Re: hardware firewall

From: Stephen (triple_des_at_hotmail.com)
Date: 01/06/04 

Date: Mon, 5 Jan 2004 23:23:35 -0800

If inbound NAT is used it will not be possible to do any host based IP
security as all inbound traffic will be behind the router IP addressing.

But anyway, lets stop all the messing and recommend that any firewall worth
considering can do what we are trying to do. If we have no budget then I
would suggest using the free smoothwall firewall www.smoothwall.org It only
requires a very basic PC and will do exactly what we are trying to
accomplish.

Anyway I am from Ireland and it is getting late here must go to bed. Thanks
for the interesting conversation hope we can have more of them.

Regards

Stephen

"Leythos" <void@nowhere.com> wrote in message
news:MPG.1a63b7ec9dcc520898a03a@news-server.columbus.rr.com...
> In article <YxlKb.3347$HR.7707@news.indigo.ie>, triple_des@hotmail.com
> says...
> >
> > "Leythos" <void@nowhere.com> wrote in message
> > news:MPG.1a63a76e1619da1298a039@news-server.columbus.rr.com...
> > > In article <HOkKb.3342$HR.7602@news.indigo.ie>, triple_des@hotmail.com
> > > says...
> > > > I think IPSec Filters are a better option, you just have more
control.
> > > >
> > > > ""Crash" Dummy" <dvader@deathstar.mil> wrote in message
> > > > news:vviro7ag8uko66@corp.supernews.com...
> > > > > >Most Web Server software (including MS IIS) has an ALLOW / BLOCK
list
> > > > > >already built into them - just add the IP in the site
configuration.
> > > > >
> > > > > Where is the Allow/Block list in IIS? I use firewall rules to
allow a
> > few
> > > > > specific users to access my IIS. (I just have the "lite" version
that
> > > > comes with
> > > > > W2K Pro.) The only way I see to restrict access in IIS is with
> > > > > username/password, not by IP.
> > >
> > > How about showing us how one would configure IPSec filters for a IIS
box
> > > that appears to still have to let the user work with it on the
existing
> > > network? (please bottom post)
> > >
> > > --
> > > --
> > > spamfree999@rrohio.com
> > > (Remove 999 to reply to me)
> >
> > Hi Leythos
> >
> > You simple need to include rules for the local subnet or what ever
subnet
> > that allow tcp 135,139,445 and UDP 135,137,138,445 there may alos be
> > additional port but that is the common port for Microsoft Networking.
Oh
> > and of course TCP 80 for local web access. BUT BUT BUT. if this is a
web
> > server it shouldn't have MS networking and should be hardening and in a
DMZ,
> > hence should only be fulfilling web needs. After all we don't want to
be
> > putting are Internal Network on the Internet (dont mean to sound
sarcastic)
> >
> > Hope this is the reponse you where looking for
>
> Thanks for the response, but the poster has said he's running Windows
> 2000 Prof and this is his workstation acting as a part-time test server
> for IIS, so I don't think that it's a good solution.
>
> I would suggest that he purchase the full server version for testing -
> can be purchased cheap (free if you don't mind the 120 day demo) and
> design on that platform.
>
> As for securing it - a router with NAT and then IP security (for server
> version) will cover what he needs... As long as he takes the proper
> steps to SECURE the OS as outlined in MS articles.
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)