Re: Please help
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 15 Jun 2002 12:13:02 -0700
ISA blocks inbound ICMP by default (ping floods are a really basic DoS
technique).
Besides, ICMP doesn't guarantee traffic flow for other protocols..
Create packet filters for DNS / SMTP traffic between the 62.231.68.<ip> and the
linux host.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Radu Cruceana
To: [ISAserver.org Discussion List]
Sent: Saturday, June 15, 2002 9:47 AM
Subject: [isalist] Please help
http://www.ISAserver.org
Hi,
Please help a desperate man. I have the following configuration:
Internet -> 62.231.68.x/24 --ISA--192.168.0.0/24 -> Internal LAN
|
212.93.159.61/30 (Isa Interface to DMZ)
|
|
|
212.93.159.62/30 (Linux mail Server on DMZ)
So, From Internet I have ping on Linux Server but I don't have on ISA
interface to DMZ.
Routing is enabled and packet filters are specified with subnet for DMZ so it
should include
the 212.93.159.61.
If I disable the interface to Internet and the interface to dmz and reenable
them everything it's working ok. After that, if I restart the firewall
service or if I reboot the machine bye bye ping on 212.93.159.61 from Internet.
Also if I stop the firewall service I have ping on 212.93.159.61.
This interface is crucial because I have to publish on it a dns server and a
mail server.
I've also try put specific packet filters for it but no result.
I don't know what to do anymore (except to hang myself).
Thx a lot in advance.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
