Setting up hamachi windows xp blocked outgoing traffic. Windows Firewall with Advanced Security filtering inbound and outbound traffic. Why blocking may occur

As I have said many times in my articles on Windows Firewall with Advanced Security starting with Windows Vista and Windows Server 2008 R2, Windows Firewall by default improves the security of every computer in an organization by blocking all inbound traffic that has not been explicitly allowed. way. When you install an application or operating system component that requires inbound connections, the operating system automatically enables the inbound firewall rules and you do not have to manually configure them in most cases. If you open the snap-in directly from the control panel or by running the command wf.msc in the dialog box "Run", or on the command line, you will see that you already have some rules automatically enabled. For example, this might be a rule that is automatically created with the installation of Windows Live Messenger or when the Hyper-V role is deployed, as shown in the following illustration:

Figure: 1. Automatically generated rules for incoming connections

However, in all cases, Windows Firewall inbound rules are not automatically generated. For some applications that do not create default inbound rules, you will have to create rules manually. If such a program is installed on one computer or on several computers that are located in a workgroup, you can create rules directly in the snap-in Windows Firewall with Advanced Security... But what if the computers of your employees are members of the domain and there are dozens or even hundreds of such computers? In this case, for the administrator to enforce Windows Firewall rules in the organization, use Group Policy, which provides a similar interface.

In this article, you will learn how you can flexibly manage Windows Firewall with Advanced Security using Group Policy, namely how to create inbound and outbound connections for a specific group of users.

Create a Group Policy Object for Managing Windows Firewalls with Advanced Security

Before you can create inbound and outbound rules for Windows Firewalls in Security Mode for client computers in your organization, you need to find the organizational units that contain the computer accounts of your organization and create a GPO that will then contain a set of policies with settings specific to a specific set of computers. ... After that, using the snap-in, you will need to configure the rules for incoming and outgoing connections. There is nothing specific about creating a GPO for managing Windows Firewalls with Advanced Security. To do this, follow these steps:

After you have completed all of the previous steps, you can start creating inbound and outbound rules for Windows Firewall with Advanced Security.

Configuring Inbound and Outbound Rule

In this step, we will create an inbound rule that applies to Windows Live Messenger on port 1900 for Windows Vista and Windows 7 64-bit operating systems, and an outbound rule to allow requests from Internet Explorer in a GPO that was created in the previous section of this article. By default, members of the local Administrators group can also create and modify rules for inbound and outbound connections in the snap-in Windows Firewall with Advanced Security... These rules are combined with rules derived from Group Policy and applied to the computer's configuration. To create an inbound connection rule in the previously created GPO, follow these steps:

  1. In the node "Group Policy Objects" snap-in, select the previously created GPO, in this case, the object "Configuring Windows Firewall", right click on it "Change";
  2. In snap "Group Policy Management Editor" in the console tree, expand Computer Configuration \\ Policies \\ Windows Configuration \\ Security Settings \\ Windows Firewall with Advanced Security \\ Windows Firewall with Advanced Security \\ Inbound Rules. Right click the item "Rules for Inbound Connections" and from the context menu select the command "Create rule"as shown in the following illustration:

    3. Figure: 6. Creating a new rule for incoming connections

  3. On the first page New Inbound Rule Wizard you can choose one of the options, which are detailed below:
    • For the program... This type of firewall rule is used to create a rule to allow or block connections for a specific executable file, regardless of the port numbers used. For most people, this type of rule may be the most useful, since not everyone knows which ports a particular program uses. It is best to use this type of rule in most cases, but it should be noted that this type is not used if a particular service does not contain its own executable file;
    • For the port... This type of firewall rule is used to create a rule to allow or block communications for a specific TCP or UDP port, regardless of the program that generates the traffic. When creating a rule of this type, you can specify several ports at the same time;
    • Predefined... This type of firewall rule is used to create a rule that controls connections to a specific program or operating system service, which appears in the corresponding drop-down list. Some programs after their installation add their entries to this list to simplify the process of creating rules for incoming connections;
    • Customizable... This type of firewall rule creates a rule that can combine program and port information at the same time.

    4. In order to consider the maximum number of pages of the wizard, select the type "Custom Rule";


    Figure: 7. The Rule Type page of the New Inbound Rule Wizard

  4. On the page "Program" The New Inbound Rule Wizard lets you specify the path to the program that Windows Firewall with Advanced Security will check to see if network packets sent or received match this rule. In our case, set the switch to the option "Program path" and in the corresponding text box, enter "C: \\ Program Files (x86) \\ Windows Live \\ Messenger \\ msnmsgr.exe"as shown below:

    5. Figure: 8. The "Program" page of the New Inbound Rule Wizard

  5. On the page "Protocol and ports" of the New Inbound Rule Wizard, you can specify the protocol and ports used in the network packet that will match the current rule. If you need to specify several ports, you can enter them separated by commas. And if you need to specify an entire range of ports, separate the lower and higher ports with a hyphen. Let's take a quick look at the local port parameters for inbound rules:
    • All ports... The rule is applied to all incoming and outgoing connections via TCP or UDP;
    • Special ports... In this case, you can specify specific ports that will be used for incoming or outgoing connections via TCP or UDP;
    • RPC endpoint mapper... This value can be selected only for incoming TCP connections. In this case, the computer will receive incoming RPC requests over TCP through port 135 in an RPC-EM request, where a network service is indicated and the port number is requested on which this network service is listening;
    • Dynamic RPC ports... As with the previous value, this value can only be selected for incoming TCP connections, where the computer will receive incoming RPC network packets through ports that are assigned by the RPC runtime;
    • IPHTTPS... This value is only available for incoming TCP connections. In this case, it is allowed to receive incoming packets using the IPHTTPS tunneling protocol, which supports embedding IPv6 packets into IPv4 HTTPS network packets from a remote computer;
    • Bypassing nodes... You can select this value for inbound UDP connections only, which allows you to receive incoming Teredo network packets.

    6. For example, to specify TCP ports 80, 443, and 1900 for Windows Live Messenger, use the drop-down list "Protocol type" select "TCP", drop-down list "Local port" select value "Special ports", and in the text box below the above dropdown menu enter "80, 443, 1900"... Leave the dropdown value "Remote port" unchanged and click on the button "Further";


    Figure: 9. The "Protocol and ports" page of the New Inbound Rule Wizard

  6. On the page "Region" In this wizard, you can specify the IP addresses of local and remote computers whose network traffic will be applied for the current rule. There are two sections available here: local and remote IP addresses to which this rule will apply. In both the first and second sections, network traffic will match this rule only if the destination IP address is in this list. When choosing an option "Any IP address", the rule will be satisfied by network packets with any IP address, which will be specified as the address of the local computer or which will be addressed from any IP address (in the case of the rule for an incoming connection). If you need to specify specific IP addresses, set the radio button to the option "Specified IP Addresses" and a specific address or subnet using the dialog box that opens by clicking on the button Add... In our case, we will leave this page unchanged and click on the button "Further";

    7. Figure: 10. The "Scope" page of the New Inbound Rule Wizard

  7. On the page "Act" you can select the action to be performed for incoming or outgoing packets in this rule. Here you can choose one of the following three actions:
    • Allow connection... By choosing this value, you allow all connections that match the criteria specified on all previous pages of the wizard;
    • Allow secure connection... The current value for the Windows Firewall with Advanced Security rule allows connections only if they meet the criteria you specified earlier and are also protected by IPSec. We will not dwell on this value, as it will be discussed in detail in my next articles;
    • Block connection... In this case, Windows Firewall with Advanced Security will drop any connection attempts that match the criteria you specified earlier. Despite the fact that initially all connections are blocked by the firewall, it is advisable to choose this value if you need to deny connections for a specific application.

    8. Since we need to allow access for the Windows Live Messenger program, we set the switch to the options "Allow connection" and click on the button "Further";


    Figure: 11. The "Action" page of the New Inbound Rule Wizard

  8. On the page "Profile" of the New Inbound Rule Wizard, you can select a profile to which this rule will apply. You can choose either one of the three available profiles or several at once. Most often, either a profile is selected for an organization "Domain" or all three profiles. If your organization does not use AD DS or you are configuring firewall rules for your home computer, you will only need to specify the profile "Private"... Profile rules "Public" are created for public connections, which, in principle, is not safe to do. In our case, check the boxes on all three profiles and click on the button "Further";

    9. Figure: 12. The "Profile" page of the New Inbound Rule Wizard

  9. On the page "Name" specify a name for the new Windows Firewall with Advanced Security rule you created for an inbound connection, if necessary, enter a description for the current rule and click the button "Done".

    10. Figure: 13. The "Name" page of the New Inbound Rule Wizard

By default, Windows Firewall with Advanced Security allows all outbound traffic, which effectively exposes your computer to less risk of compromise than it does inbound traffic. But, in some cases, you need to control not only incoming, but also outgoing traffic on your users' computers. For example, malicious software such as worms and some types of viruses can replicate themselves. That is, if the virus was able to successfully identify a computer, then it will try by all available (for itself) methods to send outgoing traffic to identify other computers on the network. There are many such examples. Blocking outbound traffic is bound to disrupt most of the built-in components of the operating system and installed software. Therefore, when you enable outbound filtering, you need to thoroughly test each application installed on user computers.

The creation of outbound rules is slightly different from the above procedure. For example, if you have blocked all outgoing connections on user computers, and you need to open users access to use the Internet Explorer browser, follow these steps:

  1. If you need the Windows Firewall Outbound Rule to be assigned in a new GPO, follow the steps in Create a Group Policy Object for Managing Windows Firewalls with Advanced Security;
  2. In snap "Group Policy Management Editor" in the console tree, expand Computer Configuration \\ Policies \\ Windows Configuration \\ Security Settings \\ Windows Firewall with Advanced Security \\ Windows Firewall with Advanced Security \\ Outbound Rules. Right click the item Outbound Rules and from the context menu select the command "Create rule";
  3. On the wizard page "Rule type" select an option "For the program" and click on the button "Further";
  4. On the page "Program", set the radio button to option "Program path" and enter in the corresponding text box % ProgramFiles% \\ Internet Explorer \\ iexplore.exe or select this executable file by clicking on the button "Overview";
  5. On the page "Act" of this wizard, select the option "Allow connection" and click on the button "Further";
  6. On the page "Profile" accept the default values \u200b\u200band click on the button "Further";
  7. On the final page, page "Name", enter a name for this rule, for example "Rule for Internet Explorer Browser" and click on the button "Done".

In the details pane of the snap-in "Group Policy Management Editor" you should display the created rule, as shown in the following illustration:

Figure: 14. Created rule for outbound connection

Filtering assignment for the created rule

Now that you have created a GPO with an inbound and outbound connection rule, you need to pay attention to the next point. When creating the inbound rule, we specified the path to Windows Live Messenger for a 64-bit operating system. Are all computers in your organization equipped with 64-bit operating systems. If that's all, then you are very lucky and nothing else needs to be done. But if you have client computers with 32-bit operating systems, then you will face a problem. The rule just won't work. Of course, you can create different divisions for 32-bit computers and for computers with 64-bit operating systems, but this is not entirely rational. In other words, you need to specify in the snap "Group Policy Management"that the GPO should only be used on computers with a 64-bit operating system. You can create such a restriction using a WMI filter. You will learn more about WMI filtering in one of the following articles, but for now it is only worth dwelling on creating such a filter. To specify a WMI filter to detect 64-bit operating systems, follow these steps:


Conclusion

In this article, you learned how you can create Windows Firewall with Advanced Security rules for inbound and outbound connections using the snap-in Windows Firewall with Advanced Securityand also by using Group Policy for computers in the organization that are members of the Active Directory domain. The preliminary work is described, namely the creation of an organizational unit with computers, as well as a group policy object. We looked at examples of creating a custom rule for an inbound connection, as well as a rule like "For the program" for outgoing connection.

- a convenient application for building local networks via the Internet, endowed with a simple interface and many parameters. In order to play online, you need to know its ID, password to enter and make initial settings that will help ensure stable operation in the future.

Now we will make changes to the operating system parameters, and then proceed to changing the options of the program itself.

Configuring Windows

    1. Find the Internet connection icon in the tray. At the bottom we press "Network and Sharing Center".

    2. Go to "Change adapter settings".

    3. Find the network "Hamachi"... She should be first on the list. Go to the tab Arrange - View - Menu Bar... On the panel that appears, select "Extra options".

    4. Let's select our network in the list. Using the arrows, move it to the beginning of the column and click "OK".

    5. In the properties that will open when you click on the network, right-click on "Internet Protocol Version 4" and press "Properties".

    6. Enter in the field Use the following IP address Hamachi IP address, which can be seen next to the program's power button.

    Please note that the data is entered manually, the copy function is not available. The rest of the values \u200b\u200bwill be assigned automatically.

    7. Immediately go to the section "Additionally" and remove the existing gateways. Below, we indicate the value of the metric equal to "ten"... We confirm and close the windows.

    Let's move on to our emulator.

Program setting

    1. Open the parameters editing window.

    2. Select the last section. AT Peer-to-Peer Connections making changes.

    3. Immediately go to "Additional settings"... Find the string "Use a proxy server" and expose "No".

    4. In the line "Traffic filtering" select "Allow All".

    5. Then "Enable name resolution via mDNS protocol" put "Yes".

    6. Now find the section "Online presence", choose "Yes".

    7. If your Internet connection is configured through a router, and not directly via a cable, write the addresses "Local UDP Address" - 12122, and "Local TCP Address" – 12121.

    8. Now you need to reset the port numbers on the router. If you have TP-Link, then in any browser enter the address 192.168.01 and get into its settings. Login is carried out using standard credentials.

    9. In the section "Forwarding" - "Virtual Servers"... We press "Add new".

    10. Here, in the first line "Service port" enter the port number, then in "IP Address" - the local IP address of your computer.

    The easiest way to find out the IP is by entering in the browser "Find out your ip" and go to one of the sites to test your connection speed.

    In field "Protocol" introduce "TCP" (the sequence of protocols must be followed). The last point "Condition" leave unchanged. We save the settings.

    11. Now add the UDP port in the same way.

    12. In the main settings window, go to "Condition" and rewrite somewhere "MAC-Address"... Go to "DHCP" - "Address Reservation" - "Add New"... We register the MAC address of the computer (recorded in the previous section) from which the connection to Hamachi will be made in the first field. Next, we will register the IP again and save.

    13. Reboot the router using the large button (do not confuse with Reset).

    14. For the changes to take effect, the Hamachi emulator must also be restarted.

This completes the Hamachi setup in the Windows 7 operating system. At first glance, everything seems complicated, but by following the step-by-step instructions, all actions can be performed fairly quickly.

The popularity of the program, known as Hamachi, is due to the provision of a user-friendly and effective tool for creating VPN networks. Especially great demand for such software arises among gamers who prefer to wage online battles between a certain circle of players, without using the official servers of the game application for this purpose. Unfortunately, sometimes it becomes impossible to use the provided functionality, as a message appears: “incoming traffic is blocked, check the firewall settings”.

Naturally, initially you can easily be convinced of the problem that has arisen. To do this, just enable the traffic test:

  1. Go to the network control center (through the control panel and the "Network and Internet" menu).
  2. Select the connection that is used and upon activation of which the above inscription appears.
  3. A status menu will open, where you can contemplate that incoming traffic is blocked.

To rectify the situation, you will first need to know the possible root causes of its occurrence.

Why blocking may occur

There are several identified reasons that can lead to such a nuisance:

  • Blocking software by a system firewall or antivirus program;
  • Failure of the settings of the applied network equipment (router);
  • Lack of launching this application with admin rights;
  • Incorrect functioning of the program itself.

Based on this information, a solution can be easily found.

Correction

So, if Hamachi is unable to receive traffic, then it is recommended to do the following:

  1. Initiate a restart of the computer and router to exclude the possibility of the impact of a short-term failure.
  2. Make sure the software is activated with administrator rights.

The next step is to temporarily deactivate the antivirus and firewall software. Windows Defender turns off as follows:

  1. Click on "Start" and go to the search bar.
  2. Drive "Firewall" into it.
  3. Go to the proposed option.
  4. On the left side of the screen, click on the function that allows you to disable / disable the defender's work.
  5. In the proposed list, activate the shutdown modes. That is, from the four options, choose the second and last.
  6. Save the changes and try to start the program again.

While running the Hamachi program, which is designed to create VPN networks (virtual secure networks), the user may encounter the message “Incoming traffic is blocked, check the firewall settings”. Usually this is due to the functionality of antivirus programs and firewall, blocking the correct operation of Hamachi, but there are times when the cause of this dysfunction is the incorrect operation of the program itself. In this article I will tell you what is the essence of this dysfunction, what are its causes, and how to fix the error "Blocked incoming Hamachi traffic" on your PCs.

Use Hamachi software to create VPN networks

As you know, the Hamachi program is designed to create virtual private networks (VPN), allowing you to create secure networks on the Internet from remotely located computers, thereby imitating the connection between them in a regular local network.

This program is especially popular among users who actively use various game programs (Vikings, Red Alert 2, Dungeon Siege 3, Ludoria, etc.). With the help of "Hamachi" you can play with each other over the network, and this is even in the case when the official servers of the game are closed for some reason.

The occurrence of the "Blocked incoming traffic" error in Hamachi may have the following reasons:


How to fix "blocked incoming traffic" on Hamachi

After I explained what "Blocked incoming traffic to Hamachi" is, let's move on to the question of how to get rid of the error "Blocked incoming traffic, check the firewall settings". I recommend doing the following:


Conclusion

The problem "Hamachi: Blocked Inbound Traffic" is usually caused by the functionality of the firewall and antivirus software blocking the incoming network connection of the user's PC. To fix the problem "Blocked incoming traffic" in "Hamachi" I recommend temporarily disabling your firewall and antivirus, and if this does not help, use the alternative advice I suggested above. This usually allows you to normalize the work of the specified program, and then enjoy the stable functionality of "Hamachi" on your PC.

In contact with

In the section on the question HAMACHI. Traffic test: Incoming traffic is blocked, check the firewall settings specified by the author Legal awareness the best answer is Most likely like this: (I don't remember exactly what helped)
First, check as in the images, so that your game is not blocked (red sign)
And if not, then try as below and tell me what helped
Windows 7 / Windows 8
Go to "Control Panel":
Windows 7: Open the "Start" menu and click on "Control Panel".
Windows 8: Press Windows Key + X and select Control Panel.
Type "Firewall" in the search bar
Select "Windows Firewall" from the results obtained
Click on "More Options" in the left pane
Enter the administrator password to confirm the action when prompted by the computer. If you are not prompted, go to the next step.
Click on "Inbound Rules" in the left pane of the "Windows Firewall with Advanced Security" window
Click on "Create Rule ..." in the right pane
This will open the "New Incoming Rule Wizard" and you can enter the required port number and choose between "TCP" and "UDP"
My note, possibly wrong - it's easier, you can put "All local ports"
There is also a link on YouTube how to configure Hamachi (I did not set the network priority on Hamachi and I did not disable the Firewall and it works for me)
And one more thing, a friend of the Avast antivirus asked to remove it and install Microsoft Security Essentials
it may not solve, but it won't add any problems.

© 2020 Mobile and Computer Gadgets