Re: Please help
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 15 Jun 2002 16:31:16 -0700
Do you have "Enable IP Routing" enabled in IP Packet Filtering properties?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Radu Cruceana
To: [ISAserver.org Discussion List]
Sent: Saturday, June 15, 2002 12:35 PM
Subject: [isalist] Re: Please help
http://www.ISAserver.org
The same result is obtained also for DNS query packets or telnet in port 110.
The problem is not ICMP related.
I have to publish those servers on the DMZ interface on ISA server.
When I analized the traffic with Network Monitor, I saw that the packets are
not routed from the external to DMZ interface.
It works after disabling/enabling of each interface but when I restart the
server or the Firewall service, it stop working again.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, June 15, 2002 10:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Please help
http://www.ISAserver.org
ISA blocks inbound ICMP by default (ping floods are a really basic DoS
technique).
Besides, ICMP doesn't guarantee traffic flow for other protocols..
Create packet filters for DNS / SMTP traffic between the 62.231.68.<ip> and
the linux host.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Radu Cruceana
To: [ISAserver.org Discussion List]
Sent: Saturday, June 15, 2002 9:47 AM
Subject: [isalist] Please help
http://www.ISAserver.org
Hi,
Please help a desperate man. I have the following configuration:
Internet -> 62.231.68.x/24 --ISA--192.168.0.0/24 -> Internal LAN
|
212.93.159.61/30 (Isa Interface to DMZ)
|
|
|
212.93.159.62/30 (Linux mail Server on DMZ)
So, From Internet I have ping on Linux Server but I don't have on ISA
interface to DMZ.
Routing is enabled and packet filters are specified with subnet for DMZ so
it should include
the 212.93.159.61.
If I disable the interface to Internet and the interface to dmz and reenable
them everything it's working ok. After that, if I restart the firewall
service or if I reboot the machine bye bye ping on 212.93.159.61 from Internet.
Also if I stop the firewall service I have ping on 212.93.159.61.
This interface is crucial because I have to publish on it a dns server and
a mail server.
I've also try put specific packet filters for it but no result.
I don't know what to do anymore (except to hang myself).
Thx a lot in advance.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
radu.cruceana@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
