Enable TCP/IP Filtering on Windows 2003 Server

November 27, 2006 / General Discussion

Connect to the Windows 2003 Server with Remote Desktop Login to the Server.
Go to Start -> Control Panel -> Network Connections -> Local Area Connection

Click on “Properties,” then navigate to “Internet Protocol (TCP/IP)” and click on “Properties.” From there, access the “Advanced” settings and click on the “Options” tab.

Highlight TCP/IP filtering and then click properties
Check the box labeled “Enable TCP/IP Filtering (All adapters)” At this point, you should select the TCP/UDP/IP Ports and Protocols necessary to operate the server. You will select “Permit Only” and list the ports or protocols you will permit to pass through the filter.

For example:

TCP Ports
20 – FTP
21 – FTP
25 – SMTP
53 – DNS
80 – HTTP
110 – POP3
443 – HTTPS
3389 – RDP – Remote Desktop Connection
!!!!IF YOU DON’T DO THIS, YOU WILL NOT BE ABLE TO GET BACK INTO THE SERVER!!!!
8080 – Urchin Webserver
19638 – Ensim
8098 – TCP port for default-installed Web management

UDP Ports
53 – DNS

IP Protocols
1 – ICMP (Optional – Used for ping and other administrative packets)
6 – TCP
17 – UDP

Select OK, OK, OK, OK, then Yes to REBOOT

CAUTION
Failure to follow this correctly could require manual intervention to enable you to reconnect to the system.

NOTE

Ensim creates anonymous ftp connections for each domain and uses a nonstandard port number for each site starting at around 10003. If you will be supporting anonymous ftp on name-based sites with these numbers, you will need to enable the TCP ports used by each site that will use anonymous ftp on name-based sites.

Advice to people that have enabled the Embedded 2k3 STD Firewall is to take it down if they want to add additional IPs to their boxes as the TCP-IP config does not behave correctly. After you close it, add the 2 extra ips, restart and enable the firewall again

Get the adapter/computer to recognize the extra IP

Login to remote desktop

  1. Start – Settings – Control Panel – double click on Network Connections
  2. Right click on Local Area Connection and choose Properties
  3. Scroll down to Internet Protocol (TCP/IP) select it, and click Properties
  4. Click the Advanced tab at the bottom right
  5. You will see your current IP address. Click ADD and add the two IP addresses with the correct Subnet Mask provided to them by RS.
  6. Click OK on all windows, and the network service should restart. If not, reboot. They should be assigned after that.

Hope you enjoyed reading it. Enable TCP/IP Filtering on Windows 2003 Server. You can contact the bodHOST support team at any anytime.