none
windows firewall: intermittently dropping connections? RRS feed

  • Question

  • I am developing an application that has a client and a server on a local area network using tcp. there is a server side firewall rule to allow connections to the server's port. most of the time the client will work.

    but sometimes the client will connect, be successful for a few transactions, and then get dropped by the firewall. I was able to see this in the logs.

    This may be a red herring, but I did a wireshark capture of the incoming packets, and saw that in a successful case, the client uses the same client side port for all of its transactions. In an unsuccessful case, the client opens and closes a connection and changes its source port on every transaction.

    example: firewall rule is set to allow incoming connections to 47050

    successful:

    port 49611 -> port 47050 for every transaction

    unsuccessful:

    port 49700 -> port 47050 for first transaction, successful, close the connection
    port 49701 -> port 47050 for second transaction,successful, close the connection
    port 49702 -> port 47050 for third transaction,successful, close the connection
    port 49686 -> port 47050 for fourth transaction,unsuccessful, firewall drops the connection
    port 49704 -> port 47050 for fifth transaction, successful,
    port 49705 -> port 47050 for sixth transaction, successful
    uses 49705 from now on

    ...

    Thanks for you help!

    Friday, March 22, 2013 6:35 PM

Answers

  • You didn't mention what your application is for, and you aren't posting the log from wireshark.

    It's very difficult for us to guess what case your proprietary transfer application with this kind of limited information. All I can tell you is that it's not normal Windows Firewall behaviour.

    And I'll suggest you to also take a look at other packets received, not just the packet sent to the port concerned. You might be able to find some clue there. (You can check whether other TCP/IP connections at the "unsuccessful" time also suffers packet drop, for example)


    Tuesday, March 26, 2013 1:56 AM

All replies

  • Hi,

    Is there a interval time for the firewall to drop the connections?

    To troubleshoot the issue, does there any more detailed error message?

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, March 25, 2013 3:46 AM
    Moderator
  • Not sure what you mean by interval, there is no interval setting in windows firewall rules.

    I looked at both the log configured at %systemroot%\system32\LogFiles\Firewall\pfirewall.log, and attempted to turn on audit logs via auditpol: http://msdn.microsoft.com/en-us/library/windows/desktop/bb736284%28v=vs.85%29.aspx. Both basically said that there was a drop event, but no further information.

    Monday, March 25, 2013 4:04 PM
  • You didn't mention what your application is for, and you aren't posting the log from wireshark.

    It's very difficult for us to guess what case your proprietary transfer application with this kind of limited information. All I can tell you is that it's not normal Windows Firewall behaviour.

    And I'll suggest you to also take a look at other packets received, not just the packet sent to the port concerned. You might be able to find some clue there. (You can check whether other TCP/IP connections at the "unsuccessful" time also suffers packet drop, for example)


    Tuesday, March 26, 2013 1:56 AM