Using IPSec on 2000 Server to create a firewall
#1
Scooby Regular
Thread Starter
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Using IPSec on 2000 Server to create a firewall
I found this rather interesting article, describing how to use IPsec in 2000 to setup a firewall, very handy, no need for firewall software.
I've followed the information and configured things so that all incoming and outgoing traffic is blocked. Now I'm wanting to open things up, specifically, I want to allow the machine to be able to surf the web, but something isn't quite right as I can't seem to allow this.
I've downloaded the firewall.ipsec file on that site and imported it and yet it still won't allow me to surf the internet using IE.
Can anyone tell me what I need to configure to allow this.
I've followed the information and configured things so that all incoming and outgoing traffic is blocked. Now I'm wanting to open things up, specifically, I want to allow the machine to be able to surf the web, but something isn't quite right as I can't seem to allow this.
I've downloaded the firewall.ipsec file on that site and imported it and yet it still won't allow me to surf the internet using IE.
Can anyone tell me what I need to configure to allow this.
#2
I use this on my colo box.
I've created an entry called
"20,21,80,110,443 outbound"
Each one of those ports is set up in it as mirrored tcp
Source Port Any
Destination port (20,21,80,110 or 443)
Source address (my ip address)
Destination address (any ip address)
Then go in to filter action and select "permit"
Just dont open the ports you dont need.
J
I've created an entry called
"20,21,80,110,443 outbound"
Each one of those ports is set up in it as mirrored tcp
Source Port Any
Destination port (20,21,80,110 or 443)
Source address (my ip address)
Destination address (any ip address)
Then go in to filter action and select "permit"
Just dont open the ports you dont need.
J
#3
Scooby Regular
Thread Starter
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for that. I was sure I was doing that, but it did not seem to work. I've tried it again just now and it's working perfectly. Have to say I'm very impressed, plus saves me having to purchase firewall software.
#4
Scooby Regular
At best this is a packet filter (and not a very good one) and at worst it gives you the impression of security while having none. If what you are "protecting" is of any value at all, get yourself a proper stateful inspection firewall.
#5
Scooby Regular
Thread Starter
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
If it's filtering and blocking packets, both incoming and outgoing then surely it's doing something beneficial? If you're also running AV and Anti Spyware on the machine to protect against other intrusions then would that not make a good enough suite of security?
#6
Scooby Regular
It's worth what you paid for it, it's a free piece of software for an 9 year old OS with more holes than swiss cheese, just don't expect it to stop anything or anyone.
Thread
Thread Starter
Forum
Replies
Last Post
Sam Witwicky
Engine Management and ECU Remapping
17
13 November 2015 10:49 AM