Re: TCP/IP Filtering Question

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/26/05

• Next message: Brad Pears: "Re: network file copies/saves have dramatically slowed down"
• Previous message: Marcus: "TCP/IP Filtering Question"
• In reply to: Marcus: "TCP/IP Filtering Question"
• Next in thread: Marcus: "Re: TCP/IP Filtering Question"
• Reply: Marcus: "Re: TCP/IP Filtering Question"
• Reply: Herb Martin: "Re: TCP/IP Filtering Question"
• Messages sorted by: [ date ] [ thread ]

---

Date: Wed, 26 Jan 2005 15:53:16 -0600

For what you are doing you might want to try ipsec filtering policy using
permit and block fitter actions instead on that router computer. If you do
not want the same ipsec policy applied to both adapters, then configure the
actual IP address of the network adapter you want to filter instead of "my
address". Ipsec filtering will not block multicast and broadcast traffic,
kerberos, IKE, or RSVP traffic by default if that is a concern, though a
registry mod can change most of that. Ipsec can also manage traffic in both
directions. The link below explains more. ---- Steve

http://www.securityfocus.com/infocus/1559

"Marcus" <Marcus@discussions.microsoft.com> wrote in message
news:9A90D9A0-EC72-4982-9A75-E1AA60323DDB@microsoft.com...
>I have a Windows 2000 Server acting as a router between two different
> networks (10.29.x.x and 10.22.x.x). I want to configure network 10.29.x.x
> to
> be only able to get to the server/router through port 443. I have tried
> enabling TCP/IP filtering on that network's NIC accepting only port 443,
> however, all this has done is block the PCs from getting an IP address
> from
> the DHCP server. Once I give the workstation a static IP in the 10.29.x.x
> range all traffic goes right through NIC and ignores the TCP/IP filters.
> Thanks for any help.

---

• Next message: Brad Pears: "Re: network file copies/saves have dramatically slowed down"
• Previous message: Marcus: "TCP/IP Filtering Question"
• In reply to: Marcus: "TCP/IP Filtering Question"
• Next in thread: Marcus: "Re: TCP/IP Filtering Question"
• Reply: Marcus: "Re: TCP/IP Filtering Question"
• Reply: Herb Martin: "Re: TCP/IP Filtering Question"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Filtering incoming IP Protocols doesnt work ? ... Tcp/Ip filtering has its uses but is not well understood. ... As Roger said consider ipsec filtering. ... system, can filer ICMP, and can also manage outbound traffic. ... --- Steve ... (microsoft.public.win2000.security) Re: IPSec for Packet Filtering ... Another thing theat IPsec filtering lacks is any protection against IP ... Really, IPSec is OK if used in addition to a firewall, but is ... (microsoft.public.security) IPSec Filtering ... filters,..port filtering and Ipsec filtering. ... I am running Win2000 advanced servers in an Active ... The Port filtering is fine has I only need to allow Port ... When setting up IPSec filtering on these servers, ... (microsoft.public.win2000.security) Re: blocking ip address only one ... You need a firewall that can filter inbound traffic more granularly than the ... below has example of ipsec filtering. ... "I'm american not japanese!!!" ... (microsoft.public.security) Re: TCP/IP Filtering Question ... Steve's advice to use IPSec is excellent and far to few ... Ipsec filtering will not block multicast and broadcast traffic, ... > For what you are doing you might want to try ipsec filtering policy using> permit and block fitter actions instead on that router computer. ... If you do> not want the same ipsec policy applied to both adapters, then configure the> actual IP address of the network adapter you want to filter instead of "my ... (microsoft.public.win2000.networking)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)