TCP/IP Filtering Problem

Toggle sidebar Toggle sidebar
S

Scott

Distinguished
Apr 1, 2004
1,356
0
19,280
Archived from groups: microsoft.public.win2000.security (More info?)

I am trying to setup TCP/IP filtering on some 2k and XP workstations.
Putting in the proper TCP ports I have no problem logging on and getting
around the network. If I add UDP ports to allow I cannot log on to the
network. It can not find DCs and DNS servers. I have put in all the ports I
can think of with no luck (53, 88, 123, 137, 138, 389, 500, 4500, 1035, plus
more). Any Ideas?
--
Thanks for your help!!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi Scott,

This article may help:

Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/?kbid=832017

I am not sure what exactly your already configured but don't forget to open:
* high TCP ports (1024-65536)
* GC TCP 3269 and 3268
....

--
Mike
Microsoft MVP - Windows Security


"Scott" <Scott@discussions.microsoft.com> wrote in message
news:0EA8B176-C30D-4EF4-9E7E-76F5B1257EF5@microsoft.com...
>I am trying to setup TCP/IP filtering on some 2k and XP workstations.
> Putting in the proper TCP ports I have no problem logging on and getting
> around the network. If I add UDP ports to allow I cannot log on to the
> network. It can not find DCs and DNS servers. I have put in all the
> ports I
> can think of with no luck (53, 88, 123, 137, 138, 389, 500, 4500, 1035,
> plus
> more). Any Ideas?
> --
> Thanks for your help!!
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

TCP/IP filtering is stateful for TCP but not for UDP. Also keep in mind
that TCP/IP filtering only filters inbound traffic. The ports you are
entering are "server" ports such as for dns and kerberos which a workstation
would not be a server for. Your main problem is that the UDP filtering is
not allowing return traffic from it's dns requests which would be an
unprivileged above 1024 port. Ipsec filtering would be a better option than
TCP/IP filtering for what you are trying to do if you have a need to manage
UDP traffic also. The link below explains more on ipsec filtering
olicy. --- Steve

http://www.securityfocus.com/infocus/1559

"Scott" <Scott@discussions.microsoft.com> wrote in message
news:0EA8B176-C30D-4EF4-9E7E-76F5B1257EF5@microsoft.com...
>I am trying to setup TCP/IP filtering on some 2k and XP workstations.
> Putting in the proper TCP ports I have no problem logging on and getting
> around the network. If I add UDP ports to allow I cannot log on to the
> network. It can not find DCs and DNS servers. I have put in all the
> ports I
> can think of with no luck (53, 88, 123, 137, 138, 389, 500, 4500, 1035,
> plus
> more). Any Ideas?
> --
> Thanks for your help!!
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom