IPV4 Filter stopping the destinaton from listening

Question

I have been enabling WinRM in several machines and to provide strong security we have been putting in IPV4 filters on who can call them. I ran into an odd problem in that the source machine was 10.48.136.100. The destination machine that has WINRM running is 10.48.134.200.

On the destination machine, I have an IP filter set to 10.48.136.1-10.48.136.200. In theory, the 10.48.136.100 machine should be able to connect to 10.48.134.200 perfectly.

But it does not. After tracing down the issue, I find the destination machine is not even listening. If I change the IPV4 Filter to be *, then the destination machine will listen. If I change the IPV4 filter to be something like 10.48.136.1-10.48.136.200, 10.48.134.1-10.48.134.255 (i.e. include both the source and destination ranges), then the destination is listening again I was using the commands below to check if the WINRM is listening or not

On the destination machine

Netstat -atn | find "5985"
winrm enum winrm/config/listener

On the source machine, I am using

Test-WSMan -ComputerName 10.48.134.200

To me, the IPV4 filter is to limit those machines that can connect to me (i.e. the source of the WINRM requests), so why does the destination machine’s IP address also need to be in the range?

Notes:

This network is a flat network with no firewalls between the 10.48.134.* and 10.48.136.* networks.
On the destination machine, I tried 127.0.0.1 to see if this might be some odd “call-back” issue and that did not fix the problem.
On both the source and destination, IPV6 is disabled on the network stack and both machines are Win2008 servers. There are no IPV6 filters defined in WinRM

If anyone knows why the destination IP address must be in the IPV4 range for the destination to listen, I would appreciate it.

IPV4 Filter stopping the destinaton from listening

Answers (1)

Related Questions