Port Filter in Win2000

Hi,

I have some problem to configure Port Filter in Win2000.

I find this document :

http://support.microsoft.com/default.aspx?scid=kb;en-us;816792

but these information are wrong. I try to filter ICMP messages, but no success. I filter all packet IP but I can ping my machine.

I have another problem. I cannot surf the web, because when I set up Filter Port, my windows cannot resolve DNS. I have permit port for DNS, but I can only surf with ip address.

Is there a good boy that can help me ?

Thanks a lot.

 

Are you running Win2003? That article for the link you posted is specific to that OS.

ICMP packets won't be affected by any filters you put in place for TCP or UDP packets. Take a look Here for a good, short article on ICMP and how to protect your network.

I have another problem. I cannot surf the web, because when I set up Filter Port, my windows cannot resolve DNS. I have permit port for DNS, but I can only surf with ip address.

Exactly how did you set this up?

 

I'm running win2000

This is the article for win2000 os :

http://support.microsoft.com/default.aspx?scid=kb;EN-US;309798

This article says that i can block ICMP, but doesn' work:
< Note You cannot block ICMP messages, even if you select Permit Only in the IP Protocols column and then you do not include IP protocol 1. >

I permit this port :

53, 80, 445 (and I try 1 and 3) tcp and udp, but I cannot resolve hostname. I can surf only with ip number.
Why ?

 

Please do the following and post the contents of the text file you will create to this thread. Please do not hide any of the information.

start~run~cmd followed by ipconfig /all > c:\config.txt

 

Here the result :



Configurazione IP di Windows 2000



Nome host . . . . . . . . . . . : anonimus
Suffisso DNS primario . . . . . :
Tipo nodo . . . . . . . . . . . : Trasmissione

IP Routing abilitato. . . . . . : No

WINS Proxy abilitato. . . . . . : No


- Scheda Ethernet Connessione alla rete locale:



Suffisso DNS specifico connessione:
Descrizione . . . . . . . . . . : 3Com EtherLink XL PCI Combo NIC (3C900B-COMBO) #2
Indirizzo fisico. . . . . . . . : 00-10-5A-31-9C-E9

DHCP abilitato . . . . . . . . . : No

Indirizzo IP. . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Gateway predefinito . . . . . . . : 192.168.1.1

Server DNS. . . . . . . . . . . : 195.129.12.83


I try to set up my machine directly with public ip, but I have not success.

 

Code:

Indirizzo IP. . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Gateway predefinito . . . . . . . : 192.168.1.1
Server DNS. . . . . . . . . . . : 195.129.12.83

What device is at 192.168.1.1? It will be something acting as a router - either a dedicated router device or another PC if you are using ICS.

What happens if you connect your PC directly to the broadband modem?

 

This test was behind a router.
I try to set up my machine directly to internet, bypass my router, but I have the same problem. I cannot resolve hostname, and so I cannot update my windows.

 

I try to set up only TCP port filter, and now I have no problem to resolve hostname. But I would like to set up UDP port also.

I know that hostname use port 53 for udp and tcp, but in this case windows what's UDp port use to resolve hostname ?

 

Anyone have find a solution ?

Can UDP port have some bugs, or I can stay secure if I cannot use filter on it ?