Setting up TCP/IP filtering: Difference between revisions

From NEOSYS Technical Support Wiki
Jump to navigationJump to search
No edit summary
No edit summary
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Tcp/ip filtering is a simple but effective firewall but cannot distinguish between incoming and outgoing traffic or do port forwarding.
Before setting up TCP/IP filtering, configure the network connection to only Internet Protocol Version 4 (TCP/IPv4).


All dedicated Neosys client servers which are installed in future will have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering.
TCP/IP filtering is a feature available only in Windows 2003 and is not present in Windows 2008 - for which you will have to use [[Setting up Windows Firewall]]


The following ports need to be opened when TCP/IP filtering is enabled:
TCP/IP filtering is a simple but effective firewall but only blocks incoming ports and not outgoing ports. All dedicated Neosys client servers need to have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering.


*80/8123    web
Note:
*443/4430    secure web
#Reboot is necessary for changes to be effective.
*22/19580    ssh
#Don't do changes either a) while critical users are working or b) you cannot get to power cycle the server. Changing filtering sometimes causes network failure requiring manual intervention.
*25/2500    smtp
*5500/55000  vnc reverse connection


and optionally
The following ports need to be opened when TCP/IP filtering is enabled for client servers:
*3389/33890    rdc
*5900/59000    vnc


 
*80
On our own NEOSYS server, some standard ports which need to be opened:
*443
 
*2500
*21 standard ftp
*3389
*80 standard http
*4430
*443 standard https
*19580
*3389 standard remote desktop connection
*55000
 
*55001
NEOSYS non-standard ports
*55002
 
*2500 neosys smtp
*4430 neosys https port
*55000 neosys ultravnc reverse connection
*19580 neosys ssh port
*8000 neosys wiki


TCP/IP properties, advanced, options
TCP/IP properties, advanced, options


[[Image:tcpipfiltering1.png]]
[[Image:tcpipfiltering1.png]]

Latest revision as of 08:44, 28 February 2013

Before setting up TCP/IP filtering, configure the network connection to only Internet Protocol Version 4 (TCP/IPv4).

TCP/IP filtering is a feature available only in Windows 2003 and is not present in Windows 2008 - for which you will have to use Setting up Windows Firewall

TCP/IP filtering is a simple but effective firewall but only blocks incoming ports and not outgoing ports. All dedicated Neosys client servers need to have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering.

Note:

  1. Reboot is necessary for changes to be effective.
  2. Don't do changes either a) while critical users are working or b) you cannot get to power cycle the server. Changing filtering sometimes causes network failure requiring manual intervention.

The following ports need to be opened when TCP/IP filtering is enabled for client servers:

  • 80
  • 443
  • 2500
  • 3389
  • 4430
  • 19580
  • 55000
  • 55001
  • 55002

TCP/IP properties, advanced, options

Tcpipfiltering1.png

Retrieved from "https://techwiki.neosys.com/index.php?title=Setting_up_TCP/IP_filtering&oldid=1225"