RE: RES: RE: Spooky filter problem! Tom?

  • From: "Mark Hippenstiel" <m.hippenstiel@xxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 11 Feb 2003 20:28:08 +0100

I did not follow the thread completely here. One thing that is to be said is
that Jim's right about the variable/dynamically assigned ports, that would
never function. But if I understood you right, there is only one (server)
port users can connect to, much like running a http server, right?

In this case you would have to make shure that your appplication only binds
to the internal interface. Further you would have to use server publishing
to make the port available on the external interface. And you may have to
define a packet filter to allow traffic to your internal interface - but I'm
not too shure about this last point. I understand that this is a must when
the "server" to be published runs on the ISA box, but maybe Tom can help out
here.

You'd have to change service dependencies only if your application does not
support binding to a specific NIC. This way I got the Shoutcast server to
run - but you may experience other problems on a higher level. E.g. if the
protocol that is being used carries connection information like IP adresses
and the like for further communication (in the way FTP does), every attempt
will fail because ISA will not be able to translate this. Well, you could
write your own application filter however :)

Hope I could help
Mark

> -----Original Message-----
> From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
> Sent: Tuesday, February 11, 2003 1:39 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RES: RE: Spooky filter problem!
>
>
> http://www.ISAserver.org
>
>
> Finally!
>
> Mark, my application is running in my ISA Box. I can bind the
> application directly into the internal or external interface.
> One thing i could do: bind the application into my internal
> interface and publish it into my external interface?
>
> Now all that i'm doing is binding the application to my
> external interface and creating the IP Packet filters in
> order to allow connections to the application's port.
>
> Thanks for your reply!
>
> Tiago de Aviz
> -----------------------
> tiago@xxxxxxxxxxxxxxx
> www.softsell.com.br
> -----------------------
>
>
> -----Mensagem original-----
> De: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> Enviada em: segunda-feira, 10 de fevereiro de 2003 18:14
> Para: [ISAserver.org Discussion List]
> Assunto: [isalist] RE: Spooky filter problem!
>
> http://www.ISAserver.org
>
>
> Tiago,
>
> I re-read your original post. It seems to me what you are
> facing here is that your application comes up before ISA
> services start and it seems to claim the port(s) in question.
> Maybe you can see an error in the eventlog stating that
> server publishing failed.
>
> I had that once with the IIS FTP services, in a different
> setup - I could just not understand why FTP should be
> available with chaniging IP adresses without me running a
> script to change server publishing (remember that one Tom?).
> It took me ages to find out that FTP would claim the port and
> ISA would just "fail" there.
>
> I solved the problem by changing the dependencies of the
> services, making sure that any other "internet" service
> started *after* all ISA services.
>
> Maybe this helps,
> Mark
>
>
> > -----Original Message-----
> > From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx]
> > Sent: Sunday, February 09, 2003 12:19 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Spooky filter problem!
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Hey folks,
> >
> > I'm running a Counter-Strike Server on my ISA machine. I allowed
> > Access to all the ports required by the service, inbound
> and outbound.
> > And i set the Server to run on port 27016 UDP. However, my external
> > users can only Access my Server on port 60684 (the game Server
> > annouces itself to some online game-searching utilities). This port
> > doesn't change each time i restart the service.
> >
> > What is freakin' me out is that i didn't enable Access to
> this port! I
> > doný have any rule which allows Access to UDP port 60684 on my
> > external interface. However, if I, from the Internal Network here,
> > Access the game Server at port 27016 as it should, it Works!
> >
> > What is going on? Any ideas?
> >
> > Tiago de Aviz
> > -----------------------
> > tiago@xxxxxxxxxxxxxxx
> > www.softsell.com.br
> > -----------------------
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT
> > > Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> > to $subst('Email.Unsub')
> >
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank
> email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>

Other related posts:

  • » RE: RES: RE: Spooky filter problem! Tom?
  1. Home
  2. isalist
  3. Archive
  4. 02-2003