Re: Please help
- From: "Radu Cruceana" <radu.cruceana@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 17 Jun 2002 09:24:59 +0300
Yes of course. I?ve found an article from technet Q299959 that states
ISA does not nanage routing well between external and DMZ nics.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Sunday, June 16, 2002 2:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Please help
http://www.ISAserver.org
Do you have "Enable IP Routing" enabled in IP Packet Filtering
properties?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Radu <mailto:radu.cruceana@xxxxxxxxxxxx> Cruceana
To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx> Discussion List]
Sent: Saturday, June 15, 2002 12:35 PM
Subject: [isalist] Re: Please help
http://www.ISAserver.org
The same result is obtained also for DNS query packets or telnet in port
110.
The problem is not ICMP related.
I have to publish those servers on the DMZ interface on ISA server.
When I analized the traffic with Network Monitor, I saw that the packets
are not routed from the external to DMZ interface.
It works after disabling/enabling of each interface but when I restart
the server or the Firewall service, it stop working again.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Saturday, June 15, 2002 10:13 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Please help
http://www.ISAserver.org
ISA blocks inbound ICMP by default (ping floods are a really basic DoS
technique).
Besides, ICMP doesn't guarantee traffic flow for other protocols..
Create packet filters for DNS / SMTP traffic between the 62.231.68.<ip>
and the linux host.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: Radu Cruceana <mailto:radu.cruceana@xxxxxxxxxxxx>
To: [ISAserver.org <mailto:isalist@xxxxxxxxxxxxx> Discussion List]
Sent: Saturday, June 15, 2002 9:47 AM
Subject: [isalist] Please help
http://www.ISAserver.org
Hi,
Please help a desperate man. I have the following configuration:
Internet -> 62.231.68.x/24 --ISA--192.168.0.0/24 -> Internal LAN
|
212.93.159.61/30 (Isa Interface to DMZ)
|
|
|
212.93.159.62/30 (Linux mail Server on DMZ)
So, From Internet I have ping on Linux Server but I don?t have on ISA
interface to DMZ.
Routing is enabled and packet filters are specified with subnet for DMZ
so it should include
the 212.93.159.61.
If I disable the interface to Internet and the interface to dmz and
reenable
them everything it?s working ok. After that, if I restart the firewall
service or if I reboot the machine bye bye ping on 212.93.159.61 from
Internet.
Also if I stop the firewall service I have ping on 212.93.159.61.
This interface is crucial because I have to publish on it a dns server
and a mail server.
I?ve also try put specific packet filters for it but no result.
I don?t know what to do anymore (except to hang myself).
Thx a lot in advance.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
radu.cruceana@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
radu.cruceana@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
BEGIN:VCARD
VERSION:2.1
N:Cruceana;Radu
FN:Radu Cruceana (Radu Cruceana)
ORG:Global Business Software S.R.L.
TITLE:I.T. Manager
TEL;WORK;VOICE:(21) 301-7462
TEL;CELL;VOICE:(744) 686-498
TEL;WORK;FAX:(21) 301-7475
ADR;WORK:;;2-4 Marasesti Street,;Sector 4 Bucharest;;;Romania
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:2-4 Marasesti Street,=0D=0ASector 4
Bucharest=0D=0ARomania
URL;WORK:http://www.adholding.ro
EMAIL;PREF;INTERNET:radu.cruceana@xxxxxxxxxxxx
REV:20020616T113852Z
END:VCARD
Other related posts:
