Re: Which Router for VPN and Webhosting

From: Leythos (void_at_nowhere.com)
Date: 09/14/03 

Date: Sat, 13 Sep 2003 22:48:39 GMT

In article <Xns93F5B33DDF130notmenotmecom@204.127.199.17>,
notme@notme.com says...
> Leythos <void@nowhere.com> wrote in
> news:MPG.19cd53c35359fdc0989c6a@news-server.columbus.rr.com:
[snip]
> > And just how will BID stop normal access of port 80?
> >
>
> Well, I was accepting all IP(s) on ports 20, 21 and 80 and any IP doing
> normal things in contacting my IIS machine, BlackIce let them through.
> Any IP that was doing TCP or UDP port scans O/S Finger Prints or SQL
> Slammer probes or scans things of this nature, BI would close the port to
> that IP, although I never exposed SQL Server, except for putting the

The Slammer and Port Scans on anything but forwarded ports would never
make it to BI - that's the great thing about a router - nothing makes it
into the LAN unless you forward it there.

> machine into the DMZ. And that was just to see what BI would do with

If you put a machine in the DMZ you may as well not have a router - the
DMZ IP is for a machine that gets ALL Ports not identified by specific
forwarding rules.

> accepting all IP(s) on the above ports. And this was being done for hours
> and days at a time just to see what would happen and nothing came pasted
> BI. Like I said before, the machines do not have anything of importance
> to me and I can rebuild and have rebuilt them at the drop of a hat.

If you use the DMZ on one of those routers you may as well not use the
router - DO NOT USE THE DMZ.

> > Actually, if it's not Windows NT Server or Windows 2000 Server or
> > Windows 2003 server it will allow up to 10 connections at a time -
> > providing your running a windows OS (Win XP Prof, 2000 Prof).
>
> That's not what I was told about the Workstation versions of those O/S's,
> when I asked about connectivity by multiple users coming at IIS on a
> Workstation O/S as opposed to IIS on the Sserver O/S. The information
> could have been wrong. I'll take your word on it.

I can assure you that Windows 2000 Professional and Windows XP
Professional support 10 connections. Windows Server support many
connections, and with a CPU license they can support unlimited anonymous
connections from FTP, IIS, etc...

> > In most cases you can run a HTTP server on the ISP's networks as long
> > as you require authentication to the server - meaning that you can not
> > allow anonymous access to it (easy to change in IIS).
>
> Again, I'll take your word on it. I never use anonymous login on
> anything. What my ISP came at me on was the FTP ports. Also, I would
> think that by the ISP doing http://ip and it popped a page or a login
> screen, that would be proof enough that something was there an easy
> program to write, in addition to other scanning the ISP may be doing.

Duane, I was on Road Runner using a router and running two web servers
and an exchange 2000 server at the same time. I use a simple Linksys
BEFSR41 and never had anyone get in. I called the local ISP and asked
them about the TOS and was told that as long as I was not running a
business, or that as long as I was not allowing anonymous access, that
it was permitted - YMMV. 

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: Remote Desktop web connection does not work outside my local N
    ... The web based method, using IIS, still requires you to port forward the RDP protocol to each PC ... > screen opens with the external ip of my router on the title. ... But I cant connect to any other machine on my network even ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Using Remote Desktop from outside my VPN, Please Help.
    ... You could use a service like No-IP.com that maps a fully qualified domain name to the ISP assigned dynamic IP address. ... If not then port forwarding of TCP Port 3389 through the work router to a dynamic address will fail at some point simply because rebooting the PC may cause it to be assigned a different IP from the work DHCP server. ... computer using Remote desktop on my LAN connection at work (we have a Belkin ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: IP Forwarding
    ... At first when we got Static IP's from the ISP there was no need to do PPPOE, ... > properties in IIS and change the binding to the proper interface. ... > like any other port forwarding. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Unable to telnet into port 25
    ... If they cannot connect to your exchange server from their office (presumably on the same network as your router) then the problem is either with the ISP end or your end of that line between those two points. ... Test the computer first from within your network and make sure that it can connect via port 25 in a telnet session. ...
    (microsoft.public.exchange.setup)
  • Re: IIS5 Passive FTP Networking problem (long)
    ... > Yes, it is within the port range, to calculate it. ... > Information About the IIS File Transmission Protocol (FTP) Service ... That leaves me only with the client side Microsoft Base Station router ...
    (microsoft.public.inetserver.iis.security)