Unable to access remote server unless Windows Firewall is disabled


#1

I installed Glasswire on a couple of Windows machines, and while it works okay on each of those computers (one Windows 7, the other Windows 8.x), I’m unable to access the one on Windows 8.x from the one on Windows 7.

The Windows 7 PC has Windows Firewall disabled, but the firewall is enabled on the Windows 8.x PC. I discovered that disabling the firewall on the Windows 8.x PC allows remote access from the other PC to work.

I’ve set up wide open Windows Firewall rules on the Win 8.x PC for both Glasswire and its service, but that didn’t help.

Any ideas?


#2

We plan to update our website with detailed port forwarding instructions soon. Do you think that would help? Thanks for letting us know about this issue.


#3

I found the solution:

Go to the firewall-settings on Windows (the Windows Firewall with Advanced Security), in the Inbound Rules, search for the “Glasswire Service” - Entry and open the Properties.

In the properties, open the Tab “Programs and Services” and open in the section “Services” the Settings - Button

By default, it is checked at "Apply to this service “GlassWire Control Service”.

Change this to “Apply to all programs and services”.

That worked for me


#4

I also made screenshots for the firewall settings, but I´m not allowed to upload them here. If you are interesst, I can upload them to some image-sharing service and give you the links to it.


#5

In this case I don’t think it would help, since both computers involved are on the same subnet. But I’m sure I’ll need forwarding instructions at some point, because if Glasswire proves as useful as it appears, I’ll be using everywhere!


#6

I’m not certain, but it appears to me that this would open up the firewall to any kind of access by any program, and if so, that’s not what I want to do.


#7

No, it that case it means it would open the firewall for the application only, but at the moment how it is configured it allows only the service itself to connect to it. When you change the firewall-settings only to the program itself, then you tell the programm which service or programm can access this program.

Like you can specify for example to which programm is allowed to be connected to. In that case, the programm “Glasswire Control Service” can only be connected by the Windows Service “Glasswire Service”. But in our case, we want any programm or service being able to connect to the programm “Glasswire Control Service”.

So you won´t open your firewall completely, only you will allow any connection to the specifc programm “GlassWire Control Service”.


#8

I’m pretty sure that’s not what you’re doing there. Here’s a summary of the rule I have (yours may be different), and what you’re suggesting:

Name: Glasswire Service
Action: Allow the connection
Programs: …GWCtlSrv.exe (the Glasswire service binary)
Application Packages: Apply to all
Services: Apply to this service: Glasswire Control Service
Protocol: Any
Scope: Any/Any
Profiles: Domain/Private/Public
Interface types: All
Edge traversal: blocked

The way that rule is set up, it seems to me that it allows any kind of inbound access to the Glasswire service. Which should be sufficient, although apparently it’s not (hence my question).

What you’re suggesting is to take this rule and apply it to every service on the computer, so that any kind of incoming connection is allowed to reach every service on the computer. I don’t want to do that.


#9

Just make it easy: compare THIS Firewall-Setting with any other Firewall-setting (service) running on your computer which is allowed to connect to anywhere.

If you don´t belive me, just check every other manual defined firewall settings (not the Microsoft predifined because in those the settings are greyed out and can´t be changed) and see the settings on all the other programs.

Like if you have iTunes installed, check the firewall setting of iTunes (the Services: Apply to…)

What you’re suggesting is to take this rule and apply it to every service on the computer, so that any kind of incoming connection is allowed to reach every service on the computer. I don’t want to do that

This setting means: You can define what local running program or service can connect to that specifc firewall defined program. In that case, if you want to connect from ext. (which means another computer) to this in the firewall defined programm (in that case is the Glasswire Service), you must in the service section select “Apply to all”. If you select you want only allow one specific service to connect to THAT Glasswire service, then you can select that service.

Make it easier: You have a program A … and you create a firewall rule for program A. In that firewall rule for program A you can even specify if only a program or a windows service is allowed to connect to program A. It is an inbound connection. So if you want to connect to that program A from an external computer, you must change the settings for the program A specifc firewall setting.


#10

I clearly have a lot to learn about the Windows Firewall. I understand iptables well enough, but the Windows firewall seems more difficult to understand than it should be. Regardless, I did check some of the other rules that have been automatically added for other applications, and you are quite right that what you suggested is actually normal. I followed your advice and I’m now able to access the remote Glasswire server. Thanks for your patience!


#11

Hi jrivett,

no problem, I don´t take it personal when someone just needs a little bit more time to understand things… I myself have no idea of cooking, so for making noodles I need double the time than other people need…

The Windows Firewall since Windows 7 is more application orientated. You can specify which application is allowed to communicate with what. You can even specify one application to only connect to a specifc IP address only (or multiple addresses). You can even specify which application internal is allowed to connect with the loopback network to which other local application (like if you are a programmer and want to test some stuff on you local computer but you only want this specifc programm to connect only to another specifc program).

Once you know how it works, it gets very easy to configure stuff … I can even manipulate my web-browser to NOT connect to the AD-Servers once I know the IPs of those AD-Servers… like an adblock with the Windows Firewall :smiley:


#12

Using this kind of configuration u solved a problem and created a security flaw, i didn’t recomend


#13

Using the “apply to all programs and services” change, I am still unable to connect to my remote server.

If I disable the GlassWire firewall rule, then it spins its wheels with multiple connection attempts.
If I have the GlassWire rule enabled, then it immediately kicks back with “Server Does not accept remote clients”.

Server-> Windows Server 2012
Client-> Windows 8.1
GlassWire Version-> 1.0.30b


#14

This is still happening, even in the paid version of Glasswire. Version 1.1.7b on both client/server, Windows 8.1 on both client/server.

Attempting to connect via local IP with/without port specified times out after a while. Disabling firewall on the server immediately gives “Server does not accept remote clients”.

Not sure why it’s so difficult to add a server that’s sitting right next to me to the client list :frowning:


#15

We’re working on an update to GlassWire that adds a new feature that solves this problem. I think you may need to do some port forwarding https://www.glasswire.com/userguide/#Port_Forwarding but it’s difficult to give exact instructions since every router/network is different.