thread at the top of the General Froum for more.

    OneCareBear
    Windows OneCare Forum Moderator
    Saturday, May 30, 2009 8:39 PM
    Moderator
  • OneCareBear is correct. When there are multiple active network adapters, OneCare locks down the network to Public mode and pretty much everything is blocked.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare & Live Mesh Forum Moderator
    Sunday, May 31, 2009 2:23 AM
    Moderator
  • Just to follow up on this, I installed the drobopro on the network switch, instead of the second port on my PC.  Thereby hoping to bypass the issue above.  Even then it will not access the drobopro.  I had to disable onecare's firewall and only use the builtin windows firewall to get it to work. 

    Monday, July 27, 2009 10:46 PM
  • Thanks for returning to post that update.

    To bring you up to date, Microsoft Security Essentials (was Morro) was released as a limited public beta on June 23rd and is currently still being tested.  By the end of 2009 it will be available free, though as mentioned above it is only anti-malware, none of the other features of OneCare are included such as the firewall.

    This sounds like it may be exactly what you need though.

    Rob
    Tuesday, July 28, 2009 6:47 AM
    Moderator
  • Yeah will have to givet that a shot when it comes out. 

    On a side note, is there an simple tool, log file, or event i can check to see if the firewall is blocking something?  Network Monitor is a little over my head. 


    Thanks

    Tuesday, July 28, 2009 6:13 PM
  • Not sure if you will see it, but try the logging tab under Change Settings in OneCare and checkmark the firewall log detail box.

    Create the support log and it opens in your web browser.

    However, maybe this from Drobo's KB should help:
    Answer: 
    The DroboShare uses SMB over TCP so you would need port 445 open. If you want Drobo Dashboard to be able to connect through the firewall, the easiest way is to put it in the allowed programs list. If the firewall doesn’t have that function, you would need to open ports 5000 and 1024-65536. Dashboard connects to port 5000 and then randomly picks a port in the range to broadcast on. 

    -steve

    Microsoft MVP Windows Live / Windows Live OneCare, Live Mesh, & MS Security Essentials Forums Moderator
    Tuesday, July 28, 2009 7:17 PM
    Moderator
  • Thanks.  I saw that kb at drobos site.. how silly is it of them to tell us, open up all the RPC high ports on your firewall?  They need to redo their app instead of telling us to open up everything.

    Thanks for checking, i will try the firewall logging and see if I can catch anything.


    Tuesday, July 28, 2009 8:23 PM