Advice on setting up a firewall for a Windows Domain Controller
rob0 at gmx.co.uk
Wed Oct 12 20:17:24 CEST 2005
On Wednesday 2005-October-12 12:04, Zacky wrote:
> While I have set up firewalls in the past,
Out of curiosity ... what kinds of firewalls were these?
> I'm not very familiar with Windows networks and I would like to
> hear your opinions on how to go about setting up the firewall.
What in particular are you asking? Sorry, I don't see a question in
that. Just to be certain we're staying on topic, this is the Linux
netfilter list. We assume that you've already chosen a Linux router as
your firewall. If you're asking about alternatives to Linux and
netfilter, you're not in the right place.
> Here's some info about the network. The DC and all the 25 Windows
> XP desktops that connect to the DC have public IP addresses,
What a waste! Your Linux box is routing to all these IP's, I guess?
> but only the DC has a FQDN.
Meaning what, a name that resolves in DNS? How is that significant?
> The requirement is to keep the desktops' public IP
> addresses and just move the DC behind the firewall.
So only the DC is behind the Linux router? You want Windows desktop
machines on routable public IP addresses with no firewall? Is that
wise? Sounds like a formula for disaster. What is the reasoning behind
> Again, any tips will be greatly appreciated.
I'll try, but it's not easy.
Windows desktops are fundamentally insecure. They'll get infected and
start spewing spam. You definitely want to restrict their outbound SMTP
Level with me ... I have absolutely no respect for "schools" and thus
have no qualms with assisting someone with a stupid assignment. Is
that what this is?
 But if you want me to do the work for you, trust me, you cannot
afford my rates.
 Unless of course you can. :)
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
More information about the netfilter