A Computer Receives Network Traffic Only from Its Local Subnet or Specific Computers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Typically, you see this problem occur when a computer beyond your local subnet tries to access a shared folder, printer, or file on your computer and the connection fails. You might also see this problem if you've added a port or program to the exceptions list and the port or program blocks traffic from beyond your local subnet, but does not block traffic from within your local subnet.

Cause

This usually occurs because the scope of one or more exceptions on your computer has been restricted to your local subnet or to a specific group of computers.

By default, exceptions are not restricted in scope (that is, an exception applies to any computer, including computers on the Internet). However, you can configure the scope of an exception to your local subnet or to specific Internet Protocol version 4 (IPv4) addresses.

Solution

To fix this problem, first determine whether any of the exceptions in your exceptions list have restricted scope. Next, if there any scope restrictions, you need to expand the scope restriction.

To determine whether an exception has restricted scope

  1. Open Windows Firewall, and then click the Exceptions tab.

  2. On the Exceptions tab, click a program or port, and click Edit.

  3. Click Change scope.

    If an exception has restricted scope, My network (subnet) only or Custom list will be selected.

You can customize a scope restriction by using the Custom list option. The Custom list option allows you to enter specific IPv4 addresses or a range of IPv4 addresses. You cannot use the Custom list option for Internet Protocol version 6 (IPv6) traffic.

To configure a scope with specific IP addresses or IP address ranges

  1. Open Windows Firewall, and then click the Exceptions tab.

  2. If you are configuring the scope of a program or system service that is already in the exceptions list, click the program or system service, click Edit, and then do the following:

    1. Click the port that you want to configure, and then click Change Scope.

    2. Click Custom list, and then enter the comma-separated list of IP addresses or IPv4 address ranges.

  3. If you are adding a program or system service, click Add Program; if you are adding a port, click Add Port. Then do one of the following:

    1. In the Add a Program dialog box, click the program or system service that you want to configure, or click Browse and find the program or system service that you want to configure.

    2. In the Add a Port dialog box, type the exception name, type the port, and then select TCP or UDP.

  4. Click Change scope.

  5. In the Change Scope dialog box, click Custom list, and then enter the comma-separated list of IPv4 addresses and IPv4 address ranges.

Important

The My network (subnet) only or Custom list scope options do not necessarily increase your security. Malicious users can circumvent these scope restrictions by spoofing an IP address that appears to be directly reachable or part of the custom list.