I've got a weird issue with file share and firewall settings that has had me stumped for a couple of days. Hopefully someone can explain what I'm doing wrong or overlooking.
I've got a single dedicated box running Server Essentials 2012 hosted in a datacenter. The server is using a single NIC with a single static public IP address - no local routing or NAT.
I've also setup VPN access via RAS. Using NAT, VPN clients are assigned an IP from a static range of completely different IPs.
I'd like to ensure that file sharing services are only available to VPN clients, not over the public IP address to anyone connected to the internet.
I've tried setting the local and remote address scope on the default firewall rules for ports 138, 137, 139, 445 and even RPC rules, but shares remain accessible to everyone.
So far the only way I've been able to block access is to create new rules explicitly preventing traffic on the aforementioned ports, but that obviously blocks sharing for VPN clients as well.
Any insight is welcome. Sincere thanks in advance.