Microsoft KB Archive/166371

= Windows NT 4.0 Does Not Filter Ports Destined for Remote Segments =

Article ID: 166371

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Server 4.0 Standard Edition

-



This article was previously published under Q166371



SUMMARY
Windows NT 4.0 Transmission Control Protocol/Internet Protocol (TCP/IP) advanced security does not allow for the creation of a firewall.



MORE INFORMATION
Although Windows NT 4.0 offers TCP/IP port filtering, port filtering only filters ports destined for the local computer that is entering the card that has restricted ports. If Internet Protocol (IP) Forwarding is enabled, the TCP/IP packets are forwarded as needed, and then filtered (if enabled) at the receiving end.

For example:

Assume you have 3 computers, A, B, and C, running FTP Server and computer B is multihomed, connecting the other 2 machines.

If computer B is configured to permit only ports TCP 139, and UDP 137 & 138 (NetBIOS), then it would seem that none of the clients could FTP to each other. However, in this example, A and C can FTP to each other, but neither computer can FTP to B. Windows NT by itself is not designed to be used as a firewall, however, additional software (from Microsoft and other vendors) can be used to add this functionality.

Additional query words: howto prodnt router route forward pass thru through proxy

Keywords: kbinfo KB166371

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.