Hello,I am trying to turn off certain ports on our Windows Server 2003 w/SP2 and cannot for the life of me figure out how to do it. I'm not a network specialist and I have inherited this role for our company. The only way I know to turn ports off is via the Windows Firewall. When I attempt to launch the Windows Firewall utility to configure I get the following error: "Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)"Any help would really be appreciate.Thanks a bunch.Val

Hi Val,You're probably using the server as RRAS server. If this is the case, the IPNat.sys (the NAT driver) is being occupied by RRAS, which is the reason Windows Firewall cannot use it. RRAS has it's own "basic" firewall.If I see correctly, the behavior is by design. Best practise is to use a hardware-based firewall ofcourse :)Hope this helps.Regards,Stefan Hazenbroek

Stefan,Thank you for the reply. The problem that I'm having is that I ran a scan this morning on our network using GFI's LanGuard 9. It identified several ports that were open which are known Trojan ports. I'm just trying to turn those off. Is the RRAS role required if the server is just a file server and we need to remote into it for configuration purposes only? If not then would it be safe to turn that off?Thanks a bunch.Val

Hi Val, RRAS is the "VPN equivalent" included in Server 2003 and such. If you need remote access to the machine and RDP isn't an option then yes, RRAS is needed. What you can do is use the RRAS firewall to close the ports that are identified by LanGuard. You can do that by opening RRAS (Start, Administrative Tools, Routing and Remote Access). Expand <your server name>, go to IP Routing and choose NAT/Basic Firewall. Rightclick on the connection you want to configure. In the box that opens go to the tab "Services and Ports". Here you can add/choose the ports you need configured (well-known services are pre-configured, if you need a new one you can do that by clicking "Add"). Check out http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html for more information. Regards, Stefan Hazenbroek