TCP/IP Filtering Problem

[George Jewell]

Hello,

I'm trying to lock down a Win2K server (Svc. Pak 4) for use as a web server
and want to be as thorough as possible. I'd like to use TCP/IP Filtering,
but have run into a snag. I have it set so that the following TCP ports are
permitted: 21, 25, 53, and 80; and also UDP port 53. The problem is that it
seems name resolution is not working. I can ping sites by IP address but not
DNS names. Also, sending mail with the SMTP server does not work, and adds
this entry to the system log: "message delivery to the remote domain
<domain> failed for the following reason: destination server does not
exist."

When I allow all UDP ports, everything works fine. Obviously there are a few
other UDP ports I must allow - does anyone have any suggestions as to which
ports to open? Thanks.

 

[Phillip Windell]

Windows 2000 Security Hardening Guide: Overview
http://www.microsoft.com/technet/security/prodtech/win2000/win2khg/default.mspx

Microsoft Security: IIS 5.0 Baseline Security Checklist
http://www.microsoft.com/technet/Security/chklist/iis5cl.mspx

Microsoft TechNet: Security How-tos
http://www.microsoft.com/technet/itsolutions/howto/sechow.mspx

 

[Phillip Windell]

Sorry, I should have gave a little commentary with my other post. I think
you are taking the wrong approach. The articles I included in that other
post give you the right direction to move in. There is a whole *lot* more to
security than fooling around with the TCP/IP Protocol. TCP/IP only involve
Layers 3&4 of the OSI model,...and there is a whole lot more to networking
than that. You need to think in a "bigger picture".