Inbound filter for preventing access to certain ports except from local subnet

[mdahshan]

Hello,

I am trying to set up an inbound filter to block access to certain
ports except when accessed from the same subnet. For example, I need to
drop all packets received to port 80 except when the src addr is
192.168.25.0 / 255.255.255.0.

Can this be done using the RAS?

Thank you.

Mostafa

 

[Bill Grant]

Filters in RRAS are configured per interface. Does the local traffic on
192.168.25.0 reach the server on the same interface as other traffic?

The normal situation is to set packet filters on the public interface
only. If you block port 80 on the public interface it does not affect http
on the local LAN using the private interface.

 

[Mostafa]

Hi Bill,

It is actually a public interface which is the only active interface. I
am just using the 192 IP for explanation. As far as I know, the only
way to do a filter with exception is using ICF (Windows Firewall). I
was hoping it can be done using RRAS.

Thank you for your reply.

 

[Bill Grant]

You can certainly set up packet filters in RRAS. From the RRAS console,
go to IP Routing|General and look at the properties of the NIC. You will see
a button to configure Input Filters. Take care if you use the "block all
traffic except.." option.