Re: TCP/IP Filtering - can't browse Internet

From: Kevin D. Goodknecht Sr. (admin_at_LSAOL.nospam.NET)
Date: 01/29/03 

Date: Wed, 29 Jan 2003 10:51:44 -0600

Sphinx,
Using the port filter on the interface usually does not work because it does
not allow for port redirection on outbound connections. If you are using it
purely as a server and outbound connections are not required, the interface
filter is very good in that case, but most servers are not used in that
fashion. Most will require outbound connections on a port that is blocked.
You do have the option to use the "poor mans firewall", RRAS. Or you can
purchase one.
As long as no one ever uses this server as a workstation (i.e. browsing the
net, running applications that access the net, running commands and so on),
RRAS works very well IMO.
Read this article:
254018 - How to Configure Input Filters for Services That Run Behind Network
Address Translation
http://support.microsoft.com/default.aspx?scid=kb;en-us;254018
That being said RRAS is not meant to be a firewall because it cannot
differentiate between what applications are allowed internet access or not.
What it does do is allow or deny inbound/outbound connections based purely
on the ports and/or IP addresses being accessed to and/or from.

ZoneAlarm is highly touted by it's maker and others, to be able to
differentiate what applications you have allowed and disallowed access to
and, by default disallows all programs until you tell it to allow access
in/out. 

--
HTH Please post back your results.
--
Kevin D4Dad Goodknecht Sr.
--
"Sphinx" <DIESPAMDIEsphinx@attbi.com> wrote in message
news:tJIZ9.75486$Ve4.6238@sccrnsc03...
> Hello, folks.
>
> I just enabled TCP/IP filtering on my W2k Server box. I allowed the
> following protocols on both TCP and UDP: ports 20, 21, 53, 80. I can
connect
> to the server's FTP contents, but I cannot browse the Internet from the
> server.
>
> Can anyone tell me why that is?
>
> Thanks!
>
>

Relevant Pages

  • Re: Assistance Setting up IP Filtering in a 2003 Routing Remote Access Server
    ... and music streaming servers use port 80 for streaming. ... How can I filter out this non work related traffic? ... Routing server: Windows 2003 server standard w/two NICs on external to ... Workstation Internet Access: ...
    (microsoft.public.windows.server.networking)
  • Re: WebServer 2003 domain relay settings
    ... The IP address is allowed to make outbound connections via port 25 through ... so my isp DNS lookups are working. ... So how do you alter the MX records in windows server 2003 web edition? ... TCP port 25? ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Explain this one- ITs BAAACCCCKKK!
    ... very slowly, when the main server was very slow or didn't work), cept for a ... specific slowdowns is if Comcast was trying to filter port 80 traffic, ... or that users were somehow overusing port 80. ... You can watch the signal levels ...
    (alt.internet.wireless)
  • Re: TCP/IP Filtering - cant browse Internet
    ... Using the port filter on the interface usually does not work because it does ... not allow for port redirection on outbound connections. ... As long as no one ever uses this server as a workstation (i.e. browsing the ...
    (microsoft.public.win2000.security)
  • RE: ISA configuration - BlackBerry Enterprise Server on SBS2K
    ... Also, from what I know of BES, it is not recommended to install/run that on ... that into consideration as you configure your server as well. ... | BES needs outbound access on port 3101 to BlackBerry's ... | Filter applies to: Default external interface IPs ...
    (microsoft.public.backoffice.smallbiz2000)