Closing ports using NAT

[Howard]

This is on a home/test environment. One AD Win2K server with DHCP and
DNS (AD). One dual homed member server (also Win2K server ) running
RRAS NAT. This member server has a standalone DNS (primary public DNS
server). DNS and DHCP are disabled in NAT since I already have those
services through my other server. Everything works, all clients in
the domain can access the internet.

The problem is that a port scanner shows the following ports open:
53, 135, 139, 389, 445, 1002, 1046, etc...

Can MS NAT block all ports? I only need port 53 open (my public DNS)
and in the near future, ports 25 & 80. I know I can map static routes
based on ports, but can I close unwanted ones? Do I still need to
purchase a separate firewall to block all ports?

Previously, I was using a program called Winroute (similar to Wingate)
for internet sharing (also nat). Winroute closed all ports by
default. Can this be done with MS NAT?

BTW, I got rid of Winroute cause I'm studying for my MS exams and want
to get hands on experience with RRAS.

Thanks,

Howard

 

[Sandeep Rikhi [MSFT]]

Howard

You can set enable Firewall and write your custom InBound / OutBound
Filters. That will do the needful for you.

Sandeep Rikhi
Microsoft Corporation
--------------------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
--------------------------------------------------------------------------

This is on a home/test environment. One AD Win2K server with DHCP and
DNS (AD). One dual homed member server (also Win2K server ) running
RRAS NAT. This member server has a standalone DNS (primary public DNS
server). DNS and DHCP are disabled in NAT since I already have those
services through my other server. Everything works, all clients in
the domain can access the internet.

The problem is that a port scanner shows the following ports open:
53, 135, 139, 389, 445, 1002, 1046, etc...

Can MS NAT block all ports? I only need port 53 open (my public DNS)
and in the near future, ports 25 & 80. I know I can map static routes
based on ports, but can I close unwanted ones? Do I still need to
purchase a separate firewall to block all ports?

Previously, I was using a program called Winroute (similar to Wingate)
for internet sharing (also nat). Winroute closed all ports by
default. Can this be done with MS NAT?

BTW, I got rid of Winroute cause I'm studying for my MS exams and want
to get hands on experience with RRAS.

Thanks,

Howard

 

[Howard]

Thanks for the response. But how do you set enable the Fireswall in
Win2K server? I know XP has this capability, but Win2K?

Or do you mean just purchase a separate Firewall? So there's no way
of blocking ports through the Windows NAT?

Thanks again,

Hamid

Howard

You can set enable Firewall and write your custom InBound / OutBound
Filters. That will do the needful for you.

Sandeep Rikhi
Microsoft Corporation

 

[Sandeep Rikhi [MSFT]]

Oops... !!!!
I mistook your question for Win2k3 where we have firewall options in RRAS
itself. for win 2k server, you may want to look at articles available at
http://www.microsoft.com/technet/tr...=/technet/security/topics/network/default.asp
http://www.microsoft.com/technet/tr...ol/windows2000serv/deploy/depopt/mspraswp.asp
--
Sandeep Rikhi
Microsoft Corporation
--------------------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
--------------------------------------------------------------------------

Thanks for the response. But how do you set enable the Fireswall in
Win2K server? I know XP has this capability, but Win2K?

Or do you mean just purchase a separate Firewall? So there's no way
of blocking ports through the Windows NAT?

Thanks again,

Hamid

Howard

You can set enable Firewall and write your custom InBound / OutBound
Filters. That will do the needful for you.

Sandeep Rikhi
Microsoft Corporation

rights

--------------------------------------------------------------------------