Transcript Windows Firewall

Module 7: Configuring
TCP/IP Addressing and
Name Resolution
Overview
Configuring IP Addresses
Configuring Windows Firewall
Troubleshooting IP Addresses
Determining TCP/IP Name Resolution Methods
Configuring a DNS Client and a WINS Client
Connecting to a Remote Host
Lesson: Configuring IP Addresses
Assigning Static IP Addresses
Overview of Dynamic Address Assignment
Using DHCP to Automate IP Address Assignments
Enabling an Alternate IP Configuration
Assigning Static IP Addresses
Specifies
192.168.2.15
Client with Static
Addressing
Overview of Dynamic Address Assignment
Dynamic address
Alternate static address
Automatic private IP Address
Client with Dynamic
Addressing
DHCP Server
Request for
IP address
Automatic Private
IP address
generates IP
address
No
Is
alternate IP
configured?
Yes
Assign alternate
IP address
No
Is DHCP
available?
Yes
Assign IP
address
Using DHCP to Automate IP Address Assignments
Enabling Alternate IP Configuration
Alternate IP configuration:
Specifies an alternate IP address if DHCP is
unavailable
Provides alternate configuration options
• Automatic private IP address
• User configured
Lab A: Configuring IP Addresses for Windows XP
Professional
Exercise 1: Configuring Windows XP
Professional to Use Static TCP/IP
Addressing
Exercise 2: Configuring Windows XP
Professional to Use DHCP for IP
Address Assignment
Exercise 3: Configuring Windows XP
Professional to Use an Alternate
TCP/IP Configuration
Lesson: Configuring Windows Firewall
Using Global Configuration
Using Group Policy Support
Using On with No Exceptions Operational Mode
Using Static Port Openings
Configuring Basic ICMP Options
Logging Dropped Packets and Successful Connections
Using Global Configuration
Applies all new configurations and configuration
changes to all network connections
Configuration can still be performed on a per-interface
basis
Using Group Policy Support
With Windows XP Service Pack 2, every configuration
option can be set through Group Policy
New configuration options:
 Operational mode (On, On with no exceptions, Off)
 Allowed Programs on the exceptions list
 Opened static ports
 ICMP settings
 Enable RPC and DCOM
 Enable File and Printer Sharing
Using On with No Exceptions Operational Mode
Keeps Windows Firewall enabled while only solicited traffic
is allowed
Blocks all unsolicited requests to connect to your computer
Blocks unsolicited requests to share files or printers, and
discovery of network devices
To turn on with no exceptions:
1
Open Windows Firewall
2
On the General tab, click On
3
Select Don't allow exceptions check box, and then click OK
Using Static Port Openings
In Windows XP Service Pack 2:
 Ports are configured to receive only network traffic that
has a source address
 When file sharing ports are opened, the local subnet
restriction is applied by default
Recommendation:
 Apply local subnet restriction to static ports that are
communicating on a local network
Configuring Basic ICMP Options
Enable ICMP options when needed; disable after
troubleshooting
ICMP options are disabled by default
To enable ICMP:
To create an ICMP exception:
1
Open Windows Firewall
1
Open Windows Firewall
2
On the Advanced tab, under
ICMP, click Settings
2
In the Windows Firewall dialog
box, click Advanced tab
3
In the ICMP dialog box,
select check box beside
each type of ICMP message
to be enabled
3
In Network Connection Settings
section, select the connection that
will have an exception, and then
click Settings
4
In the Advanced Settings dialog
box, click ICMP tab
Logging Dropped Packets and Successful Connections
Windows Firewall can keep a security log of dropped packets
and successful connections
To enable security logging:
1
2
Open Windows Firewall
3
Click OK to close the Log
Settings dialog box
In the Windows Firewall dialog
box, click Advanced tab. Open
the Log Settings dialog box
To locate and open log file:
1
2
Open Windows Firewall
3
In the Log Settings dialog box,
under Log File Options section,
click Save As
4
In the Browse dialog box, right-click
the pfirewall.txt file and then
choose Open
In the Windows Firewall dialog
box, click Advanced tab. Open Log
Settings dialog box
Lab B: Configuring Windows Firewall for Windows XP
Professional
Exercise: Configuring Windows Firewall
Lesson: Troubleshooting IP Addresses
Using TCP/IP Troubleshooting Utilities
Using ipconfig to Troubleshoot IP Addressing
Using Repair to Troubleshoot IP Problems
Using ping to Troubleshoot IP Addressing
Using TCP/IP Troubleshooting Utilities
Common TCP/IP diagnostic utilities include the
following:
 arp
 hostname
 ipconfig
 ping
 pathping
 tracert
Using ipconfig to Troubleshoot IP Addressing
The command prompt ipconfig is used to:
View TCP/IP information
Verify the TCP/IP configuration options on a host
Additional commands:
ipconfig /release
ipconfig /renew
Using Repair to Troubleshoot IP Problems
Repair attempts to refresh stored data related to connections, and to
renew registration
Used to:
 Release DHCP address
 Flush ARP
 Flush NetBIOS and DNS local caches
To repair a LAN or high-speed Internet connection:
1
Open Network Connections
2
Under LAN or High-Speed Internet, click connection to be repaired,
and then, under Network Tasks, click Repair this connection
3
If your connection does not work after you click Repair this
connection, try additional steps
Using ping to Troubleshoot IP Addressing
Testing IP Configuration:
1
Ping 127.0.0.1 (loopback address)
2
Ping IP address of the computer
3
Ping IP address of the default gateway
4
Ping IP address of the remote host
Lab C: Troubleshooting IP Addresses for Windows XP
Professional
Exercise 1: Troubleshooting IP
Addresses by Using ipconfig
Exercise 2: Troubleshooting IP
Addresses by Using Repair
Lesson: Determining TCP/IP Name Resolution Methods
Types of Names
Mapping Names: Dynamic or Static Tables
Dynamic IP Mapping
Static IP Mapping
Selecting a Name Resolution Method
The Host Name Resolution Process
The NetBIOS Name Resolution Process
Types of Names
Host name:
Assigned to a computer’s IP address
Up to 255 characters long
Can contain alphabetic and numeric characters, hyphens, and
periods
Together with domain name, this creates a fully qualified domain
name
NetBIOS name:
A 16-byte address
15 of the bytes may be used for the name which may include
alphabetic and numeric characters, hyphens, and periods
The 16th byte is used by the services that a computer offers to the
network
Mapping Names: Dynamic or Static Tables
Host name to IP
NetBIOS name to IP
Dynamic tables
DNS server
WINS server
Static tables
HOSTS file
LMHOSTS file
Dynamic IP Mapping
DNS Server:
A system for naming computers and network services
Is a naming system organized in a hierarchical fashion
Maps domain names to IP address
Stores mapping records
Is assigned to a computer’s IP address
WINS Server:
Provides a distributed database for registering dynamic mappings of
NetBIOS names
Maps NetBIOS names to IP addresses
Static IP Mapping
DNS server
Provides name resolution for host name to IP address
HOSTS
file
Allows multiple host names to be assigned to the same IP address
WINS Server
Provides a distributed database for registering dynamic mappings of
NetBIOS names
Maps NetBIOS names to IP addresses
LMHOSTS
file
Selecting a Name Resolution Method
DNS is required when:
Client is a member of the Active Directory
domain
DNS Server
Client needs to communicate over the Internet
WINS is required when:
Client is a member of a Windows NT 4.0 or
earlier domain
WINS Server
Client applications or services require
NetBIOS name resolution
Host Name Resolution Process
A
10
1
9
Enter command
LMHOSTS file
2
Local host name
3
8
DNS cache
7
WINS server
4
HOSTS
file
5
DNS server
6
NetBIOS name
cache
Broadcast
The NetBIOS Name Resolution Process
A
8
1
Enter command
7
DNS server
2
NetBIOS name cache
6
HOSTS file
3
5
WINS server
4
Broadcast
LMHOSTS file
Lesson: Configuring a DNS and WINS Client
Specifying Host Names, Domain Names, and
Connection-Specific Names
Configuring a DNS Client
Specifying Additional DNS Servers
Configuring DNS Query Settings
Configuring DHCP to Dynamically Update DNS
Troubleshooting DNS Name Resolution
Configuring a WINS Client
Specifying Host Names, Domain Names, and
Connection-Specific Names
Configuring a DNS Client
Specifying Additional DNS Servers
Configuring DNS Query Settings
Configuring DHCP to Dynamically Update DNS
Client registered
Computer1
(Static or
Dynamic)
3
1
DHCP registered
Request for IP address
2
Assign IP address of
192.168.120.133
Client dynamic
update
3
Computer1
192.168.120.133
DNS
Server
DNS database
DHCP
Server
DHCP dynamic
update
Troubleshooting DNS Name Resolution
1
Use nslookup
command
2
Change the host name
resolution configuration
Configuring a WINS Client
Manual configuration
Automatic configuration
DHCP
server
DHCP clients
Lab D: Configuring the DNS Client for Windows XP
Professional
Exercise 1:Configuring a Computer to
Use DNS
Exercise 2: Configuring an Alternate
DNS Server Address
Lesson: Connecting to a Remote Host
Working with FTP
Working with Telnet
Using Telnet Clients
Working with FTP
Windows Explorer
graphical client
Commandline client
Windows XP Professional provides various client FTP interfaces
along with the tools for hosting FTP sites by using IIS
Working with Telnet
Telnet client:
Issuing UNIX commands
UNIX server
Telnet server
Windows XP
Professional
Telnet client
Telnet server:
UNIX
workstation
Telnet client
Issuing Telnet commands
Windows XP
Professional
Telnet server
Using Telnet Clients
Telnet HyperTerminal