Re: Firewall problem

From: Vasiliy Boulytchev (linux@boulytcheva.com)
Date: 07/29/02 

From: "Vasiliy Boulytchev" <linux@boulytcheva.com>
To: "Ash" <ashcrow@phreaker.net>
Date: Mon, 29 Jul 2002 14:04:35 -0600

Well,
    Forget Microsoft's suggestions about staying secure. Scratch the costs
of MS ISA server, or whatever they call that junk these days, and install
Mandrake, Suse, Red Hat :( , anything but winblows. I know FreeBSD/OpenBSD
blows tux out of the water, but you should start at something simpler.
Regards,
Vasiliy Boulytchev
Colorado Information Technologies Inc.
----- Original Message -----
From: "Ash" <ashcrow@phreaker.net>
To: "Chris Berry" <compjma@hotmail.com>
Cc: <security-basics@securityfocus.com>
Sent: Tuesday, July 23, 2002 8:32 PM
Subject: Re: Firewall problem

> More information would be great. A short sollution would be to use
> OpenBSD pf. It not only has a good amount of documentation but is also
> on of the most veritile firewall solutions arround.
>
> Please give some more information on the configuration (like the rules
> implemented).
>
> Thanks,
> Ash
>
> ---
> Darkfire Secure Linux -- http://www.gnulinux.net
>
> On Tue, 2002-07-23 at 12:11, Chris Berry wrote:
> >
> >
> > We're using MS ISA server as our firewall. In accordance with their
> > best practices recommendation I've put it on a dual-homed machine and
set
> > up only the external interface with a default gateway. Our internet
> > connection is working well, and as far as I can tell reasonably secure.
> > However we can't connect telnet traffic, nor can I ping internet sites,
> > even though I have rules configured that should allow this.
> > Previously all of this worked but people without a proxy client
could
> > still connect to the internet which we didn't want. I might be able to
> > reconfigure the routing tables to allow that kind of traffic but I'm not
> > sure thats the right solution. My terminal emulator program doesn't
> > natively support proxies. We're on a very limited budget so any
solution
> > I find probably has to be free. Does anyone have any suggestions or do
> > you need more information?
>
>
>
>

Relevant Pages

  • ISA Spoofing Issue Using Second Firewall with One to One NAT
    ... Two tier firewall implementation segmenting the Internet, ... ISA Server configured with packet filters ... facing firewall's one to one NAT are seen as a spoof by ISA. ...
    (NT-Bugtraq)
  • RE: [fw-wiz] Strange setup
    ... I have done similar designs with a Cisco PIX and ISA server. ... configure the firewall to only a allow traffic on ports 80 and 443 from ... the ISA server is on the internal network and a static NAT ... > Internet hosts). ...
    (Firewall-Wizards)
  • error downloading http://java.sun.com/webapps/download/GetFile/1.4.2-b28/windows-i586/Java 2 Runtime
    ... We are using an ISA server in cache mode to connect to internet. ... there is a viruswall and a firewall. ... the web-application for the first time, the Java Installer is launched. ...
    (microsoft.public.isa)
  • Please Help - critical issue
    ... Ensure that the Web Proxy clients can resolve the ISA ... Also ensure that the ISA Server can ... CP Firewall are on the same internal network, ... to your Internet access device, ...
    (microsoft.public.isa)
  • AW: Firewall problem
    ... Betreff: Re: Firewall problem ... Forget Microsoft's suggestions about staying secure. ... >> We're using MS ISA server as our firewall. ... >> However we can't connect telnet traffic, nor can I ping internet sites, ...
    (Security-Basics)