Re: To IPSec Packet Filter OR Not To IPSec Packet Filter - that is the question

From: Cherry Qian (cherryq_at_online.microsoft.com)
Date: 07/26/03 

Date: Sat, 26 Jul 2003 08:34:37 GMT

Hi Bill,

Thank you for the posting again.

Remote Procedure Call (RPC) dynamic port allocation is used by remote
administration applications such as Dynamic Host Configuration Protocol
(DHCP) Manager, Windows Internet Name Service (WINS) Manager, and so on.
RPC dynamic port allocation will instruct the RPC program to use a
particular random port above 1024.

Customers using firewalls may want to control which ports RPC is using so
that their firewall router can be configured to forward only these
Transmission Control Protocol (TCP) ports.

The following registry entries apply to Windows NT 4.0 and above. They do
not apply to previous versions of Windows NT. Even though you can configure
the port used by the client to communicate with the server, the client must
be able to reach the server by its actual IP address. You cannot use DCOM
through firewalls that do address translation (e.g. where a client connects
to virtual address 198.252.145.1, which the firewall maps transparently to
the server's actual address of, say, 192.100.81.101). This is because DCOM
stores raw IP addresses in the interface marshaling packets and if the
client cannot connect to the address specified in the packet, it will not
work.

As for more information and detailed step-by-step procudure to do so,
please refer to the following knowledge base article:

154596 HOWTO: Configure RPC Dynamic Port Allocation to Work with Firewall
http://support.microsoft.com/?id=154596

300083 HOWTO: Restrict TCP/IP Ports on Windows 2000 and Windows XP
http://support.microsoft.com/?id=300083

Hope the above information and suggestion helps and answres your question.
If anythign is uclear, please let me know.

Sincerely,
 
Cherry Qian
MCSE2000, MCSA2000, MCDBA2000
Microsoft Partner Online Support
 
 
Get Secure! - www.microsoft.com/security
 
====================================================
When responding to posts, please Reply to Group via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided AS IS with no warranties, and confers no rights.

Relevant Pages

  • RPC disabled in default profile....
    ... Do this to clean your computer just dont disable rpc thats ... Then immediately turn-on Windows XP's built-in Firewall: ... ***Install a good firewall. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Firewall Windows 2003 Server SP1
    ... Ich mach einfach SMB, RPC, LDAP, etc zu, dann kann mich keiner ... Ich meinte eigentlich das hier bzgl. der dynamischen Ports bezogen auf die ... In früheren Windows-Versionen wurde die RPC-Kommunikation von der Windows ... Firewall blockiert. ...
    (microsoft.public.de.german.windows.server.networking)
  • Re: RPC Problems
    ... next RPC countdown begins. ... sure you've enabled a firewall before starting, ... W32.Blaster.Worm Removal Tool ... >I have Windows XP Home edition, I signed up for the MSN ...
    (microsoft.public.windowsxp.newusers)
  • Re: computer shut down notice....1 min
    ... We need to stop the RPC service restarting the PC, ... Scroll down for the Remote Procedure Call (RPC) service and double ... Download a firewall. ... The Windows XP firewall ...
    (microsoft.public.security)
  • Re: =?ISO-8859-15?Q?Datentr=E4gerverwaltung=2FDer_RPC=2DServer_ist_nicht_verf=FCgbar?=
    ... previous experience shows that a minimum of 100 ports should ... because several system services rely on these RPC ports to ... > für eine Windows XP Arbeitsstation reicht? ... Firewall blockiert. ...
    (microsoft.public.de.german.windowsxp.networking)