E
ef
I would like to put a firewall between my WIN2003 servers
and XP clients.
Which ports do I need to open?
and XP clients.
Which ports do I need to open?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
Ken Briscoe
I would like to put a firewall between my WIN2003 servers
sounds like you shouldn't be in charge of any servers.
and XP clients.
Which ports do I need to open?
sounds like you shouldn't be in charge of any servers.
E
ef
Maybe you are right, yet can you please elaborate your
opinion..
Thanks.
opinion..
Thanks.
K
Ken Briscoe
I would like to put a firewall between my WIN2003
Good, I'm glad you didn't take offense to my comment. Firstly - surely you
*can* put a firewall between your clients and your server, but most of the
time, the firewall goes on the *outside*...that is, it protects the network
from unwanted internet traffic. Why you don't trust your clients is your
business, but this is not standard practice.
Secondly - You did not tell us what you are going to be doing (traffic-wise)
with the network. It's possible (but HIGHLY unlikely) that you'll need
*every* port open. It depends on what programs/services/protocols will be
creating traffic through your network. For example, if you're running a web
server, you'll need port 80 open (or 8080, or both). FTP server, ports 20
and 21. SMTP: port 119 I believe. If these ports are closed, you cannot
successfully run these services (using the default ports) on your server.
If you tell us what this server will be used for, we can make
reccomendations on what ports you'll need to have open and which ones you'll
need to close (well, we'll tell you which ones you need open, and make sure
the rest are closed).
servers
Maybe you are right, yet can you please elaborate your
opinion..
Thanks.
Good, I'm glad you didn't take offense to my comment. Firstly - surely you
*can* put a firewall between your clients and your server, but most of the
time, the firewall goes on the *outside*...that is, it protects the network
from unwanted internet traffic. Why you don't trust your clients is your
business, but this is not standard practice.
Secondly - You did not tell us what you are going to be doing (traffic-wise)
with the network. It's possible (but HIGHLY unlikely) that you'll need
*every* port open. It depends on what programs/services/protocols will be
creating traffic through your network. For example, if you're running a web
server, you'll need port 80 open (or 8080, or both). FTP server, ports 20
and 21. SMTP: port 119 I believe. If these ports are closed, you cannot
successfully run these services (using the default ports) on your server.
If you tell us what this server will be used for, we can make
reccomendations on what ports you'll need to have open and which ones you'll
need to close (well, we'll tell you which ones you need open, and make sure
the rest are closed).
P
Paul Russell
I am also interested in why you want this sort of setup? I can only assume
you want some sort of DMZ topology?
If you want a DMZ, I would lay it out in a the following hypothetical
layout.
| DMZ |
Private LAN
[ inet ] --- [ firewall1 ] ----- [ server ] ---- [ firewall2 ] ------ [
clients ]
Generally most people only use downstream filters on firewall to protect
from inbound traffic requests. In that scenario you wouldn't need to have
ports open on firewall 2 (and typicall 2) since your client to server
traffic is upstream and router is downstream filter protection.
If your want bi-directional protection (upstream/downstream) then you would
need to open ports on FW2. The problem in being able to enable this scenario
is that that these 40-150$ consumer devices from Linksys,Netgear, MS only
allow downstream protection today
If you have Windows PC as your firewall product than clearly you can do both
uni or bi-directional filters.
you want some sort of DMZ topology?
If you want a DMZ, I would lay it out in a the following hypothetical
layout.
| DMZ |
Private LAN
[ inet ] --- [ firewall1 ] ----- [ server ] ---- [ firewall2 ] ------ [
clients ]
Generally most people only use downstream filters on firewall to protect
from inbound traffic requests. In that scenario you wouldn't need to have
ports open on firewall 2 (and typicall 2) since your client to server
traffic is upstream and router is downstream filter protection.
If your want bi-directional protection (upstream/downstream) then you would
need to open ports on FW2. The problem in being able to enable this scenario
is that that these 40-150$ consumer devices from Linksys,Netgear, MS only
allow downstream protection today
If you have Windows PC as your firewall product than clearly you can do both
uni or bi-directional filters.