AW: Firewall problem

From: Holger Reichert (holger.reichert@holysword.de)
Date: 07/31/02


From: "Holger Reichert" <holger.reichert@holysword.de>
To: <security-basics@securityfocus.com>
Date: Wed, 31 Jul 2002 10:24:48 +0200

Hello Chris,

I myself cannot answere you your question yet, but there is plenty of
information on
www.isaserver.org
It's an independent page dedicated to help administrators of an ISA-Server.
They also have a mailing list, which is very helpfull.

Best regards

Holger Reichert
Holysword GbR
www.holysword.de

-----Ursprungliche Nachricht-----
Von: Vasiliy Boulytchev [mailto:linux@boulytcheva.com]
Gesendet: Montag, 29. Juli 2002 22:05
An: Ash
Cc: securitybasics
Betreff: Re: Firewall problem

Well,
    Forget Microsoft's suggestions about staying secure. Scratch the costs
of MS ISA server, or whatever they call that junk these days, and install
Mandrake, Suse, Red Hat :( , anything but winblows. I know FreeBSD/OpenBSD
blows tux out of the water, but you should start at something simpler.
Regards,
Vasiliy Boulytchev
Colorado Information Technologies Inc.
----- Original Message -----
From: "Ash" <ashcrow@phreaker.net>
To: "Chris Berry" <compjma@hotmail.com>
Cc: <security-basics@securityfocus.com>
Sent: Tuesday, July 23, 2002 8:32 PM
Subject: Re: Firewall problem

> More information would be great. A short sollution would be to use
> OpenBSD pf. It not only has a good amount of documentation but is also
> on of the most veritile firewall solutions arround.
>
> Please give some more information on the configuration (like the rules
> implemented).
>
> Thanks,
> Ash
>
> ---
> Darkfire Secure Linux -- http://www.gnulinux.net
>
> On Tue, 2002-07-23 at 12:11, Chris Berry wrote:
> >
> >
> > We're using MS ISA server as our firewall. In accordance with their
> > best practices recommendation I've put it on a dual-homed machine and
set
> > up only the external interface with a default gateway. Our internet
> > connection is working well, and as far as I can tell reasonably secure.
> > However we can't connect telnet traffic, nor can I ping internet sites,
> > even though I have rules configured that should allow this.
> > Previously all of this worked but people without a proxy client
could
> > still connect to the internet which we didn't want. I might be able to
> > reconfigure the routing tables to allow that kind of traffic but I'm not
> > sure thats the right solution. My terminal emulator program doesn't
> > natively support proxies. We're on a very limited budget so any
solution
> > I find probably has to be free. Does anyone have any suggestions or do
> > you need more information?
>
>
>
>