Blocking Internet

[obliviux]

Hi,

I am setting up a Group Policy to use IPSEC on a local machine.
I created a rule that blocks all TCP trafic on ports 80 and 443. This works fine. I also created a rule to all all trafic to our internal prive subnet 172.17.0.0/16 but when browsing our local network response is very slow. It takes almost a minute to bring up our intranet. I followed the directions at the following link

http://www.petri.co.il/block_web_browsing_with_ipsec.htm

thanks,

Jeremy

 

[bcastner]

I assume you meant this URL:

http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm

The article is slightly confusing because "intranet" refers to a web server and not the LAN itself.

The following ports are associated with file sharing and server message block (SMB) communications for the LAN and will need to be opened (in both directions):

• Microsoft file sharing SMB: User Datagram Protocol (UDP) ports 135, 136, 137, 138 and 139 and Transmission Control Protocol (TCP) ports 135, 136, 137, 138 and 139.

• Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).

 

[obliviux]

Yes you are correct by referring to the url

http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm

If I understand correctly I need to make IPSEC rules to follow your bullet points?

Regarding the following;
• Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
Do I need to create this rule a certain way since its NetBIOS or can I just create TCP and UDP rules for port 225?

thanks

jeremy

 

[bcastner]

Just create rules allowing both way traffic for both TCP and UDP on port 445.

 

[linney]

Slow network browsing in Windows XP

http://www.ss64.com/nt/slow_browsing.html