Re: IIS Outbound Ports

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Tom Kaminski [MVP] ((A_at_T))
Date: 03/09/04

• Next message: Jeffery MacLeod: "RE: Weird Error"
• Previous message: Tom Kaminski [MVP]: "Re: Query on byteserving"
• In reply to: Dominic Marsat: "IIS Outbound Ports"
• Next in thread: Ken Schaefer: "Re: IIS Outbound Ports"
• Reply: Ken Schaefer: "Re: IIS Outbound Ports"
• Messages sorted by: [ date ] [ thread ]

---

Date: Tue, 9 Mar 2004 08:08:50 -0500

"Dominic Marsat" <djmarsatAThotmail.com> wrote in message
news:uHSNVPcBEHA.3284@TK2MSFTNGP09.phx.gbl...
> I'm running IIS on a windows 2000 server
>
> The server is behind a firewall which only
> allows incoming connections on port 80
> (TCP & UDP) and blocks all others
>
> Users log onto the server using integrated
> windows authentication, anonymous access
> is disabled.
>
> Problem:
>
> If all outgoing ports, except port 80 (TCP
> & UDP) are closed users cannot access the
> site. Entries appear in the firewall logs but
> not in the website logs (i.e. their IP address).
>
> Temp Solution:
>
> Allow outgoing UDP ports in the range
> 1000-2000, although these connections
> never appear in the firewall logs, which
> made identifying the problem extremely
> difficult + users still report intermittent
> connection problems.
>
> Is this IIS related or due to the firewall
> (Netgear DG834)?

Windows Integrated authentication is not known to work from behind a
firewall - besides, the point of it is to allow automatic logon from
intranet clients on the same Windows domain as the web server. See:
http://support.microsoft.com/?kbid=264921

-- 
Tom Kaminski IIS MVP
http://www.iistoolshed.com/ - tools, scripts, and utilities for running IIS
http://mvp.support.microsoft.com/
http://www.microsoft.com/windowsserver2003/community/centers/iis/

---

• Next message: Jeffery MacLeod: "RE: Weird Error"
• Previous message: Tom Kaminski [MVP]: "Re: Query on byteserving"
• In reply to: Dominic Marsat: "IIS Outbound Ports"
• Next in thread: Ken Schaefer: "Re: IIS Outbound Ports"
• Reply: Ken Schaefer: "Re: IIS Outbound Ports"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: How to Maintain an IIS Server? ... > server running on a Windows 2000 server. ... before a firewall and antivirus have been installed]. ... open ports; however, this will not identify which program is using the port. ... (microsoft.public.inetserver.iis.security) Re: login attempts ... > Every day i have on my win2000 iternet server a lots of wrong login ... Windows by default allows ... You also need a firewall. ... the internet, except for those ports you know you're using. ... (microsoft.public.win2000.security) Re: How to Maintain an IIS Server? ... >> server running on a Windows 2000 server. ... > before a firewall and antivirus have been installed]. ... > program or executable using that port. ... (microsoft.public.inetserver.iis.security) [NT] Vulnerability in Server Service Allows Code Execution (MS08-067) ... Vulnerability in Server Service Allows Code Execution ... This security update resolves a privately reported vulnerability in the ... Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker ... Firewall best practices and standard default ... (Securiteam) Re: NETFW.INF, Preconfigured Firewall settings and dialogs ... it is Windows Server 2003 SP1 firewall that i'm using. ... Using the document '832017 Port Requirements for the Microsoft Windows ... > to achieve the following goal: some ports are open by default and others ... (microsoft.public.windows.server.networking)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Internet-Server  > microsoft.public.inetserver.iis  > 2004-03