• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1181
  • Last Modified:

SBS 2003 Firewall problem

Running Windows SBS 2003

We have a VPN running on this server, how ever i do want to access the NIC card property to remove all setting for the firewall, but it would not let me in the property, here is the error message "could not start the windows firewall/internet connection ICS service on the local computer. The requested resource is in use. error 170 component (Ipnat.sys).
Thank you





0
nannig3
Asked:
nannig3
  • 5
  • 4
  • 3
  • +1
1 Solution
 
Rob WilliamsCommented:
That message indicates another service is enabled which overrides the firewall, in your case Routing and Remote Access, for the VPN. The "Windows Firewall" as we know it is disabled as a result by default. RRAS has a basic NAT firewall that can be enabled, but it will not block by port.
0
 
knightrider2k2Commented:
If RRAS is running on your server and you want to block protocols/ports, I think you can go to RRAS
IP routing-->General
On the right side of the windows right click the network interface and go to properties. Click Inbound or Outbound filters, and you can block ports there.

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
"how ever i do want to access the NIC card property to remove all setting for the firewall"

There are no firewall settings on a NIC.  But assuming you want to remove ANY firewall from SBS the questions would then be:

Why?

What are you trying to accomplish?

Jeff
TechSoEasy
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
nannig3Author Commented:
I'm having problems with vpn not connecting. I think the problem is with the firewall blocking me from access the server
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Okay... this is a classic example of asking the wrong question.  You should never ask a question based on an assumption without clearly describing what the problem is and why your asking.  Because otherwise we'll all waste a ton of time here...

If you are haveing problems with the vpn connecting, then you need to say,

"I'm having problems connecting to the server by VPN.  The EXACT error message that I'm getting is ___________.  I believe this may be caused by the firewall.  Do you think that's possible?  If so, how do I fix it?"

Because then at least we know what the true problem is.   Since the VPN in SBS is configured by the "Configure Remote Access Wizard" and this configures the firewall automatically, it's almost impossible that the second half of your "revised" question would be your problem.

We can then focus on the EXACT error message you got...

So please tell us what that was.

Jeff
TechSoEasy
0
 
nannig3Author Commented:
TechSoEasy
Welcome?  You sure didn't make me feel welcome.
 This was my first time on  this website.  After receiving your reply to my question, I feel this is not the kind of website I want. You will probably not ever see me on this site again.
0
 
Rob WilliamsCommented:
Ignoring the politics here, the main issue is; nannig3, were you able to resolve your problem?
Jeff can occasionally come on a bit strong, no offense Jeff, but there is no one here who will go to greater lengths to assist with the proper solution to your problem, and he has the know how to do it. Glad to have you aboard nannig3, and hope you will hang around.

I too would question that knightrider2k2's suggestion solved the VPN problem, though it was a reply to your question. I don't believe even though filters show a heading for ports, there is any way to add them. Filters are generally for source and destination filtering by protocol, rather than ports. Also, it is highly unlikely any filters were in place.

Can we help you further with the VPN issue?
If the VPN is not connecting do you receive an error #, such as 800, 691, 721, etc.?
Also with SBS it is important to configure the VPN using the "Configure remote access" and "Create remote connection disk" wizards. If not familiar with these, you might want to have a look at the following site:

Let us know if we can be of any further help.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
nanniq3,

I fully acknowledge that I came on WAY too strong and really hope that you know that my apology is sincere.  

Jeff
TechSoEasy

0
 
Rob WilliamsCommented:
JUst noticed I forgot the link in previous post, it was late:
http://www.lan-2-wan.com/SBS-VPN-instr.htm
0
 
knightrider2k2Commented:
Hi

I agree that my response probably didn't helped him. At the time I posted my reply, there was no mention of ports being blocked. I barely told him that if he wants to block traffic on a port he can do that. Please read my post.

Robwill
Now, I could be wrong, please correct me if I am. On the RRAS If I want to block incoming traffic on port TCP 4500, I would create an incoming filter as follows
Source               Destination                  Protocol                  SourcePort            DestinationPort
0.0.0.0                0.0.0.0                         TCP                         any                          4500


Will this not block the port?

And yes
 



0
 
knightrider2k2Commented:
And yes, It is possible to specify ports.

>>>>I don't believe even though filters show a heading for ports, there is any way to add them

0
 
Rob WilliamsCommented:
Sorry knightrider2k2, not tying to give you a hard time. I know the filters show those headings, but when I actually tried to create a new filter, it didn't give me the option to choose a port. On the system I checked at the time, you could only choose source and destination ports, their respective subnets, and a protocol. The port was not an option. I thought this was interesting as the heading for port is present. Maybe something peculiar about the system I checked. I don't have access to a RRAS server, but will check later.
0
 
Rob WilliamsCommented:
Ah, just looked it up. If you choose protocol "any", port options are not present. Selecting a specific protocol, will then open a new dialog box, allowing you to choose ports as well. Guess that actually makes sense. My mistake. Sorry.
0
 
knightrider2k2Commented:
I just checked. If you select TCP portocol, it brings two more boxes with destinastion and source port.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now