RE: TFTP from external interface?

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 7 Sep 2004 12:37:33 -0500

Hi William,

Packet filters don't control inbound access except to the ISA firewall
itself.

You'll need to use Server Publishing Rules. I haven't studied the TFTP
protocol lately (mainly because I always explicitly block it as it's a
favorite of blended worm writers), but IIRC, doesn't it require
secondary connections?

HTH,

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: Tuesday, September 07, 2004 12:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TFTP from external interface?


http://www.ISAserver.org

PFilter:
Allow custom protocol
        UDP-Receive Send
        Local Port=Dynamic
        Remote Port=FixedPort 69
        Applied to this isa's ext interface
        For only 1 remote computer (IP address of external device)

I allowed logging of ALLOW rules on Packet Filter, but still all I got
was
the following:
9/7/2004, 19:22:58, <External Device>, <Internal Workstation>, Udp,
12345,
69, -, BLOCKED, <ISA External NIC>, -, -

Your comments/thoughts?

Thanks
William R.

-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] 
Sent: 07 September 2004 04:48 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TFTP from external interface?

http://www.ISAserver.org


Yeah, you're right.  My bad (only one cup of coffee so far this
morning...)  How did you create the packet filter?

-Shawn

-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] 
Sent: Tuesday, September 07, 2004 10:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TFTP from external interface?

http://www.ISAserver.org

No, just did UDP 'cause as I understand it TFTP is a UDP protocol???

-----Original Message-----
From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: 07 September 2004 04:14 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TFTP from external interface?

http://www.ISAserver.org


Did you also create one for tcp/69?

-Shawn 


-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx

-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Tuesday, September 07, 2004 10:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TFTP from external interface?

http://www.ISAserver.org

Hi Tom,

I know, that's why I'm struggling... hehe Don't you just love it that it
is now possible to ask the question: "What version of ISA are you
running...?" - it's beautiful I tell you.

Anyway, I'm sorry to say that I am still running ISA 2000 :(

I want to basically dump the config's of my external routers to the TFTP
server running on my internal workstation, so I somehow need to let ISA
know how to authenticate the inbound request so I though a Packet Filter
would be required, but that didn't work (to say the least...)

Thanks
William R.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: 07 September 2004 02:44 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: TFTP from external interface?

http://www.ISAserver.org

Hi William,

The ISA firewall isn't a simple packet filter firewall like so-called
'hardware firewalls'.

What version of the ISA firewall are you using?

>From your ISA firewall configuration experience, do you ever recall
creating a simple packet filter to allow inbound access?

Thanks!

Tom
www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls



-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: Tuesday, September 07, 2004 6:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] TFTP from external interface?


http://www.ISAserver.org

Hi there

Anyone know how I can allow TFTP access from an outside router to a TFTP
Server sitting inside my corporate network?

I tried creating a packet filter for UDP:69 but this didn't work...

Any and all ideas appreciated.
Thanks
William R.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2004