I just recently set up internet connection sharing on a windows 2000 server similar to what you're asking to do. When I set up ICS windows changed the IP address of that nic to something like 169.0.0.1. If you create a DHCP scope to assign all your clients addresses starting at 169.0.0.2 ( or whatever your nic address is), that's the first step. Second step is set the gateway to 169.0.0.1 in the scope (again this is whatever the ip address is on your nic), finally, set either the dns server to be the ISP dns server in your DHCP scope, or configure your windows 2000 server to resolve dns queries for the clients and configure the dhcp scope for the dns server to be your windows 2000 server address 169.0.0.1. You'll get some protection here because your systems are being natted but your windows 2000 server is open. You can remove two services from the internet nic- file and print sharing and Microsoft client to increase security somewhat. The last thing to do would be to start filtering packets like someone previously pointed out.
Btw. I agree with the others that setting up a linux firewall is more secure and easier in the long run to manage. Harold -----Original Message----- From: dave [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 11, 2003 6:40 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Making a W2K with Internet Connection Sharing secure Sarbjit, Actually you could use TCP/IP Filtering it is only turned on or off for all adapters, the settings per-adapter is unique to that adapter. For more granular control you can download PktFilter from http://www.hsc.fr/ressources/outils/index.html.en You can thank Jean-Baptiste Marchand for that free tool it is fairly easy to set up and use. Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -----Original Message----- From: Mike Moore [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 09, 2003 22:04 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Making a W2K with Internet Connection Sharing secure If you can come up with a very low end pc take a look at www.ipcop.org . It's a free Linux firewall that is very good in my opinion. They have a great mailing list for support. Then go here http://www.ipcop.org/cgi-bin/twiki/view/IPCop/IPCopDGHowto for Dan's Guardian a URL filtering application that works with IPCop. Then the W2K server and all workstations are protected. Just a thought. Mike > -----Original Message----- > From: Sarbjit Singh Gill [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 07, 2003 10:06 PM > To: [EMAIL PROTECTED] > Subject: Making a W2K with Internet Connection Sharing secure > > > Greetings, > > I am a part of a group of volunnteers who help with > teaching underprivileged kids in orphanages. > > we had some donation of softwares from Microsoft and > hardware from HP and DSL connectivity from a local > telco. > > The setup looks something like this : > DSL modem connected to a multi homed Windows 2000 > Server. The W2K box is then sharing the ADSL > connection via Internet Connection Sharing to the LAN > made up of 10-25 PC running W98,WME and W2K Pro. > > I need somekind of proxy/NAT/firewalling and URL > filtering capabilities on the W2K. They have to be > free. We are sourcing for some netscreen stuff but do > not know when it will come in. > > I can't use IP filtering in W2k as it affects all > adapters. The LAN PCs use the server as a DC for > policies and authentication. > > Right now the W2K server is connected to the internet > with no security whatsoever. > > Thanks in advance. > > Gill > > > Sarbjit Singh Gill > [EMAIL PROTECTED] > > Powered by Gee! - Wireless Access Anywhere > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003