The information in this article applies to:
SUMMARY
Microsoft Proxy Server is a network application that does not require
routing. Operationally, this means that every packet that is transmitted
to or from the proxy server is either sourced or destined with the proxy
server's IP address.
MORE INFORMATION
For Microsoft Proxy Server, or any other application service, to work
securely with Routing and Remote Access Services you must configure input
and output filters for local host traffic. These filters are configured
using the Routing and Remote Access Administrator tool.
Adding Local Host FiltersA local host filter enables your computer to receive only traffic destined for the computer. A local host filter works by enabling users to access your computer, but not to route through your computer. After this filter is set, only traffic destined for this host will be allowed in the interface.In this example, your Proxy server is configured with an Internet IP address of 192.168.1.1, with a subnet mask of 255.255.255.0. To add local host filters:
Configuring your Proxy Server/Routing and Remote Access server like this will also allow your server to now act as a PPTP server so that PPTP clients on the Internet can access your internal LAN. For additional information, please see the following article(s) in the Microsoft Knowledge Base: Q161410 How to Set Up a Private Network Over the Internet Using PPTP Adding Advanced FiltersIf you would like to make your Proxy Server's Internet connection more secure than this, you can remove the Input filter that allows any packets address directly to your Proxy server and add individual input filters for each type of packet you would like to allow.For example, you may want your Proxy server to only service WWW requests from Proxy clients on the LAN. To do this, you would remove the Input filter you added earlier with the Destination IP address of 192.168.1.1. Then you would add an Input filter allowing packets with the Destination IP address of 192.168.1.1, Protocol TCP, Source port 80, and Destination port 0. You would also have to add a second Input filter allowing packets with the Destination IP address of 192.168.1.1, Protocol UDP, Source port 53, and Destination port 0. This will allow the Proxy Server to resolve Internet names using DNS. If you want Proxy clients to be able to use additional Proxy services, you would have to add Input filters allowing the correct protocol and port number that each service uses. If you want PPTP clients to be able to connect to your internal LAN, then you would need to add PPTP filters. For additional information, please see the following article(s) in the Microsoft Knowledge Base: Q169890 Enable PPTP Filtering Option No Longer Works Additional query words: rras
Keywords : kbnetwork nthowto nttcp ntrouter NTSrv |
Last Reviewed: February 19, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |