Setting up TCP/IP filtering: Difference between revisions

From NEOSYS Technical Support Wiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
Tcp/ip filtering is a simple but effective firewall but cannot distinguish between incoming and outgoing traffic or do port forwarding.
Tcp/ip filtering is a simple but effective firewall but only blocks incoming ports and not outgoing ports. All dedicated Neosys client servers need to have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering.
 
All dedicated Neosys client servers which are installed in future will have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering.


Note:
Note:
#Despite Windows telling you that it is necessary to reboot to activate any changes, it is possibly not necessary. This means that for example, when adding allowable ports you might be able to skip the reboot.
#Reboot is necessary for changes to be effective.
#Don't do changes either a) while critical users are working or b) you cannot get to power cycle the server. Changing filtering sometimes causes network failure requiring manual intervention.
#Don't do changes either a) while critical users are working or b) you cannot get to power cycle the server. Changing filtering sometimes causes network failure requiring manual intervention.


The following ports need to be opened when TCP/IP filtering is enabled:
The following ports need to be opened when TCP/IP filtering is enabled for client servers:
 
*80/8123    web
*443/4430    secure web
*22/19580    ssh
*25/2500    smtp
*5500/55000  vnc reverse connection
*53          dns
 
and optionally
*3389/33890    rdc
*5900/59000    vnc
 
 
On our own NEOSYS server, some standard ports which need to be opened:
 
*21 standard ftp
*80 standard http
*443 standard https
*3389 standard remote desktop connection
 
NEOSYS non-standard ports


*2500 neosys smtp
*80
*4430 neosys https port
*443
*55000 neosys ultravnc reverse connection
*2500
*19580 neosys ssh port
*3389
*8000 neosys wiki
*4430
*19580
*55000
*55001
*55002


TCP/IP properties, advanced, options
TCP/IP properties, advanced, options


[[Image:tcpipfiltering1.png]]
[[Image:tcpipfiltering1.png]]

Revision as of 08:21, 11 February 2010

Tcp/ip filtering is a simple but effective firewall but only blocks incoming ports and not outgoing ports. All dedicated Neosys client servers need to have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering.

Note:

  1. Reboot is necessary for changes to be effective.
  2. Don't do changes either a) while critical users are working or b) you cannot get to power cycle the server. Changing filtering sometimes causes network failure requiring manual intervention.

The following ports need to be opened when TCP/IP filtering is enabled for client servers:

  • 80
  • 443
  • 2500
  • 3389
  • 4430
  • 19580
  • 55000
  • 55001
  • 55002

TCP/IP properties, advanced, options

Tcpipfiltering1.png

Retrieved from "https://techwiki.neosys.com/index.php?title=Setting_up_TCP/IP_filtering&oldid=496"