Onions? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Monday, December 05, 2005 7:13 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Which "Network Template" to apply? > > http://www.ISAserver.org > > What am I, chopped liver? > > ----- > "And yet, even if one person finds his way... that means > there is a Way. Even if I personally fail to reach it." > > Mr. Nobusuke Tagomi > Top Place, Ranking Imperial Trade Mission > Pacific States of America > > ----- Original Message ----- > From: "Steve Moffat" <steve@xxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Monday, December 05, 2005 3:00 PM > Subject: [isalist] RE: Which "Network Template" to apply? > > > http://www.ISAserver.org > > In fact, and I expect some backup here Doc and Jim.........you should > set it up as your primary firewall correctly and use the linux box for > your sharepoint sites ...:) > > S > > -----Original Message----- > From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx] > Sent: Monday, December 05, 2005 6:51 PM > To: ISA Mailing List > Subject: [isalist] RE: Which "Network Template" to apply? > > > http://www.ISAserver.org > > Geez, that was helpful....thanks > > Perhaps I should elaborate on what this computer's purpose > is. It is to > host a sharepoint site, and provide access to an internal web > server via > reverse proxy, that's it. It's not to be used as a firewall in any > sense, strictly as a reverse proxy. ISA was installed because of its > reverse proxy capabilities when used in conjunction with IIS. While I > think ISA's a great product, it's totally wasted on this project. So > forgive me if I'm breaking the rules by running a web server on an ISA > server. > > Marty > > -----Original Message----- > From: Steve Moffat [mailto:steve@xxxxxxxxxx] > Sent: Monday, December 05, 2005 2:26 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Which "Network Template" to apply? > > http://www.ISAserver.org > > Do not host websites on the isa server........geez > > Would you host websites on your bsd box??? > > -----Original Message----- > From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx] > Sent: Monday, December 05, 2005 6:21 PM > To: ISA Mailing List > Subject: [isalist] RE: Which "Network Template" to apply? > > > http://www.ISAserver.org > > I swear it must be me that makes things harder than they need to be. > Seriously, this kind of stuff always happens to me. > > That being said, I've had a breakthrough. What I was trying to do was > have any requests for www.whatever.com/folder reverse proxy back to my > internal site. Now let me say this, www.whatever.com is > being hosted on > the ISA box, and no matter what I did I could not get the /folder to > reverse proxy. What I did as a test was shutdown www.whatever.com and > create a publishing rule that directed any traffic to the whatever.com > IP address to my internal site, and it worked! > > Now, all of that being said, can I not do what I was trying to do > originally? Meaning, can I not have ISA listen for requests to > www.whatever.com/folder, and reverse only those requests? > > Thanks again, > > Marty > > -----Original Message----- > From: Steve Moffat [mailto:steve@xxxxxxxxxx] > Sent: Monday, December 05, 2005 2:03 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Which "Network Template" to apply? > > http://www.ISAserver.org > > It isn't....normally > > -----Original Message----- > From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx] > Sent: Monday, December 05, 2005 5:23 PM > To: ISA Mailing List > Subject: [isalist] RE: Which "Network Template" to apply? > > > http://www.ISAserver.org > > Steve while I appreciate the post, what I don't think I've conveyed is > that I've done what you've suggested, and I just cannot get > it to work. > What I am trying to do here is figure out what exactly I'm doing wrong > so I can remedy it. Believe me; I had no idea that setting > up a reverse > proxy in ISA was this difficult. > > -----Original Message----- > From: Steve Moffat [mailto:steve@xxxxxxxxxx] > Sent: Monday, December 05, 2005 12:56 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Which "Network Template" to apply? > > http://www.ISAserver.org > > Geez... > > forward port 80 from the BSD FW to the ISA, publish your website using > the web publishing wizard. > > From the external nic (10.) to the published website, which > can be an IP > address or an fqdn if you have it in your dns and isa has an > allow rule > for dns, or by hosts file. > > S > > Looks like a lot of reading is required beforehand first of almmend > buying Tom's books on ISA. > > ________________________________ > > From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx] > Sent: Monday, December 05, 2005 4:43 PM > To: ISA Mailing List > Subject: [isalist] RE: Which "Network Template" to apply? > > > http://www.ISAserver.org > > > Thanks Tom. > > > > Your paper on "Playing well with others" all but describes what I'm > trying to do in the section titled "The ISA Firewall in a PIX DMZ > Configuration". What I am so utterly unclear on is how to > implement it. > Like I mentioned earlier, I have two interfaces. One on the 10. range > which is in my BSD's DMZ and one in the 192. range that's in > my internal > network. > > > > When I view my Networks, what should I have under the "Internal > Networks"? I would assume just my 192.168 range? That's not even > getting into successfully publishing my internal web server. > > > > ________________________________ > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Monday, December 05, 2005 11:21 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Which "Network Template" to apply? > > > > http://www.ISAserver.org > > Hi Marty, > > > > Edge firewall is what I would use. Then search the ISAserver.org site > for PIX for deployment scenario info. > > > > HTH, > > Tom > > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > > ________________________________ > > From: Marty Nelson [mailto:MNelson@xxxxxxxxxxxx] > Sent: Monday, December 05, 2005 1:17 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Which "Network Template" to apply? > > http://www.ISAserver.org > > Hi Tom; > > > > I only have two NIC's installed, so I take it that I'm using the > wrong template, and have switched it back to the default, which was > "Edge Firewall". Which is the best to use if I'm trying to reverse > proxy an internal server? > > > > Here's how my server's currently setup: > > > > NIC1: 10.100.2.15 (in DMZ, although still behind main OpenBSD > firewall) > > NIC2: 192.168.2.29 (in company's internal network, behind > OpenBSD firewall) > > > > Thanks, > > > > Marty > > > > ________________________________ > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Monday, December 05, 2005 10:59 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Which "Network Template" to apply? > > > > http://www.ISAserver.org > > Hi Marty, > > > > For reverse proxy, I'd only do two NICs. What's the third NIC > for? > > > > tom > > > > Thomas W Shinder, M.D. > Site: www.isaserver.org <http://www.isaserver.org/> > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > > ________________________________ > > From: Marty Nelson > [mailto:MNelson@xxxxxxxxxxxx] > Sent: Monday, December 05, 2005 12:41 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Which "Network Template" to apply? > > http://www.ISAserver.org > > Good Monday all. I'm wondering which template should I > be using in the following configuration? Currently it's > setup using the > "3-Leg Perimeter" template. > > > > My ISA server is in my DMZ, behind my company's main > OpenBSD firewall. Ideally it will be used strictly as a reverse proxy > (if I can ever get it to work! Feel free to see my other > thread on that > bugger). > > > > Thanks, > > > > Marty > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other > sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org > Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: mnelson@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > mnelson@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > isalist@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > mnelson@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > isalist@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > mnelson@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > isalist@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > mnelson@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > isalist@xxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >