Firewall Settings for Windows Home Server

We receive numerous posts in the Forums relating to Remote Access and Firewall Settings for Windows Home Server, often due to the UPnP features in Routers not being of a consistent standard. We’ve been encouraging users to post details of their experiences with different Routers. So if you haven’t updated this post and your Router is not listed, please do so!

If you are unfortunate enough to have a Router that UPnP support is questionable, then the best thing you can do is disable UPnP on the Router and configure it manually. This article won’t be able to cover each different Router configurations but I will show the ports required, and also the often forgotten area of the Windows Firewall when you are adding or changing ports.

The default ports required for Remote Access functionality are: -

Service or Protocol	Port
HTTP	TCP 80
HTTPS	TCP 443
Remote Web Workplace	TCP 4125

Some optional ones (FireFly and FirePlay users) and anyone wanting to Remote Desktop onto the server are:-

Service or Protocol	Port
RDP	TCP 3389
FireFly/FirePlay	TCP 9999

If you are lucky enough to have a router that fully supports UPnP then we have an Add-In available called WHS Port Forward which will assist you in configuring additional ports for other applications.

Alex wrote the WHS Port Forward Add-In to make configuring your Router for other applications and ports a breeze. In Alex’s words:-

WHS Port Forward is an Add-In for the Microsoft Windows Home Server
operating system. It allows the user to utilize the UPnP feature of Windows
Home Server to open forwarded ports from your router to your Home Server. This
is useful if you have installed a 3rd party application that requires incoming
access from the Internet. This Add-In removes the need to assign a static IP
address to your server or manually forward ports on your router. Simply
configure the port you would like forwarded, and let Windows Home Server handle
it for you.

Another area to consider when adding/changing ports is the Windows Firewall on the server.

For example, if you don’t want to use the built in Remote Web Workplace feature of Windows Home Server and would rather connect via Remote Desktop simply adding TCP port 3389 to your router is not sufficient to access your server remotely via Remote Desktop. Although TCP Port 3389 is already configured in Windows Firewall, it is by default set to local subnet only (i.e. inside your LAN) so you need to change this to either a Custom List or Any Computer (including those on the internet).

The Windows Firewall applet can be found in the Control Panel on the server, for convenience I’ve captured some screen-shots of the relevant screens once you have launched Windows Firewall. Please click on an image below to expand if required.

 

Now you have the exceptions listed, you need to scroll down the list until you find Remote Desktop and click on Edit.

 

 

There are obvious security implications when you make Windows Firewall changes on your Windows Home Server and you need to weigh up the pros and cons of opening up ports to your home network. But, doing so opens up many other possibilities to your server. Whether or not you install Orb to stream Music and Video over the internet or just have the convenience of accessing your Windows Home Server in other ways, the firewall settings in Windows Home Server and your router will need to work together in harmony!

Tagged as: Firewall Settings, Firewall Settings for Windows Home Server, RDP, Remote Desktop, UPnP, WHS, Windows Firewall, Windows Home Server