Re: RRAS router with ICF requires port/ip mapping?

• Previous message: David Cross [MS]: "Re: Windows 2003 with third partu CA"
• In reply to: Ondřej Ševeček: "Re: RRAS router with ICF requires port/ip mapping?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 30 Oct 2004 18:04:54 -0500

I have not used them enough to know but my guess is that it is stateful.
Tcp/ip filtering is stateful for tcp but not udp. At least with the choice
for inbound and outbound filters, you could configure both if need be to
allow access for proper port/protocol similar to an ipsec mirrored filter
entry.. --- Steve

"Ondřej Ševeček" <ondra_at_sevecek_dt_com> wrote in message
news:eTHvE%23pvEHA.2804@TK2MSFTNGP14.phx.gbl...
>I suppose, packet filtering is the same NON-state filtering as can be
> achieved with TCP/IP filters on Network Adapter configuration, right? So
> e.g. DNS responses (generally UDP) are dropped.
>
> O.
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:eczgcMgvEHA.2876@TK2MSFTNGP12.phx.gbl...
>> ICF does not have that option but since you are using rras you might try
> to
>> configure packet filtering on your interface. Go to IP routing/general
>> and
>> select your network interface. Then select properties/general and
> configure
>> inbound and outbound filters to see if that works for you. --- Steve
>>
>>
>> "Ondrej Sevecek" <ondra_at_sevecek_dt_com> wrote in message
>> news:%23BETVgYvEHA.4072@TK2MSFTNGP15.phx.gbl...
>> > Hello,
>> >
>> > I would like only to enable ICF for RRAS router (not NAT) and to set up
>> > allowed ports and some ICMP traffic passing through.
>> >
>> > But the configuration allowes me to only set up MAPPING of ports to
>> > some
>> > internal network address. Is there some option to create ICF filter to
>> > pass all traffic targeted to the port regardless the target host
> address?
>> >
>> > O.
>> >
>> >
>> >
>>
>>
>
>

• Previous message: David Cross [MS]: "Re: Windows 2003 with third partu CA"
• In reply to: Ondřej Ševeček: "Re: RRAS router with ICF requires port/ip mapping?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: MSN Messenger Behind a NATting IPtables Firewall ... Usually stateful works like this: ... What I meant was that if you're only doing that, and not filtering the ports ... comes in and goes out on certain ports, so it filters based on the port #. ... A port filtering firewall would look more like this: ... (comp.os.linux.networking) Re: MSN Messenger Behind a NATting IPtables Firewall ... Usually stateful works like this: ... What I meant was that if you're only doing that, and not filtering the ports ... comes in and goes out on certain ports, so it filters based on the port #. ... A port filtering firewall would look more like this: ... (comp.os.linux.security) Re: two-way forest trust issue ... UDP 389 first lists as Listening or Filtered. ... filtering via tcp/ip. ... I have a Forest two-way trust, all DC's running w2k3 sp1 R2. ... (microsoft.public.windows.server.active_directory) Re: TCP/IP Filtering Problem ... Unlike tcp/ip filtering for TCP, filtering for UDP is not "stateful" in that the ... dns name resolution FROM your server. ... I have it set so that the following TCP ports are ... (microsoft.public.win2000.security) Re: TCP/IP Filtering ... IPsec filtering, NOT the TCP/IP filtering feature. ... Generally, TCP and UDP connections use two port numbers, not just one... ... See below for more info and links about both TCP/IP Filtering and IPsec ... (microsoft.public.win2000.security)