Re: Assistance Setting up IP Filtering in a 2003 Routing Remote Access Server
- From: "Nathaniel" <nbentzinger@xxxxxxxx>
- Date: Mon, 12 Feb 2007 16:27:37 GMT
Thank you Phillip for your reply:
So just as an example the Front End server which I Remote Desktop to should
be setup like the following:
Drop all packets except the criteria below:
External NIC Inbound Filter:
Source Network: Any
Destination Network: 192.168.100.102
Protocal: TCP
Src Port:
Dest Port: 3389
External NIC Inbound Filter:
Source Network: Any
Destination Network: 192.168.100.102
Protocal: TCP Established
Src Port:
Dest Port: 3389
"Phillip Windell" <@.> wrote in message
news:OXr6awJTHHA.1180@xxxxxxxxxxxxxxxxxxxxxxx
Filter on the External Nic. Not the Internal one.
Haven't messed with RRAS Filters in a long time and I don't have one here
to look at. But focus on the external Nic,...then outbound is really
outbound, and inbound is really inbound. That is backwards on the
internal nic because it is "centric" to the RRAS box itself (like Cisco
Routers do),..and there is no reason to filter at the internal nic anyway.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed (as annoying as they are, and as stupid as they
sound), are my own and not those of my employer, or Microsoft, or anyone
else associated with me, including my cats.
-----------------------------------------------------
"Nathaniel" <nbentzinger@xxxxxxxx> wrote in message
news:tC6zh.173441$Oc2.24872@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I'm looking to setup IP filtering on both internal and external NICs to
cut down on the amount streaming video/music traffic occuring in the
office on non-standard ports. Here is the current setup:
Routing server: Windows 2003 server standard w/two NICs on external to a
T-1 router and one to the internal network 192.168.100.x
The following services will need to be able to route to the internet and
are already setup in the firewall:
2x DNS servers (192.168.100.105, .106) requesting DNS queries from our
two external DNS servers (port 53 UDP queries?)
2x IIS servers (192.168.100.117, .116) TCP 80, TCP 21, TCP 20, TCP 443
1x Exchange server (192.168.100.108) TCP 443, 80, 25, 110, 143
Workstation Internet Access:
(192.168.100.x 255.255.255.0) TCP 80, TCP 21
I don't think DNS port 53 is need here because they will be communicating
w/the AD DNS servers internally.
I've tried setting it up in the past myself but it ends up never working
properly and I'm confusing myself with the inbound filter on the external
is actually the outbound of the internal NIC and such. Also the server
routing is attached to the AD network so it will also have to have thouse
ports opened to it on the internal NIC.
Any help how how to set this up would be great. TIA. Nate
.
- References:
- Prev by Date: Re: profile folder
- Next by Date: Remote Desktop connection bombs out when VPN initiated
- Previous by thread: Assistance Setting up IP Filtering in a 2003 Routing Remote Access Server
- Next by thread: Re: Assistance Setting up IP Filtering in a 2003 Routing Remote Access Server
- Index(es):
Relevant Pages
|
