Port filtering PPTP connections

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hello,
I have a situation where i need to restrict my PPTP users to only TCP80. I
have not been able to find any combination of filters that accomplishes this.

Windows 2000 Server, No AD, No IAS. One interface behind a firewall/router.
LAN IP: 192.168.1.50, PPTP DHCP Pool 172.16.16.0.

Can anyone offer any advice?
 
Thank you for your reply. Let me clarify; e.g. Remote Call Center Application
hosted on IIS with MS SQL backend (yes I know I need TCP 1433 open for SQL
but I was only saying TCP 80 for simplicity. Users from all over the world
connect and use the software using home PCs. The PCs I do not control, they
could and probably do contain malicious software and viruses that will attack
the PPTP server. This is why I want to RESTRICT TRAFFIC THROUGH THE PPTP
TUNNEL to only TCP 80 and TCP 1433.
--
-Dan


Janani said:
Hi,
The PPTP protocol requires TCP port 1723 and also IP protocol 47 (GRE) for
establishing connections. It is not possible to restrict the PPTP
connections to TCP port 80.

--
Thanks,
Janani [MSFT]
http://blogs.msdn.com/jananiv

RRAS team blog : http://blogs.msdn.com/rrasblog
---------------------------------------------------------------------------
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Twins11142005 said:
Hello,
I have a situation where i need to restrict my PPTP users to only TCP80. I
have not been able to find any combination of filters that accomplishes
this.

Windows 2000 Server, No AD, No IAS. One interface behind a
firewall/router.
LAN IP: 192.168.1.50, PPTP DHCP Pool 172.16.16.0.

Can anyone offer any advice?
Click to expand...
Click to expand...
 
No one knows how to secure a PPTP tunnel to only 2 TCP Ports?? This seems
like a very easy thing to do. Deny all, allow TCP 80 and 1433.

If it is impossible please tell me, thanks!
--
-Dan


Twins11142005 said:
Thank you for your reply. Let me clarify; e.g. Remote Call Center Application
hosted on IIS with MS SQL backend (yes I know I need TCP 1433 open for SQL
but I was only saying TCP 80 for simplicity. Users from all over the world
connect and use the software using home PCs. The PCs I do not control, they
could and probably do contain malicious software and viruses that will attack
the PPTP server. This is why I want to RESTRICT TRAFFIC THROUGH THE PPTP
TUNNEL to only TCP 80 and TCP 1433.
--
-Dan


Janani said:
Hi,
The PPTP protocol requires TCP port 1723 and also IP protocol 47 (GRE) for
establishing connections. It is not possible to restrict the PPTP
connections to TCP port 80.

--
Thanks,
Janani [MSFT]
http://blogs.msdn.com/jananiv

RRAS team blog : http://blogs.msdn.com/rrasblog
---------------------------------------------------------------------------
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Twins11142005 said:
Hello,
I have a situation where i need to restrict my PPTP users to only TCP80. I
have not been able to find any combination of filters that accomplishes
this.

Windows 2000 Server, No AD, No IAS. One interface behind a
firewall/router.
LAN IP: 192.168.1.50, PPTP DHCP Pool 172.16.16.0.

Can anyone offer any advice?
Click to expand...
Click to expand...
Click to expand...
 
Ok. So you want your users who are connected to the network using PPTP to be
able to acces only port 80 on the RRAS server's private network. If this is
what you require, then you can enable IP Packet filters on the remote access
policies to allow only TCP port 80 and block rest. Refer the RRAS blog
http://blogs.msdn.com/rrasblog for details on this.

--
Thanks,
Janani [MSFT]
http://blogs.msdn.com/jananiv

RRAS team blog : http://blogs.msdn.com/rrasblog
---------------------------------------------------------------------------
"This posting is provided "AS IS" with no warranties, and confers no
rights."

Twins11142005 said:
No one knows how to secure a PPTP tunnel to only 2 TCP Ports?? This seems
like a very easy thing to do. Deny all, allow TCP 80 and 1433.

If it is impossible please tell me, thanks!
--
-Dan


Twins11142005 said:
Thank you for your reply. Let me clarify; e.g. Remote Call Center
Application
hosted on IIS with MS SQL backend (yes I know I need TCP 1433 open for
SQL
but I was only saying TCP 80 for simplicity. Users from all over the
world
connect and use the software using home PCs. The PCs I do not control,
they
could and probably do contain malicious software and viruses that will
attack
the PPTP server. This is why I want to RESTRICT TRAFFIC THROUGH THE PPTP
TUNNEL to only TCP 80 and TCP 1433.
--
-Dan


Janani said:
Hi,
The PPTP protocol requires TCP port 1723 and also IP protocol 47
(GRE) for
establishing connections. It is not possible to restrict the PPTP
connections to TCP port 80.

--
Thanks,
Janani [MSFT]
http://blogs.msdn.com/jananiv

RRAS team blog : http://blogs.msdn.com/rrasblog
---------------------------------------------------------------------------
"This posting is provided "AS IS" with no warranties, and confers no
rights."

"Twins11142005" <dan[at]csofmaine[dot]com> wrote in message
Hello,
I have a situation where i need to restrict my PPTP users to only
TCP80. I
have not been able to find any combination of filters that
accomplishes
this.

Windows 2000 Server, No AD, No IAS. One interface behind a
firewall/router.
LAN IP: 192.168.1.50, PPTP DHCP Pool 172.16.16.0.

Can anyone offer any advice?
Click to expand...
Click to expand...
Click to expand...
 
Back
Top