I have a Windows 2008 Web Edition server with several IPs.
In order to improve security I want to expose only one IP for public services, and use another IP for the administrative ports.
That said, testing has shown me that I can connect to my server's terminal services (using remote desktop connection) with every assigned IP, which is bad.
So for example if the server has these IPs:
172.11.22.51
172.11.22.71
How do I make the terminal services (which listen on port 3389) to listen only on IP 172.11.22.51 ?
Currently it's set to 0.0.0.0 which is "ANY_IP".
Doing so will allow me to run a server application on the other IP (172.11.22.71) only.
That said, I'd be happy if someone tell me how to do so with other services in that OS, if possible, yet the most urgent is the Terminal Service one.
There isn't a way to configure the native remote desktop service to listen on just a specific IP, just to change the port. You can tunnel it through SSL or SSH, however. Will that work?
Changing listener IP's for other services are service specific. Since you're using Web edition I'm going to assume you'd be interested in IIS:
netshhttpshow iplistenand verify that nothing comes back (indicating you're listening on all IP'sadd iplisten ipaddress=172.11.22.51That will bind your site to 172.11.22.51.