Skip navigation

JSI Tip 2125. TCP/IP advanced security is not a firewall.

Windows NT 4.0 TCP/IP port filtering only filters inbound ports on the local computer.

If IP Forwarding is enabled, packets are forwarded, and filtered on the receiving end, if enabled on the receiving computer.


You have computers NT1, NT2, and NT3.
NT2 is multihomed, connecting NT1 and NT3. IP Forwarding is enabled.
NT2 permits only ports TCP 139, and UDP 137 and 138.
If FTP was installed on all 3 computers, NT1 and NT3 can NOT FTP to NT2, but NT1 can FTP to NT3 and visa-versa.

To act as a firewall, you need Microsoft Proxy Server or 3rd party software.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.