Re: Please help
- From: "Paul Nuernberger" <pen@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 15 Jun 2002 15:39:56 -0500
You might need to bind the RRAS service to start after the ISA services.
This might help - www.jalojash.org//isascripts/RRAS_Fix.vbs . IIRC it sets
the RRAS service to not start until after ISA is up.
What you describe sounds almost like the routing you set up is being quashed
by ISA. After you disable and enable the interfaces it would force RRAS to
re-bind to them thus solving that issue.
Not sure this will help, but worth a try.
Paul
-----Original Message-----
From: Radu Cruceana [mailto:radu.cruceana@xxxxxxxxxxxx]
Sent: Saturday, June 15, 2002 2:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Please help
http://www.ISAserver.org
The same result is obtained also for DNS query packets or telnet in port
110.
The problem is not ICMP related.
I have to publish those servers on the DMZ interface on ISA server.
When I analized the traffic with Network Monitor, I saw that the packets
are not routed from the external to DMZ interface.
It works after disabling/enabling of each interface but when I restart the
server or the Firewall service, it stop working again.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, June 15, 2002 10:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Please help
http://www.ISAserver.org
ISA blocks inbound ICMP by default (ping floods are a really basic DoS
technique).
Besides, ICMP doesn't guarantee traffic flow for other protocols..
Create packet filters for DNS / SMTP traffic between the 62.231.68.<ip>
and the linux host.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Radu Cruceana
To: [ISAserver.org Discussion List]
Sent: Saturday, June 15, 2002 9:47 AM
Subject: [isalist] Please help
http://www.ISAserver.org
Hi,
Please help a desperate man. I have the following configuration:
Internet -> 62.231.68.x/24 --ISA--192.168.0.0/24 -> Internal LAN
|
212.93.159.61/30 (Isa Interface to DMZ)
|
|
|
212.93.159.62/30 (Linux mail Server on DMZ)
So, From Internet I have ping on Linux Server but I don?t have on ISA
interface to DMZ.
Routing is enabled and packet filters are specified with subnet for DMZ
so it should include
the 212.93.159.61.
If I disable the interface to Internet and the interface to dmz and
reenable
them everything it?s working ok. After that, if I restart the firewall
service or if I reboot the machine bye bye ping on 212.93.159.61 from
Internet.
Also if I stop the firewall service I have ping on 212.93.159.61.
This interface is crucial because I have to publish on it a dns server
and a mail server.
I?ve also try put specific packet filters for it but no result.
I don?t know what to do anymore (except to hang myself).
Thx a lot in advance.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
radu.cruceana@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pen@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
