Sign in with
Sign up | Sign in
Your question

ICS Firewall and Terminal services

Last response: in Windows 2000/NT
Share
Anonymous
March 6, 2005 2:29:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I have a remote machine running 2003 Server. The only access I have with
this machine is through Terminal services via the internet. It has two
network interfaces with 5 IP addresses (.80, .82, .83) and (.81, .84). I
have opened port 3389 on both interfaces. However I only have access on .83:
The others are all blocked by ICS.

When I look at the PfFirewall log for blocked accesses it looks like the
terminal services client are using a random external port with an internal
port of 3389. The external port being blocked Example of log entries:

2005-03-06 10:16:43 DROP TCP x.x.x.173 x.x.x.81 1318 3389 48 S 715726595 0
65535 - - -

2005-03-06 10:19:05 DROP TCP x.x.x.173 x.x.x.80 1329 3389 48 S 3884051858 0
65535 - - -

2005-03-06 10:35:57 DROP TCP x.x.x.173 x.x.x.82 1373 3389 48 S 714900859 0
65535 - - -

specific IP addresses removed out for security reasons.

What is actually going on and how can I fix this so the terminal services
client can access the server from all ip addresses rather than just the .83
IP address?


--
Mark Turner
Anonymous
March 6, 2005 6:39:05 PM

Archived from groups: microsoft.public.win2000.security (More info?)

A few KB that may be of interest:

http://support.microsoft.com/default.aspx?scid=kb;en-us;555031
http://support.microsoft.com/default.aspx?scid=kb;en-us;885187
http://support.microsoft.com/default.aspx?scid=kb;en-us;326945

Do let us know if it helps. Thanks!


"P5-133XL" wrote:

> I have a remote machine running 2003 Server. The only access I have with
> this machine is through Terminal services via the internet. It has two
> network interfaces with 5 IP addresses (.80, .82, .83) and (.81, .84). I
> have opened port 3389 on both interfaces. However I only have access on .83:
> The others are all blocked by ICS.
>
> When I look at the PfFirewall log for blocked accesses it looks like the
> terminal services client are using a random external port with an internal
> port of 3389. The external port being blocked Example of log entries:
>
> 2005-03-06 10:16:43 DROP TCP x.x.x.173 x.x.x.81 1318 3389 48 S 715726595 0
> 65535 - - -
>
> 2005-03-06 10:19:05 DROP TCP x.x.x.173 x.x.x.80 1329 3389 48 S 3884051858 0
> 65535 - - -
>
> 2005-03-06 10:35:57 DROP TCP x.x.x.173 x.x.x.82 1373 3389 48 S 714900859 0
> 65535 - - -
>
> specific IP addresses removed out for security reasons.
>
> What is actually going on and how can I fix this so the terminal services
> client can access the server from all ip addresses rather than just the .83
> IP address?
>
>
> --
> Mark Turner
!