Packet filtering
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Packet filtering
Routing and Remote Access supports IP packet filtering, which specifies what type of traffic is allowed into and out of the router. The packet filtering feature is based on exceptions. You can set packet filters per interface and configure them to do one of the following:
Pass through all traffic except packets prohibited by filters.
Discard all traffic except packets allowed by filters.
For more information about packet filtering, see Manage Packet Filters.
For detailed information about IP packet filtering, including examples of filtering configurations and fragmentation filtering, see "Part One: Routing" at the Microsoft® Windows® Resource Kits Web site.
Protocols and Ports for Packet Filtering
The following table details some of the common ports and protocols that you might want to allow, depending on your remote access configuration. Not all ports listed here might be required for your remote access server. For example, if you are allowing only Layer Two Tunneling Protocol (L2TP), you would not configure a filter for Point-to-Point Tunneling Protocol (PPTP). Similarly, this table might not contain all of the ports that your specific network needs.
Ports Used for Protocols
| Protocol | Port | Used For |
|---|---|---|
TCP |
25 |
Simple Mail Transfer Protocol (SMTP) |
TCP |
67 |
Dynamic Host Control Protocol (DHCP) (if the remote access server uses an external DHCP server) |
TCP |
80 |
World Wide Web (HyperText Transfer Protocol (HTTP)) |
TCP |
110 |
Post Office Protocol, version 3 (POP3) |
TCP |
1701 |
L2TP |
TCP |
1723 |
PPTP |
TCP |
7250 |
Network Access Quarantine Control (Remote Access Quarantine Client (RQC) messages from client computers) |
UDP |
53 |
Domain Name Service (DNS) (for name resolution of external Web sites) |
UDP |
67 |
DHCP (if the remote access server uses an external DHCP server) |
UDP |
500 |
Internet Protocol Security (IPSec) |
UDP |
1701 |
L2TP |
UDP |
1723 |
PPTP |
UDP |
4500 |
IPSec with network address translation (NAT) |
47 |
Generic Routing Encapsulation (GRE) |
|
50 |
Encapsulating Security Payload (ESP) (for firewalls that use NAT traversal [NAT-T]) |
Note
- To support Windows Update, you must allow TCP traffic to travel inbound and outbound on port 80 and UDP traffic to travel inbound and outbound on port 53. Depending on your network configuration, you might have to configure these filters on your remote access server, on your firewall, or both.
See Also
Concepts
Basic Firewall Help: Windows Firewall Set L2TP over IPSec input filters Set PPTP input filters