ICS Firewall and Terminal services

Archived from groups: microsoft.public.win2000.security (More info?)

I have a remote machine running 2003 Server. The only access I have with
this machine is through Terminal services via the internet. It has two
network interfaces with 5 IP addresses (.80, .82, .83) and (.81, .84). I
have opened port 3389 on both interfaces. However I only have access on .83:
The others are all blocked by ICS.

When I look at the PfFirewall log for blocked accesses it looks like the
terminal services client are using a random external port with an internal
port of 3389. The external port being blocked Example of log entries:

2005-03-06 10:16:43 DROP TCP x.x.x.173 x.x.x.81 1318 3389 48 S 715726595 0
65535 - - -

2005-03-06 10:19:05 DROP TCP x.x.x.173 x.x.x.80 1329 3389 48 S 3884051858 0
65535 - - -

2005-03-06 10:35:57 DROP TCP x.x.x.173 x.x.x.82 1373 3389 48 S 714900859 0
65535 - - -

specific IP addresses removed out for security reasons.

What is actually going on and how can I fix this so the terminal services
client can access the server from all ip addresses rather than just the .83
IP address?


--
Mark Turner
1 answer Last reply
More about firewall terminal services
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    A few KB that may be of interest:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;555031
    http://support.microsoft.com/default.aspx?scid=kb;en-us;885187
    http://support.microsoft.com/default.aspx?scid=kb;en-us;326945

    Do let us know if it helps. Thanks!


    "P5-133XL" wrote:

    > I have a remote machine running 2003 Server. The only access I have with
    > this machine is through Terminal services via the internet. It has two
    > network interfaces with 5 IP addresses (.80, .82, .83) and (.81, .84). I
    > have opened port 3389 on both interfaces. However I only have access on .83:
    > The others are all blocked by ICS.
    >
    > When I look at the PfFirewall log for blocked accesses it looks like the
    > terminal services client are using a random external port with an internal
    > port of 3389. The external port being blocked Example of log entries:
    >
    > 2005-03-06 10:16:43 DROP TCP x.x.x.173 x.x.x.81 1318 3389 48 S 715726595 0
    > 65535 - - -
    >
    > 2005-03-06 10:19:05 DROP TCP x.x.x.173 x.x.x.80 1329 3389 48 S 3884051858 0
    > 65535 - - -
    >
    > 2005-03-06 10:35:57 DROP TCP x.x.x.173 x.x.x.82 1373 3389 48 S 714900859 0
    > 65535 - - -
    >
    > specific IP addresses removed out for security reasons.
    >
    > What is actually going on and how can I fix this so the terminal services
    > client can access the server from all ip addresses rather than just the .83
    > IP address?
    >
    >
    > --
    > Mark Turner
Ask a new question

Read More

Terminal Firewalls Windows