Re: Assistance Setting up IP Filtering in a 2003 Routing Remote Access Server
- From: "Nathaniel" <nbentzinger@xxxxxxxx>
- Date: Mon, 12 Feb 2007 22:54:48 GMT
Thanks Phillip.
I just realized that all my hard work will be for nothing because itunes,
and music streaming servers use port 80 for streaming.
How can I filter out this non work related traffic?
"Phillip Windell" <@.> wrote in message
news:erF$OisTHHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
Looks ok to me, other than I never heard of "TCP Established", I would
think just the TCP would be "it".
I might want the Destination Network to actually be a network instead of a
single Host.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed (as annoying as they are, and as stupid as they
sound), are my own and not those of my employer, or Microsoft, or anyone
else associated with me, including my cats.
-----------------------------------------------------
"Nathaniel" <nbentzinger@xxxxxxxx> wrote in message
news:Yz0Ah.256620$L62.16257@xxxxxxxxxxxxxxxxxxxxxxxxx
Thank you Phillip for your reply:
So just as an example the Front End server which I Remote Desktop to
should be setup like the following:
Drop all packets except the criteria below:
External NIC Inbound Filter:
Source Network: Any
Destination Network: 192.168.100.102
Protocal: TCP
Src Port:
Dest Port: 3389
External NIC Inbound Filter:
Source Network: Any
Destination Network: 192.168.100.102
Protocal: TCP Established
Src Port:
Dest Port: 3389
"Phillip Windell" <@.> wrote in message
news:OXr6awJTHHA.1180@xxxxxxxxxxxxxxxxxxxxxxx
Filter on the External Nic. Not the Internal one.
Haven't messed with RRAS Filters in a long time and I don't have one
here to look at. But focus on the external Nic,...then outbound is
really outbound, and inbound is really inbound. That is backwards on
the internal nic because it is "centric" to the RRAS box itself (like
Cisco Routers do),..and there is no reason to filter at the internal nic
anyway.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
The views expressed (as annoying as they are, and as stupid as they
sound), are my own and not those of my employer, or Microsoft, or anyone
else associated with me, including my cats.
-----------------------------------------------------
"Nathaniel" <nbentzinger@xxxxxxxx> wrote in message
news:tC6zh.173441$Oc2.24872@xxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
I'm looking to setup IP filtering on both internal and external NICs to
cut down on the amount streaming video/music traffic occuring in the
office on non-standard ports. Here is the current setup:
Routing server: Windows 2003 server standard w/two NICs on external to
a T-1 router and one to the internal network 192.168.100.x
The following services will need to be able to route to the internet
and are already setup in the firewall:
2x DNS servers (192.168.100.105, .106) requesting DNS queries from our
two external DNS servers (port 53 UDP queries?)
2x IIS servers (192.168.100.117, .116) TCP 80, TCP 21, TCP 20, TCP 443
1x Exchange server (192.168.100.108) TCP 443, 80, 25, 110, 143
Workstation Internet Access:
(192.168.100.x 255.255.255.0) TCP 80, TCP 21
I don't think DNS port 53 is need here because they will be
communicating w/the AD DNS servers internally.
I've tried setting it up in the past myself but it ends up never
working properly and I'm confusing myself with the inbound filter on
the external is actually the outbound of the internal NIC and such.
Also the server routing is attached to the AD network so it will also
have to have thouse ports opened to it on the internal NIC.
Any help how how to set this up would be great. TIA. Nate
.
- References:
- Prev by Date: Re: DHCP Error
- Next by Date: Re: Remote Desktop connection bombs out when VPN initiated
- Previous by thread: Re: Assistance Setting up IP Filtering in a 2003 Routing Remote Access Server
- Next by thread: Re: XP box can't browse to PDC, but can other DC's
- Index(es):
Relevant Pages
|
