Re: Blocking the world

From: sponge (mtubi@python.net)
Date: 12/14/02 

From: mtubi@python.net (sponge)
Date: Sat, 14 Dec 2002 11:55:34 GMT

*** post for FREE via your newsreader at post.newsfeed.com ***

Better yet, allow only those IPs of your local network to pass, and
add the following rule to your firewall (make sure it is BELOW or
last.)

Network Address: 0.0.0.0
Network Mask: 0.0.0.0
Action: DENY
Above this you would have, say, 192.168.0.1 for your LAN, and whatever
other addresses are on it, and, if needed, possibly addresses for DHCP
and your Router (Allow 0.0.0.0:67 and :68, and allow 255.255.255.255)
and perhaps 127.0.0.1
You should also disable traffic to all ports except 80 and/or 8080,
since you're doing web. You will, of course, need to allow 67 and 68,
and possibly 53, (for DNS) as I mentioned above. Open other ports on
an as-needed basis, such as if you decide to develop FTP.

On Tue, 3 Dec 2002 12:35:49 -0500, "\"Crash\" Dummy"
<dvader@deathstar.mil> wrote:

>>I have IIS installed for website developement and would like to know if
>it's
>>possible to block all access from the net whilst allowing local network
>>access only.
>
>Yes, it is. It is very easy, in fact. If you have your firewall set with a
>rule or an option to allow unfettered LAN access, that may be all you need.
>Just block the IIS ports to the internet.
>
>You can also set IIS for your LAN address. Your machine has two IP's, the
>LAN address (e.g. 192.168.0.1) and the internet address. By default, IIS is
>set to work with either, but you can set it to work with only one. Open
>"properties" for the Default Web Site in ISM, and there will be a drop down
>menu for "IP."
>
>>I know it's probably a very basic question but I'm still learning this
>>security lark. I'm using Sygate Personal Firewall Pro if that's any help
>
>I am not familiar with SPF, so I don't know what limitations, if any, it
>would impose on local connections.
>--
>Dave "Crash" Dummy
>Certified Dilettante
>crash@gpick.com
>http://lists.gpick.com
>
>

 -----= Posted via Newsfeed.Com, Uncensored Usenet News =-----
http://www.newsfeed.com - The #1 Newsgroup Service in the World!
-----== 100,000 Groups! - 19 Servers! - Unlimited Download! =-----
                  

Relevant Pages

  • Re: Trouble with SBS forward lookup zones
    ... You cant access from inside the local network? ... >From inside the lan you should not leave the lan to resolve an address that ... Create a new DNS record on your own server resolving the FQDN to the local ... > from a public IP via NAT rules on the firewall. ...
    (microsoft.public.windows.server.sbs)
  • Securing Web access from internet
    ... We have a web application on our LAN (based on IIS) and we want to make ... 1)I want to make sure that these users/workstation are authenticated ... BEFORE accessing the local network. ...
    (Security-Basics)
  • Re: Blocking the world
    ... >possible to block all access from the net whilst allowing local network ... Just block the IIS ports to the internet. ... You can also set IIS for your LAN address. ... LAN address and the internet address. ...
    (comp.security.firewalls)
  • [hardware] gigabit firewall
    ... I need some help finding the right hardware for a gigabit firewall. ... mixed 100/1000 MBit backbone ... in the local network ... I just measured the current packets/sec and packet sizes on ...
    (comp.security.firewalls)
  • Re: Local Network or Internet?
    ... You shouldn't make any changes in your router, since its firewall is ... designed to keep the Internet out, not the local network. ...
    (microsoft.public.windowsxp.network_web)