AW: Firewall problem

From: Holger Reichert (holger.reichert@holysword.de)
Date: 07/31/02


From: "Holger Reichert" <holger.reichert@holysword.de>
To: <security-basics@securityfocus.com>
Date: Wed, 31 Jul 2002 10:24:48 +0200

Hello Chris,

I myself cannot answere you your question yet, but there is plenty of
information on
www.isaserver.org
It's an independent page dedicated to help administrators of an ISA-Server.
They also have a mailing list, which is very helpfull.

Best regards

Holger Reichert
Holysword GbR
www.holysword.de

-----Ursprungliche Nachricht-----
Von: Vasiliy Boulytchev [mailto:linux@boulytcheva.com]
Gesendet: Montag, 29. Juli 2002 22:05
An: Ash
Cc: securitybasics
Betreff: Re: Firewall problem

Well,
    Forget Microsoft's suggestions about staying secure. Scratch the costs
of MS ISA server, or whatever they call that junk these days, and install
Mandrake, Suse, Red Hat :( , anything but winblows. I know FreeBSD/OpenBSD
blows tux out of the water, but you should start at something simpler.
Regards,
Vasiliy Boulytchev
Colorado Information Technologies Inc.
----- Original Message -----
From: "Ash" <ashcrow@phreaker.net>
To: "Chris Berry" <compjma@hotmail.com>
Cc: <security-basics@securityfocus.com>
Sent: Tuesday, July 23, 2002 8:32 PM
Subject: Re: Firewall problem

> More information would be great. A short sollution would be to use
> OpenBSD pf. It not only has a good amount of documentation but is also
> on of the most veritile firewall solutions arround.
>
> Please give some more information on the configuration (like the rules
> implemented).
>
> Thanks,
> Ash
>
> ---
> Darkfire Secure Linux -- http://www.gnulinux.net
>
> On Tue, 2002-07-23 at 12:11, Chris Berry wrote:
> >
> >
> > We're using MS ISA server as our firewall. In accordance with their
> > best practices recommendation I've put it on a dual-homed machine and
set
> > up only the external interface with a default gateway. Our internet
> > connection is working well, and as far as I can tell reasonably secure.
> > However we can't connect telnet traffic, nor can I ping internet sites,
> > even though I have rules configured that should allow this.
> > Previously all of this worked but people without a proxy client
could
> > still connect to the internet which we didn't want. I might be able to
> > reconfigure the routing tables to allow that kind of traffic but I'm not
> > sure thats the right solution. My terminal emulator program doesn't
> > natively support proxies. We're on a very limited budget so any
solution
> > I find probably has to be free. Does anyone have any suggestions or do
> > you need more information?
>
>
>
>



Relevant Pages

  • RE: Firewall problem
    ... your "secure" right out of the box. ... Subject: Firewall problem ... >> We're using MS ISA server as our firewall. ... >> However we can't connect telnet traffic, nor can I ping internet sites, ...
    (Security-Basics)
  • RE: Firewall problem
    ... I don't know what the severity of these holes are, ... Subject: Firewall problem ... mean your "secure" right out of the box. ... >> internet sites, even though I have rules configured that should ...
    (Security-Basics)
  • Re: Firewall problem
    ... Subject: Firewall problem ... > your "secure" right out of the box. ... >>> We're using MS ISA server as our firewall. ... >>> However we can't connect telnet traffic, nor can I ping internet ...
    (Security-Basics)
  • Re: SMS Inventory Tool for HP Proliant
    ... This does not seem to be a firewall problem as we do not require ... sync is failing but you are able to get to it manually via IE. (The sync job ... likely it failed to download HP Catalog from Internet. ... (Error code: 0x0000010a)" ...
    (microsoft.public.sms.tools)
  • Re: Cannot Access shared folders
    ... >connected directly to internet via ADSL modem and B connects to the internet ... On trying to access workgroup computers ... >I can ping A from B but I cannot ping B from A.Is there any step that I ... Asymmetrical ping is quite likely a firewall problem, ...
    (microsoft.public.windowsxp.network_web)