Professional Windows Server 1002003 Security A Technical Reference [Electronic resources]

Configure TCP/IP

To configure TCP/IP, open the Internet Protocol (TCP/IP) Properties sheet on your system:

• If you are configuring TCP/IP for a local-area connection, then do the following:

  Start Control Panel Network Connections select a local-area connection Properties select Internet Protocol (TCP/IP) Properties

• If you are configuring TCP/IP for a dial-up or VPN connection, then do the following:

  Start Control Panel Network Connections select a dial-up or VPN connection Properties Networking select Internet Protocol (TCP/IP) Properties

• To use DHCP or APIPA for obtaining TCP/IP settings, select "Obtain an IP address automatically." APIPA will be used if a DHCP server can't be found. See

  DHCP earlier in this chapter for more information.

Use the Internet Protocol (TCP/IP) properties sheet to make various changes to your TCP/IP configuration. The remaining tasks assume that you have the Internet Protocol (TCP/IP) Properties sheet open on your system.

Add a Default Gateway

To assign additional default gateways to a network connection:

Advanced IP Settings Default gateways Add

Add an IP Address

To assign additional IP addresses and subnet masks to a network connection:

Advanced IP Settings IP addresses Add

You can assign as many IP addresses as you like to the connection. A typical use of this feature is creating multiple virtual servers for hosting different web sites on machines running Internet Information Services (IIS).

Assign a Metric

The metric for the network connection is the cost in hops of using this connection to route packets. The metric you specify using Advanced IP Settings is entered into the routing table for the network interface. The default value is 1, and this should usually not be changed unless you want to shape the flow of traffic over your internetwork, and then only if you are dealing with a multihomed WS2003 system acting as a router.

Configuration Method

To manually assign an IP address, subnet mask, and default gateway, choose "Use the following IP address."

DNS Client Configuration

You can either manually specify the IP address of a preferred and alternate DNS server, or, if you are using DHCP, you can select "Obtain the DNS server address automatically." You can also add IP addresses for additional DNS servers, modify the order in which these servers are queried by resolvers, and perform other DNS client configuration actions by Advanced DNS. See

DNS earlier in this chapter for more information.

TCP/IP Filtering

Advanced Options Properties Enable TCP/IP Filter (all adapters) Permit Only specify {TCP ports | UDP ports | IP protocols}

TCP/IP filtering can be used to protect your computer or simply to manage the bandwidth utilized by incoming network traffic. You can control which types of incoming TCP/IP traffic are accepted by your computer. TCP/IP filtering works with broadcast, multicast, and directed packets. Note that on a multihomed machine (multiple network adapters), filter settings apply globally to all adapters. You can also filter traffic using the Routing and Remote Access Service or by installing a firewall or proxy server application on your machine.

When configuring TCP/IP filtering, make sure you don't block traffic that is essential to your network's operation! For example, blocking UDP ports 67 and 68 would cause problems with DHCP.