DarrylBuck
asked on
Blocking Local network IPs from accessing a server
What is the best, and simplist way to block local network IPs from accessing a local server.
thanks in advance
thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
best is relitive... but windows has the ipsec firewall filters built in that work quite well. The "good" thing about the ipsec firewall on M$ is that the necessary port's for AD are allowed to pass with out restriction. This however is not good if the firewall is facing the internet, but this has been updated and the default allowed ports can be blocked by using a key in the registry.
Ipsec Firewall howto:
http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.mspx
Unsecured traffic http://support.microsoft.com/kb/253169/EN-US/
Exemptions removed http://support.microsoft.com/kb/810207/EN-US/
The firewall in M$ 2003 server (service pack 1 beta btw) works very well also.
-rich
Ipsec Firewall howto:
http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.mspx
Unsecured traffic http://support.microsoft.com/kb/253169/EN-US/
Exemptions removed http://support.microsoft.com/kb/810207/EN-US/
The firewall in M$ 2003 server (service pack 1 beta btw) works very well also.
-rich
2nd best answer is... put up a firewall and filter them out
> block local network IPs from accessing a local server
Best answer, if you have a server you want no one to use, unplug it.
answer three, use multiple LANs. Users with good access separate physically from users without authorized access
> block local network IPs from accessing a local server
Best answer, if you have a server you want no one to use, unplug it.
answer three, use multiple LANs. Users with good access separate physically from users without authorized access
ASKER
Thanks for your input, I think I will go with the firewall solution, I was just seeing what other options there maybe
on the computers you don't want accessing the server. This will send the request to the fake IP therefore never making it to the server. you can even put it in a logon script
Shawn