RE: Access to 127.0.0.1
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 6 Feb 2006 18:00:15 -0800
Almost - because of the wpad cahnges in SP2, 127/8 is only necessary if there
are *any* addresses in the list.
It won't add it otherwise.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, February 06, 2006 17:47
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to 127.0.0.1
http://www.ISAserver.org
Hi Raj,
SP2 does this automatically:
//Copyright (c) 1997-2004 Microsoft Corporation BackupRoute="DIRECT";
UseDirectForLocal=true; function MakeIPs(){ this[0]="127.0.0.0";
this[1]="255.0.0.0"; this[2]="192.168.1.0"; this[3]="255.255.255.0";
this[4]="224.0.0.0"; this[5]="255.0.0.0";
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
Sent: Monday, February 06, 2006 7:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to 127.0.0.1
http://www.ISAserver.org
Thanks Jim.
We have been very happy with ISA Server 2000 for 5 years, with 3000 clients. I
expected the same or better experience with ISA 2004. Well, definitely ISA 2004
is better in many aspects. But something that worked fine in ISA 2000 does not
work so fine with ISA 2004. Now we need to push the registry change to 3000
clients. Why cant Microsoft just modify the wpad script, so that 127.0.0.1 is
treated as a bypassed address by default. It's a very obvious localhost
address. There are many large networks that wont allow Internet name resolution
with internal DNS.
Even if the NetBIOS node type is changed, the client will still try to do DNS
resolution for each URL using the internal DNS, and fail before going to the
proxy. This still increases the page refresh times. Why cant Microsoft just add
the 127.0.0.1, the obvious local loopback address as a default bypassed address
in the wpad script. That will make life easier for everyone.
Thanks.
Raj Periyasamy
MCSE (Messaging), CCNA
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, February 06, 2006 8:05 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to 127.0.0.1
http://www.ISAserver.org
No.
The NB bcst will stop when you apply the netbt regvalue I listed earlier (and
earlier still) and reboot the machines where you make that change.
You should have applied it to your ISA as well.
Applying SP2 and running the script will give you the best possible wpad
experience for your clients.
..of course, it can't fix a buggered network...
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
Sent: Monday, February 06, 2006 16:53
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to 127.0.0.1
http://www.ISAserver.org
Hi Jim,
So in my case, with SP2 applied, and the right IP addresses added to the Web
Browser tab, I should not see the WINS broadcast that was happening earlier
with every request that was initiated by the client. This should work even if
the internal DNS does not resolve Internet names. Is that correct?
Initially when I installed the array, I had the Web browser tab populated with
internal Ips. After the slow access, page refresh problem, I removed all
entries in the Web Browser tab.
Regards,
Raj Periyasamy
MCSE (Messaging), CCNA
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, February 06, 2006 7:34 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to 127.0.0.1
http://www.ISAserver.org
http://support.microsoft.com/kb/903746
There are changes to the wpad script that help reduce this name lookup hell.
Best behavior for web proxy clients is seen when either:
- the local domains list has *no* IPs listed
- the local domains list includes *correct* IPs.
Note that if *any* IPs exist, ISA will add the 127/8 range - so *don't add it*.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Monday, February 06, 2006 16:22
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Access to 127.0.0.1
http://www.ISAserver.org
What in Service Pack 2 fixes the slow resolution problem? Is it related somehow
to that strange reference regarding needing to add the IP addresses of the
domains included in the Web browser Direct Access list?
Seems like a PIA, given that I have no idea what addresses Microsoft.com, et
al. use and when they change over time.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Monday, February 06, 2006 5:15 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access to 127.0.0.1
>
> http://www.ISAserver.org
>
> No - not the internal network local address list - the Internal
> network Web Browser Direct access list.
> Your name resolution is slow because the clients are trying to resolve
> using broadcasts.
> Set (add)
> HKLM\System\CurrentControlSet\Services\NetBT\Parameters\NodeTy
> pe, DWORD = 2.
>
> Sp2 will fix that slow resolution problem - install it and run
> http://isatools.org/copylattowebproxy.js on the ISA.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
> Sent: Monday, February 06, 2006 15:02
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access to 127.0.0.1
>
> http://www.ISAserver.org
>
> Hi Jim,
> I tried adding the 127 to the Internal network properties - Addresses
> tab. And I got an error about conflict with localhost object, and
> would not accept the settings. Am I doing this right?
>
> I can not add any IP addresses to the Internal network properties -
> Web browser tab - Direct access, because our internal DNS cannot
> resolve Internet names. Adding any IP address in this tab, slows down
> the client access to Internet drastically.
>
> In the domains tab, I have our internal domain name "infineum.com",
> but it wont let me add an IP address in this tab.
>
>
>
> Thanks.
>
> Regards,
> Raj Periyasamy
> MCSE(Messaging), CCNA
>
>
>
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Monday, February 06, 2006 4:43 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access to 127.0.0.1
>
> http://www.ISAserver.org
>
> This is why I asked about SP2.
> Without SP2, you have to add 127/8 in the web proxy address/domain
> list.
> After SP2, you don't, but you should run
> http://isatools.org/copylattowebproxy.js.
>
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Monday, February 06, 2006 13:31
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Access to 127.0.0.1
>
> http://www.ISAserver.org
>
> And 127.0.0.1 is where in that list?
>
> John T
> eServices For You
>
> "Seek, and ye shall find!"
>
> > -----Original Message-----
> > From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
> > Sent: Monday, February 06, 2006 1:23 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Access to 127.0.0.1
> >
> > http://www.ISAserver.org
> >
> > Hi Jim,
> > I have populated all the internal IP address range to the address
> list.
> > The address list looks like below,
> >
> > 10.254.0.0 - 10.254.0.255
> > 10.254.2.0 - 10.254.255.255
> > 10.255.255.255 - 10.255.255.255
> > 159.70.0.0 - 159.70.255.255
> > 159.129.0.0 - 159.129.255.255
> > 192.168.178.0 - 192.168.178.255
> >
> > I haven't installed the SP2 yet. I am still reading the
> release notes
> > document to understand the new features/changes.
> >
> >
> >
> > Thanks.
> >
> > Regards,
> > Raj Periyasamy
> > MCSE(Messaging), CCNA
> >
> >
> >
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Monday, February 06, 2006 4:03 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Access to 127.0.0.1
> >
> > http://www.ISAserver.org
> >
> > Have you populated the web proxy local addresses list?
> > Have you installed SP2 yet?
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: Periyasamy, Raj [mailto:Raj.Periyasamy@xxxxxxxxxxxx]
> > Sent: Monday, February 06, 2006 12:47
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Access to 127.0.0.1
> >
> > http://www.ISAserver.org
> >
> > We have a load balanced ISA 2004 Ent Array. Everything is working
> > fine, except for access to http://127.0.0.1. Some clients use the
> > Google desktop search, that access to the http://127.0.0.1.
> Every time
>
> > an access is initiated to 127.0.0.1, the ISA server kicks in and
> > denies the connection, and the Google application fails.
> All clients
> > are using Automatic configuration from the ISA Server. I
> was thinking
> > of adding the 127.0.0.1 to the Direct access server list.
> However, our
>
> > Internal DNS servers do not resolve Internet names. Hence, I cannot
> > add any IP addresses in the "Directly access these servers
> or domains"
> section.
> > Access to http://localhost works fine, because localhost
> resolves to
> > "mypc.mydomain.com", and the "mydomain.com" is defined as
> an internal
> > domain. The only problem is direct access to the IP address
> 127.0.0.1.
> > Any suggestions to workaround this problem?
> >
> > Thanks.
> >
> > Regards,
> > Raj Periyasamy
> > MCSE(Messaging), CCNA
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > raj.periyasamy@xxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > johnlist@xxxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> raj.periyasamy@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
raj.periyasamy@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts:
