Your Server

Home > Dedicated Server Solutions Information > Dedicated Server Solutions Knowledge Base > Windows Firewall/Router?

Windows Firewall/Router?

Hi, I’ve been asked for work to setup a windows based firewall to sit in-between the internet and a small dedicated network we are setting up for visitors. Basically the setup should go : “Intenet” > “ADSL Modem router (netgear)” > “windows 2003svr box running firewall (with 2 network cards)” > “cisco switch” > “visitor PC/Laptops .etc” I can’t just use the routers built in firewall as it does not meet the companies audit/logging requirements. So far I have tried plugging the windows box into the switch and the router then bridging the Ethernet connections; this will allow traffic to pass through the server but not much else (making it a big glorified switch). I thought that by doing this I could use on the windows firewall to manage and log traffic on the bridge but it doesn’t... Additionally TCP/IP filtering (from advanced TCP/IP options) doesn’t seem to work on a windows bridge. Another Idea I’ve had (but haven’t tried) is to setup a new network on the server by running DNS/DHCP and setup windows routeing to have the netgear routers network and this new network talk. But it just seems like to much effort, I mean when using a packet analyzing tool like wireshark, I can see all the packets passing over the bridge I setup….. I just need to filter/log them? Any ideas?.... maybe an online guide(crosses fingers)? p.s. Please don’t suggest a Linux solution like smoothwall, I have already done this but I have to use a windows box apparently.

Public Comments

  1. Microsoft makes a product called ISA server: http://www.microsoft.com/forefront/edgesecurity/isaserver/en/us/default.aspx This will require you to have a dedicated machine with at least two NICs. There is tons of documentation out there so you could set it up on your own. This is the right product for the job and meets your companies requirements.
  2. Setup Internet Connection Sharing on the Server. This will make the server provide IP address for the network users. (select share this computers internet connection on the internet nic adapter properties, then give the network nic adapter properties a default ip address of 192.168.0.1 and reboot, it should be setup after that) Then install a software firewall. A really easy one would be Filseclab, once you install it, you can set the mode to ICS Internet Connection Sharing, then you wont have to configure anything else and the monitoring is great. I would recommend a different firewall though if you want excellent security.
Powered by Yahoo! Answers