You can do this in W2K by going to Admin Tool-> Local Security Settings. = Then right click on IPSec security policies and select Manage IP filter = list. You can specify to and from IP addresses as well as ports. It is = a little tricky to get it to work but nonetheless works. I have used = this before and tested it pretty thoroughly. -----Original Message----- From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx] Sent: Monday, December 16, 2002 11:54 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: IPSec Yeah but you need a true firewall to do that. IP Filtering in W2k afaik = only lets you to either only permit or only deny the specified ports not to = or from access to individual IP addresses for specific ports. JK -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Rob Combis Sent: Monday, December 16, 2002 11:41 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: IPSec I would think that you should allow 3389, 21 and 80 only from your IP = =3D address, then deny everything else but port 80 (and SMTP or SSL if =3D needed) for all other IPs. Also allow all outbound connections. This = =3D is similar to what I do at our remote hosting location. It is easier to = =3D do with a hardware firewall but works fine with this kind of filtering. -----Original Message----- From: Jim Kenzig [mailto:jimkenz@xxxxxxxxxxxxxx] Sent: Monday, December 16, 2002 11:36 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: IPSec Then you'd have to open port 21 also. I permit only TCP Ports 21, 25, = =3D 80 and 3389 since I use no SSL on mine. I make sure that all login (both successful and denied) are logged in my event log and monitor them from day to day to make sure no one is trying = =3D to FTP or TS into my server unauthorized.=3D20 JK -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Rob Combis Sent: Monday, December 16, 2002 11:28 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: IPSec Ray- Yes, that is what you want to do. (ssl port=3D3D3D443) However I would use FTP to upload files, not Windows file/print sharing. Rob =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ================================== To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm