Re: ICF problems win Win2003

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 11/21/03 

Date: Fri, 21 Nov 2003 01:02:17 -0800

If this server is multi-homed, then just enable ICF on the Public NIC and
not on the Private NIC

If this server has only one NIC and both the server and LAN are not behind a
firewall from the Router/Gateway, what you are trying to do is pretty
insecure and defeats running a firewall on the server.

There are two general topologies that you can consider for small-time
servers.
1. The server is dual-homed (i.e. "Gateway") on the broadband connection and
LAN, with a firewall running either on the server's external NIC or on any
local router-device upstream from the web server
2. The web server is an internal LAN server, and the Gateway must have logic
to either forward requests based on ports, host header, or IP address to and
from this internal LAN server

Both topologies allow unrestricted access by your LAN clients to the LAN
server's interface, and highly restricted external access to your server's
public interface. 

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Vincent Haakmat [393242]" <vhaakmat@nagico.com> wrote in message
news:ewIqSrrrDHA.560@TK2MSFTNGP11.phx.gbl...
I have an exchange server 2003 running on my win2003 server. Because it is
directly connected to the net i wanted to use ICF. But if I do, the other
computers on the LAN can't connect to it. WHich ports (UDP-IP) do I need to
enable so that the can still access normal file and print services from it?

Relevant Pages

  • Re: SMTP will not connect
    ... This webserver is outside of my office LAN. ... I have no idea how to see what's in the firewall, ... The server allows email sending and it receives emails. ... > That doesn't mean Exchange isn't being a mail server. ...
    (microsoft.public.exchange2000.admin)
  • Re: Security, Distributed firewalling application...long ;-)
    ... > redirected to internal IP space DMZ server running web-apps ... Do note that that's a lot of services to offer inside the LAN (instead ... firewall configuration, can be used to 'persuade' it to). ... Running an IDS on the local network. ...
    (Focus-Linux)
  • Re: Dual NIC Default Gateway Configuration
    ... This firewall opens ports for e-mail, ... The workstations on the LAN, ... The Windows 2003 SBS in question serves multiple ... mail server will bind to that IP address and that IP ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote Desktop
    ... I have recently added a second windows 2003 std server to ... were setup with names longer then 15-characters. ... >If you can't connect on LAN then it's not VPN problem. ... >firewall settings on clients e.g. disable firewall for a ...
    (microsoft.public.windowsxp.general)
  • Re: ICF problems win Win2003
    ... It's interesting to know why your ISP reckons you need another firewall. ... Have they actually proven that your Netgear has a vulnerability that opens ... Microsoft ISA Server on your Windows server. ... >> LAN, with a firewall running either on the server's external NIC or on ...
    (microsoft.public.windows.server.security)