Basic Firewall - ports that should be close are open...

I'm a newbie to basic firewall...
I have a win2003 server with IIS running some low traffic sites and
windows file sharing (port 139). I would like to use the server also as
vpn server (extremely low traffic) so i tried to configure RRAS and
Basic Firewall (i turned off windows firewall).
I configured NAT/Basic firewall to manage the public interface and I
checked the Basic Firewall radio button. I configured the exceptions on
the public interface via the Services and Ports tab in order to publish
ports 80, 139, 3389. For 80 and 3389 there was altready an entry, for
139 i added a new entry following other services pattern (the private
address is the same as the public address and incoming port is the same
as outcoming port).
Results:
The port 21 is open also if the service/port entry is not checked.
The port 139 is stealthed and there's no way to open it.
Ports 80 and 3389 are working correctly.

What about 21 (that should be closed) and 139 (that should be open)?

There is a basic and very simple rule for configuring firewalls:

1. Close all ports
2. Open only 1 port needed to access one of your services on the
firewall/internal network
3. Repeat step 3 for each service that needs to be accessible from outside.

--
Dmitry Korolyov [(E-Mail Removed)]
MVP: Windows Server - Directory Services


"Gabriele" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> I'm a newbie to basic firewall...
> I have a win2003 server with IIS running some low traffic sites and
> windows file sharing (port 139). I would like to use the server also as
> vpn server (extremely low traffic) so i tried to configure RRAS and
> Basic Firewall (i turned off windows firewall).
> I configured NAT/Basic firewall to manage the public interface and I
> checked the Basic Firewall radio button. I configured the exceptions on
> the public interface via the Services and Ports tab in order to publish
> ports 80, 139, 3389. For 80 and 3389 there was altready an entry, for
> 139 i added a new entry following other services pattern (the private
> address is the same as the public address and incoming port is the same
> as outcoming port).
> Results:
> The port 21 is open also if the service/port entry is not checked.
> The port 139 is stealthed and there's no way to open it.
> Ports 80 and 3389 are working correctly.
>
> What about 21 (that should be closed) and 139 (that should be open)?
>

That was the idea... The checking or unchecking FTP Service entry has
no effect on the firewall (port 21 always open); checking or unchecking
Netbios service has no effect (port 139 always closed).

Any other suggestion?

Thanks,
Gabriele

Well, I'm not quite sure about built-in firewall's features in details, but
they worked fine for me. How did you check the ports? nmap or something
alike?

--
Dmitry Korolyov [(E-Mail Removed)]
MVP: Windows Server - Directory Services


"Gabriele" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> That was the idea... The checking or unchecking FTP Service entry has
> no effect on the firewall (port 21 always open); checking or unchecking
> Netbios service has no effect (port 139 always closed).
>
> Any other suggestion?
>
> Thanks,
> Gabriele
>

Go into "Scope" under the rule "Edit" function and you will probably see
that you are only affecting the scope you have defined by changing your
settings.

-Frank

"Gabriele" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> I'm a newbie to basic firewall...
> I have a win2003 server with IIS running some low traffic sites and
> windows file sharing (port 139). I would like to use the server also as
> vpn server (extremely low traffic) so i tried to configure RRAS and
> Basic Firewall (i turned off windows firewall).
> I configured NAT/Basic firewall to manage the public interface and I
> checked the Basic Firewall radio button. I configured the exceptions on
> the public interface via the Services and Ports tab in order to publish
> ports 80, 139, 3389. For 80 and 3389 there was altready an entry, for
> 139 i added a new entry following other services pattern (the private
> address is the same as the public address and incoming port is the same
> as outcoming port).
> Results:
> The port 21 is open also if the service/port entry is not checked.
> The port 139 is stealthed and there's no way to open it.
> Ports 80 and 3389 are working correctly.
>
> What about 21 (that should be closed) and 139 (that should be open)?
>