TCP packet filter - Help needed

  • From: "Brian Spooner" <brian.spooner@xxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Tue, 21 Aug 2001 13:29:53 -0600

We just installed ISA Server at our location a couple weeks ago and our
working on the kinks with many internet based applications, such as
opening up ports so they will operate.  One seems to still be giving us
trouble though, even if we open up TCP completely.

The application is called System 4 and it retrieves information from a MLS
(Multiple Listing system). At first we could not even connect until their
tech support instructed us to open TCP ports 1521 and 1526. We could
confirm these were the correct ports by running netstat on our machines
while it was trying to connect.  After these ports were opened, we could
connect fine.  Now we've ran into a second more difficult problem, when we
try to print some reports offline we're getting a socket error message. I
ran netstat again while I was trying to print and noticed TCP port 7206
with the state: "SYN_SENT" instead of established.  I did this a few more
times and noticed it seems to be alternating on the remote port from
7206-7208.  So, here's all the packet filters I've created to try and make
this work: One for each port 7206,7207, and 7208 on the TCP protocol,
directions: BOTH, local computer: dynamic, remote: fixed port #.  I also
tried changing the dynamic setting to all ports, and the fixed port #
setting to all ports but it didnt seem to work either. I even opened up
TCP for both directions, all ports on local and remote. Yet, this program
still won't get through ports 7206,7207,or 7208. And it worked before with
our proprietary proxy and NAT server from IBM, so I know it's possible for
the program to work with the firewall.  I'm positive it's the firewall
also because it functions perfectly as soon as I'm outside the firewall. 
At this point I'm thinking it must be something stupid hidden in ISA
somewhere.  If anyone has any suggestions at all, please email me at
Brian.Spooner@xxxxxxxxx

Thank you very much

Other related posts:

  • » TCP packet filter - Help needed
  1. Home
  2. isalist
  3. Archive
  4. 08-2001