×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

@Hamilton

The problem, from what I heard, is that if you use Win2k's built-in packet filter to close all the ports, the system would not function properly. In other words,

dennis2(Dennis)
you'll have to keep some ports open for it to carry out normal operation. The 3rd party firewall, on the other hand, stays in front of Win2k's TCP/IP stack, so it can close those ports from outside while allows those ports open from inside to keep Win2k happy.

For the DNS proxy thing, I would assume it's a cache DNS server that may forward request to the ISP's DNS server. If ISP's DNS server is not available, it still can operate on its own. Since it's a canned configuration which means the user does not have to change anything, it'd better be a cache DNS server. Otherwise, if the ISP's DNS server is not available, the user wouldn't be able to get on to the Internet.

Anyways, that's just my thought and it could be wrong.
(#922775@0)
Last Updated: 2002-12-18
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / IT杂谈 / 有一个LAN, SERVER 是WINDOWS 2000 ADVANCED SERVER, 它有二个网卡, 一个网卡连INTERNET, 另一个网卡通过HUB与LAN连接. 请问怎样在SERVER上实现INTERNET SHARING, 使LAN上的其它机器(运行WIN2000 PROFESSIONAL)共享INTERNET? 谢谢先. -walleyecn(walleyecn); 2002-12-17 (#921429@0)
    • up -walleyecn(walleyecn); 2002-12-17 (#921441@0)
    • 祝贺你, 硬件搞定, 剩下的去help查Internet connection sharing -dahuaidan(不懂); 2002-12-17 (#921442@0)
    • up, 急啊! 怎么没人回答? -walleyecn(walleyecn); 2002-12-17 (#921460@0)
      • easy! just "shareing the WAN NIC interface". And do not forgetting to give a suitable IP address for your LAN interface. That's it. -whitetiger(whitetiger); 2002-12-17 (#921470@0)
        • BTW, Infact, you can just use one physical interface for both WAN and LAN stuff. -whitetiger(whitetiger); 2002-12-17 (#921476@0)
        • 怎样SHARE? 可不可以具体一些? -walleyecn(walleyecn); 2002-12-17 (#921485@0)
          • If you know nothing, it's not so easy to wirte down here step by step , just try by yourself. and with help files. -whitetiger(whitetiger); 2002-12-19 (#923943@0)
    • 需要share的机器不多的话,用internet connection sharing. 多的话用NAT. -stars2000(Stars); 2002-12-17 (#921468@0)
      • In fact,"sharing WAN stuff" under windows environment, the server does "PAT". -whitetiger(whitetiger); 2002-12-17 (#921481@0)
        • but you can't give suitable ip address for lan interface, it is fixed and given by server :192.168.0.1 -stars2000(Stars); 2002-12-17 (#921494@0)
          • Under this situation(of course, you shoule go with PPPoE), You get LAN interface and one VIRTUAL PPPoE interface. assigning the LAN interface with a IP address like 192.168.0.1.. -whitetiger(whitetiger); 2002-12-19 {166} (#923940@0)
            picking up a LAN ip segement from (10.0.0.0/8 172.16-31.0.0/16, 192.168.0.0/24).
            the PPPoE should be given dynamicly by your ISP.
            Then sharing the PPPoE interface..
      • LAN 上有DOMAIN CONTROLLER, DNS, DHCP SERVER, 不能用INTERNET SHARING. -walleyecn(walleyecn); 2002-12-18 (#921606@0)
        • up, 怎么办? -walleyecn(walleyecn); 2002-12-18 (#921621@0)
          • try to install PROXY server at your server machine,and let the browsers in LAN set conneting internet throught proxy -donway(donway); 2002-12-18 (#922837@0)
        • 这种情况只能用NAT---network address translation. 2000 server 带 NAT server. -stars2000(Stars); 2002-12-18 (#921700@0)
      • What's the difference between "internet connection sharing" and NAT? -dennis2(Dennis); 2002-12-18 (#921779@0)
        • :)) -heian(黑暗㊣电池工作3小时); 2002-12-18 (#921780@0)
        • ICS is the simple wizard include NAT, DHCP. Windows remote access and route has more power. for Windows 2000 Server , u can do that, i am not sure pro has that function. here is the link -bjduck(北京烤鸭); 2002-12-18 (#921887@0)
          • So "ICS" is actually a canned configuration which includes NAT, DHCP, DNS proxy (shouldn't it be a cache DNS server?) and a fixed IP address (192.168.0.1) for the internal interface, right? -dennis2(Dennis); 2002-12-18 {267} (#922683@0)
            Now I understand what stars2000 is talking about. If you don't want this canned configuration and want more control over it, you configure NAT seperately.

            Anyways, I would never put Windows machines directly on the Internet without any firewalling from 3rd party.
            • one question, what is firewall? just software to config port,ip TCP/UTP? if that way, windows 2000 has that function. -bjduck(北京烤鸭); 2002-12-18 {75} (#922706@0)
              i am not sure if it is cashe DNS. Perhaps, jsut forward DNS to DNS server.
              • The problem, from what I heard, is that if you use Win2k's built-in packet filter to close all the ports, the system would not function properly. In other words, -dennis2(Dennis); 2002-12-18 {746} (#922775@0)
                you'll have to keep some ports open for it to carry out normal operation. The 3rd party firewall, on the other hand, stays in front of Win2k's TCP/IP stack, so it can close those ports from outside while allows those ports open from inside to keep Win2k happy.

                For the DNS proxy thing, I would assume it's a cache DNS server that may forward request to the ISP's DNS server. If ISP's DNS server is not available, it still can operate on its own. Since it's a canned configuration which means the user does not have to change anything, it'd better be a cache DNS server. Otherwise, if the ISP's DNS server is not available, the user wouldn't be able to get on to the Internet.

                Anyways, that's just my thought and it could be wrong.
        • Microsoft's "internet sharing" is go with "PAT", namely: port address translation.The outside ip is just the one bunding with your WAN interface. NAT is "Network address translation. The outside ips are a ip pool. -whitetiger(whitetiger); 2002-12-19 (#923947@0)
          • Well, I think PAT can be treated as a special case of NAT, namely: the outside ip pool only has one ip, right? -dennis2(Dennis); 2002-12-19 (#924624@0)
    • On Windows 2000 server, go through the RRAS wizard -lmx(流氓兔); 2002-12-18 (#921889@0)
    • 我拆了2000装linux ,用IP Masqurading 很方便,LAN上的机器装好就能用 redhat 8.0 安装太方便了 -tztz(tztz); 2002-12-18 (#923183@0)
    • 打开win2000server的 路由router功能,然后设置 ip route -langzixin(Richard); 2002-12-22 (#930206@0)

More Topics

  • Anti-Gravity Technology Hidden in Nature - Viktor Grebennikov
  • 在空间上呆一年,吃什么?有红烧肉吗?有猪头肉吗?没有的话我不去。
  • Ancient Egyptian electricity inside the Great Pyramid of Giza
  • Elon Musk Unveils UFO Fighter Jet That Defies Physics
  • 视频:中国公司火箭回收,最后一步失败爆炸
    • 枫下论坛主坛工作学习IT杂谈