I would think that you should allow 3389, 21 and 80 only from your IP = address, then deny everything else but port 80 (and SMTP or SSL if = needed) for all other IPs. Also allow all outbound connections. This = is similar to what I do at our remote hosting location. It is easier to = do with a hardware firewall but works fine with this kind of filtering. -----Original Message----- From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx] Sent: Monday, December 16, 2002 11:36 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: IPSec Then you'd have to open port 21 also. I permit only TCP Ports 21, 25, = 80 and 3389 since I use no SSL on mine. I make sure that all login (both successful and denied) are logged in my event log and monitor them from day to day to make sure no one is trying = to FTP or TS into my server unauthorized.=20 JK -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Rob Combis Sent: Monday, December 16, 2002 11:28 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: IPSec Ray- Yes, that is what you want to do. (ssl port=3D3D443) However I would use FTP to upload files, not Windows file/print sharing. Rob -----Original Message----- From: Costanzo, Ray [mailto:rcostanzo@xxxxxxxxxxx] Sent: Monday, December 16, 2002 11:24 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: IPSec My ideal setup is: Only port 80 and 229 (ssl, right?) BUT allow any port if requesting IP is my IP. Ray at work =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm