As another list member mentioned, you enable routing via the registry. We learned from CP that using the RRAS to turn on routing doesn't work for FW-1. Here is the gist of the instructions:
4. Open the registry from command line by running the command "regedit" 5. Go to -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentContralSet\Services\Tcpip\Parameters 6. Change the value to "1" in the Dword key "IPEnableRouter" 7. Restart the machine I asked the same questioning about hardening Win2K recently and got these links as recommendations: http://nsa1.www.conxion.com/win2k/index.html http://www.systemexperts.com/tutors/hardenWin2K (someone else posted this today as well) http://nsa1.www.conxion.com/win2k/index.html http://csrc.nist.gov/itsec/guidance_W2Kpro.html#supporting_docs http://www.systemexperts.com/win2k/hardenW2K12.pdf http://www.shebeen.com/w2k/ http://online.securityfocus.com/infocus/1296 http://www.rtek2000.com/Tech/InternetSecureLinks.html#hard The rtek site above has links to about anything security related you could ask for. I found a lot about hardening the OS on this site. That should get you started on the hardening thing. Turning off the workstation service is definitely a good thing. >>> [EMAIL PROTECTED] 05/14/02 08:01PM >>> > In an effort to secure our FW-1 firewall running on Win2000 I disabled the >Workstation service. Further reading leads me to believe that I need to turn on IP >Forwarding, which is part of the Routing and Remote Access Service? In my case RRAS >is also off and when I tried to launch the RRAS GUI it complained that the >Workstation service was not running. > > What am I doing wrong? > > I have found documents referring to securing WinNT, but none about securing Win2000. >Can you direct me to one? > > Greg Schumacher > Computer Guy > DDB Seattle > 206-344-3324 Voice > 206-344-3329 Fax > www.ddbseattle.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
