Firewalls, Would do you use? or would you recommend?

Hi, im looking for a firewall for a Windows XP Professional 64-bit computer, the computer is mainly running game servers, ventrilo servers, that sort of stuff.

What would you use in this scenario?

I dont really have that much experience in Windows and firewalls, purely cos i wouldnt trust one connected to net, but in this case im forced, so any help, advice, recommendations, do and donts, would be greatly appreciated!

Thanks in advance. bob.

Reply to
benson_james
Loading thread data ...

Get a quality NAT Router device that has vendor instructions on the vendors website on how to configure the NAT device for the games you play.

Most of the NAT appliances support games where you play then OUT from your computer to the internet, some support enough forwarding rules where you can act as a GAME SERVER, others don't properly support acting as a server.

One other issue, some of the routers degrade performance enough that you can't run a 16/16 CounterStrike Source server on a 1.5mbps connection.

Do not use a Personal Firewall application on the box, get an appliance and you'll be a lot happier.

Reply to
Leythos

Yeah, you should get a good NAT router. One that is ICSA certified would be the best.

formatting link
Duane :)

Reply to
Duane Arnold

Maybe NAT is not a good idea, if James want's to offer Services.

Yours, VB.

Reply to
Volker Birk

Maybe you don't know anything about networking.

I use NAT as a standard for all of our clients, it works perfectly, we have dozens of web/ftp/game servers, all without any problems.

Reply to
Leythos

I myself don't see anything wrong with getting a NAT FW router that is ICSA certified as a solution. It's enough to protect a computer running games and whatnot.

Duane :)

Reply to
Duane Arnold

VB agree with you there - NAT is not possible with the solution, besides the fact the admin will be a pain in the arse with all the services, the server will be hosted in London, we are planning on running alot of games! BF2, looking at hosting a 64 player server, Ghost recon - as many as possible, 2 x RVS server - upto 24 players, maybe not all at once but there will be alot going on...

NAT - Impossible!

Any other suggestions on Firewall Application compatible with Windows XP 64 Bit.

Thanks guys..

Reply to
benson_james

benson snipped-for-privacy@yahoo.com wrote on 22 Mar 2006 07:00:20 -0800:

Not entirely - it depends on the way the game server packets are handled. I've run Quake engine based servers (RtCW and ET) behind a NAT system, BF1942, and BFV. I'm pretty sure I had BF2 running behind NAT while testing just prior to removing the game servers from here at work (my clan mates and I had too many things going on in real life to spend playing games any more, and I decided to re-use the PCs running the game servers for my kids at home).

Dan

Reply to
Spack

A FW application that's running on the XP workstation that's worth anything -- come on man?

Why don't you take it up to a server O/S Win 2K or Win 2k3? You may find server based FW applications there that that may work for you.

You do know that Windows XP licensing is only going to allow 10 concurrent connections to it don't you?

Heck, you'll be better off trying to do something with a NAT FW router than some host based solution running on a Win XP pro workstation. :)

Duane :)

Reply to
Duane Arnold

Duane wrote on Wed, 22 Mar 2006 16:50:51 GMT:

The limit is only concurrent connections for the following services: File Services, Print Services, Internet Information Services, and remote access. This is clearly stated in the EULA.

XP Pro will happily handle more than 10 TCP connections to an application - I've had a 32 player BF1942 server running in the past. But I agree, the server OS is a better option for a large scale system as it's tweaked for the networking side, and has no need for fancy graphical work.

Dan

Reply to
Spack

The NT based workstation and server versions of the O/S(s) are basically the same for the core and has the same graphical UI(s) for the most part. The server version may have a little more server based things incorporated and you can adjust the user licensing on the server version. The workstation version of a NT based O/S the licensing for number of users is static.

The issues I have seen with 10 concurrent connections has been on on p2p and IIS. for XP pro. So you may be right on the other stuff in that regard on TCP connections.

But the OP looking for some host based FW solution that's running on a XP pro workstation that's worth $.02 well what can I say about it.

Duane :)

Reply to
Duane Arnold

Duane wrote on Wed, 22 Mar 2006 17:19:31 GMT:

Server tends not to have DirectX installed, fancy GUI transitions are disabled by default, there is no default desktop image, and settings are tweaked for network handling and file I/O.

P2P is not affected, however it's likely that it was pre-configured for max

10 concurrent downloads. IIS however is - that is clearly stated in the EULA.

Oh, I agree. Opening up your machine to abuse by running a game server on it (and during my game "server" admin period of just over 2 years I saw a lot of abuse) and relying on a software firewall is just asking for trouble.

Dan

Reply to
Spack

Cheers guys, thanks for all your replies :-)

Reply to
benson_james

I hate to tell you this, but we've go 7 Couter-Strike servers sitting behind a NAT, full time, with 7 dedicated games running.

NAT is not the issue, it's the lack of understanding VB and you have for NAT.

Admin works fine on them, not a single problem with any of them, internal or external admin/game play works fine.

Reply to
Leythos

Completely agree with you, NAT can be a good solution for the right scenario, but with this, i simply cant, i would love to use a linux box, hiding the Windows Game server but, it would just be too costly to do so.

Nothing else would make me sleep better at night hiding the windows box :-)

thanks.

Reply to
benson_james

I fail to see why NAT would be a problem for your game services. We run many servers providing public access behind NAT without a problem.

Please describe why you think it won't work for you, I'm interested as I can only imagine one scenario that might cause the problem.

We generally, run a couple games per IP, so we can offer vent services and several others.... So, unless you're trying to run a BUNCH of games on a single IP, then I don't see any real issues - oh, and all our servers run multiple games on Windows 2003 Standard.

Reply to
Leythos

Hey leythos, yeah we are hosting the rack in a company in london, we only got 1u space for moment, if we got enough we could maybe get a couple more U's of space and use another to NAT the game servers.

We are looking at hosting a few games, BF2, Ravenshield, Ghostrecon, GRAW - if it ever emerges! maybe others, not all at the same though.

What have you done to secure the Windows 2003 Box? Curious, i know its quite secure be default, i take it you have a firewall on it? Which one?

Personally i have always used Unix/Linux on boxes connected to directly to the Net, just the way i have always done it, never trusted MS products, but times have probably changed from the days of NT4 and stuff, Windows is alot more secure...

Reply to
benson_james

Windows 2003 IS NOT SECURE BY DEFAULT, never. At the very least you want to install a Firewall Appliance in DROP-IN mode where all ports have the same IP, so that you don't have to do NAT, then create rules to map from WAN to LAN for your game ports.

I NEVER, NEVER, NEVER, expose a Server directly to the internet, and there is nothing I trust to run on a server to protect it.

You need to get another 1U slot and install a firewall if you want to ensure that your server is protected.

As for how to secure a Windows server, please check the Microsoft site, it's got tons of documents on it.

Reply to
Leythos

Cheers dude, thanks for the advice.. ;-)

Reply to
benson_james

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.