Information Technology Reference
In-Depth Information
To delete a port mapping from a NAT interface, use this command:
> netsh routing ip nat delete portmapping
[InterfaceName=]
<InterfaceName>
[[proto=]{tcp | udp}]
[publicip=]{IPAddress | 0.0.0.0}] [[publicport=]
<Integer>
]
[[privateip=]
<IPAddress>
] [privateport=]
<Integer>
]
How It Works
If you are a system administrator for a small- or medium-sized business, there is a good prob-
ability that you will be configuring your Windows Server 2003 router to provide Internet access
to the hosts on your LAN using network address translation.
If this is the case, and if you do not have a firewall between the router and the LAN, be
certain to enable the Basic Firewall on the interface. Although it is far from a full-featured fire-
wall appliance that might also contain anti-spyware, anti-virus, or other features, it certainly
provides a starting point for your perimeter defense. The Basic Firewall is distinct from the
Windows Firewall discussed in Chapter 3.
When configuring services and ports (as defined in the graphical user interface section) or
port mappings (as defined in the command-line section), be aware that these services and
ports are not those to which users on your LAN have access. Rather, they define the services on
your network to which users on the Internet are permitted access. In other words, each service
or port that you open on the firewall represents one additional channel into your network that
an unauthorized user can attempt to exploit.
■
Note
By default, users on the LAN have outbound access to all protocols, services, and ports unless
explicitly prohibited.
See Also
Microsoft TechNet: “Basic Firewall” (
http://technet2.microsoft.com/WindowsServer/
en/Library/7c9a082b-0c5c-49d1-a1a8-5bfccc0eeb5c1033.mspx
). This article provides a
brief discussion of how the Basic Firewall works, as well as factors to consider when
using this in conjunction with another firewall.
Microsoft TechNet: “Understanding Network Address Translation”
(
http://technet2.microsoft.com/WindowsServer/en/Library/
321780ff-6027-4906-b1e5-3701f3105f0c1033.mspx
). This article describes the three key
components: translation, addressing, and name resolution.
Microsoft TechNet: “Network Address Translation Design Considerations”
(
http://technet2.microsoft.com/WindowsServer/en/Library/
b0b24722-8e44-416b-97a6-d24f861a21ba1033.mspx
). This article discusses private vs.
public addressing, single vs. multiple addresses, inbound connections, and application
and service configuration.
