RES: RE: DMZ - The Hell
- From: "Alex Decarli" <decarli@xxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Thu, 26 Sep 2002 17:01:22 -0300
I created a New Ip packet filters like you said.
didn't work.
There's a strange line on ipxxxx.log
The DMZ nic Ip is blocked when i try to access.
200.xxx.xxx.dmz 255.255.255.255 68 67 blocked 200.xxx.xxx.dmz.
The others packets are allowed, always....
Why the DMZ nic ip is listed on ipxxx.log as blocked ?
-----Mensagem original-----
De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Enviada em: quinta-feira, 26 de setembro de 2002 12:00
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: DMZ - The Hell
http://www.ISAserver.org
Hi Alex,
The default packet filter for TCP 80 won't work if you're wanting to pass
packets to a public address DMZ host. You'll have to create them manually.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
-----Original Message-----
From: Alex Decarli [mailto:decarli@xxxxxxxxxxxxx]
Sent: Thursday, September 26, 2002 8:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] DMZ - The Hell
http://www.ISAserver.org
Hi all,
Again, I come to list to find help to implement DMZ.
I read "DMZ Scenarios" on isaserver. rg and "HOW To: Publish Web Server in
Perimeter Network - q313562". ALL RECOMENDATIONS ARE APLLIED.
My problem is: I can't to connect my webserver on DMZ from internet.
But, i can connect my webserver from internal network and ISA Computer (the
connections has proxy configured, either).
My Scenario is:
===========
[ ISP ROUTER ] -------------------------------- ** ISA External NIC **
(subnet1 e subnet2) Defaut gateway is router subnet
1
|
|
ISA SERVER
------------------------------------------------------------------------------------------------------------
[ INTERNAL NETWORK]
|
LAT: 10.1.1.x
|
** ISA DMZ NIC **
IP Public (subnet2)
Diferent Subnet of ISA
External NIC
No Defaut Gateway
|
|
|
|
|
[ WEB SERVER ]
IP Public (subnet 2)
Defaut gateway is ISA
DMZ NIC
I've configured a "IP Packet Filters Rule" called "Allow webserver on DMZ" , IP
routing and IP Packet filters are enabled, with pre-defined HTTP 80 Port ,
applied to IP address of webserver. exactly q313562
My ISA Server is Standalone Server, SP1, Windows is Server Standard, SP3, no
more.
Any help is apprecied !
Alex Decarli.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
- » RES: RE: DMZ - The Hell