Setting up TCP/IP filtering: Difference between revisions
From NEOSYS Technical Support Wiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
Line 2: | Line 2: | ||
All dedicated Neosys client servers which are installed in future will have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering. | All dedicated Neosys client servers which are installed in future will have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering. | ||
Note: | |||
#Despite Windows telling you that it is necessary to reboot to activate any changes, it is probably NOT necessary. | |||
#Don't do changes while critical users are working or you cannot get power cycle the server since changing filtering sometimes causes network failure. | |||
The following ports need to be opened when TCP/IP filtering is enabled: | The following ports need to be opened when TCP/IP filtering is enabled: |
Revision as of 13:59, 25 June 2008
Tcp/ip filtering is a simple but effective firewall but cannot distinguish between incoming and outgoing traffic or do port forwarding.
All dedicated Neosys client servers which are installed in future will have TCP/IP filtering enabled and we will drop installation of anti-virus programs. However it the client has a workgroup anti-virus installation than it can be installed in addition to TCP/IP filtering.
Note:
- Despite Windows telling you that it is necessary to reboot to activate any changes, it is probably NOT necessary.
- Don't do changes while critical users are working or you cannot get power cycle the server since changing filtering sometimes causes network failure.
The following ports need to be opened when TCP/IP filtering is enabled:
- 80/8123 web
- 443/4430 secure web
- 22/19580 ssh
- 25/2500 smtp
- 5500/55000 vnc reverse connection
and optionally
- 3389/33890 rdc
- 5900/59000 vnc
On our own NEOSYS server, some standard ports which need to be opened:
- 21 standard ftp
- 80 standard http
- 443 standard https
- 3389 standard remote desktop connection
NEOSYS non-standard ports
- 2500 neosys smtp
- 4430 neosys https port
- 55000 neosys ultravnc reverse connection
- 19580 neosys ssh port
- 8000 neosys wiki
TCP/IP properties, advanced, options