Advice on setting up a firewall for a Windows Domain Controller

[/dev/rob0]

On Wednesday 2005-October-12 12:04, Zacky wrote:
> While I have set up firewalls in the past,

Out of curiosity ... what kinds of firewalls were these?

> I'm not very familiar with Windows networks and I would like to
> hear your opinions on how to go about setting up the firewall.

What in particular are you asking? Sorry, I don't see a question in 
that. Just to be certain we're staying on topic, this is the Linux 
netfilter list. We assume that you've already chosen a Linux router as 
your firewall. If you're asking about alternatives to Linux and 
netfilter, you're not in the right place.

> Here's some info about the network. The DC and all the 25 Windows
> XP desktops that connect to the DC have public IP addresses,

What a waste! Your Linux box is routing to all these IP's, I guess?

> but only the DC has a FQDN.

Meaning what, a name that resolves in DNS? How is that significant?

> The requirement is to keep the desktops' public IP 
> addresses and just move the DC behind the firewall.

So only the DC is behind the Linux router? You want Windows desktop 
machines on routable public IP addresses with no firewall? Is that 
wise? Sounds like a formula for disaster. What is the reasoning behind 
that decision?

> Again, any tips will be greatly appreciated.

I'll try, but it's not easy.

Windows desktops are fundamentally insecure. They'll get infected and 
start spewing spam. You definitely want to restrict their outbound SMTP 
access.

Level with me ... I have absolutely no respect for "schools" and thus 
have no qualms with assisting someone with a stupid assignment.[1] Is 
that what this is?



[1] But if you want me to do the work for you, trust me, you cannot 
afford my rates.[2]
[2] Unless of course you can. :)
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header