Re: TCP/IP Filtering Question
From: Herb Martin (news_at_LearnQuick.com)
Date: 01/27/05
- Next message: Herb Martin: "Re: TCP/IP Filtering Question"
- Previous message: danieltan_at_time.net.my: "AD domain home folder and roaming profile"
- In reply to: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Next in thread: Marcus: "Re: TCP/IP Filtering Question"
- Reply: Marcus: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 26 Jan 2005 18:15:35 -0600
"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:5Z-dneiEOsaygmXcRVn-qg@comcast.com...
> Thanks Herb, I learned everything I know from you - including my bad
habbits
> :) --- Steve
Just so you don't pick up my careless typing habits.
<GRIN>
-- Herb Martin > > "Herb Martin" <news@LearnQuick.com> wrote in message > news:%233gSYb$AFHA.3664@TK2MSFTNGP14.phx.gbl... > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message > > news:#0vvSF$AFHA.2540@TK2MSFTNGP09.phx.gbl... > >> For what you are doing you might want to try ipsec filtering policy using > >> permit and block fitter actions instead on that router computer. > > > > Follow Steven's advice (or use RRAS filters if this is > > on a router). > > > > Steve's advice to use IPSec is excellent and far to few > > people realize how well IPSec works and how general > > it is APART from doing the actual IPSec-Encryption. > > > > Block and Pass are quite effective. > > > > If you do > >> not want the same ipsec policy applied to both adapters, then configure > > the > >> actual IP address of the network adapter you want to filter instead of > >> "my > >> address". Ipsec filtering will not block multicast and broadcast traffic, > >> kerberos, IKE, or RSVP traffic by default if that is a concern, though a > >> registry mod can change most of that. Ipsec can also manage traffic in > > both > >> directions. The link below explains more. ---- Steve > > > > > > > > -- > > Herb Martin > > > > > > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message > > news:#0vvSF$AFHA.2540@TK2MSFTNGP09.phx.gbl... > >> For what you are doing you might want to try ipsec filtering policy using > >> permit and block fitter actions instead on that router computer. If you > >> do > >> not want the same ipsec policy applied to both adapters, then configure > > the > >> actual IP address of the network adapter you want to filter instead of > >> "my > >> address". Ipsec filtering will not block multicast and broadcast traffic, > >> kerberos, IKE, or RSVP traffic by default if that is a concern, though a > >> registry mod can change most of that. Ipsec can also manage traffic in > > both > >> directions. The link below explains more. ---- Steve > >> > >> http://www.securityfocus.com/infocus/1559 > >> > >> "Marcus" <Marcus@discussions.microsoft.com> wrote in message > >> news:9A90D9A0-EC72-4982-9A75-E1AA60323DDB@microsoft.com... > >> >I have a Windows 2000 Server acting as a router between two different > >> > networks (10.29.x.x and 10.22.x.x). I want to configure network > > 10.29.x.x > >> > to > >> > be only able to get to the server/router through port 443. I have tried > >> > enabling TCP/IP filtering on that network's NIC accepting only port > >> > 443, > >> > however, all this has done is block the PCs from getting an IP address > >> > from > >> > the DHCP server. Once I give the workstation a static IP in the > > 10.29.x.x > >> > range all traffic goes right through NIC and ignores the TCP/IP > >> > filters. > >> > Thanks for any help. > >> > >> > > > > > >
- Next message: Herb Martin: "Re: TCP/IP Filtering Question"
- Previous message: danieltan_at_time.net.my: "AD domain home folder and roaming profile"
- In reply to: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Next in thread: Marcus: "Re: TCP/IP Filtering Question"
- Reply: Marcus: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
