AW: Firewall problem

From: Holger Reichert (
Date: 07/31/02

From: "Holger Reichert" <>
To: <>
Date: Wed, 31 Jul 2002 10:24:48 +0200

Hello Chris,

I myself cannot answere you your question yet, but there is plenty of
information on
It's an independent page dedicated to help administrators of an ISA-Server.
They also have a mailing list, which is very helpfull.

Best regards

Holger Reichert
Holysword GbR

-----Ursprungliche Nachricht-----
Von: Vasiliy Boulytchev []
Gesendet: Montag, 29. Juli 2002 22:05
An: Ash
Cc: securitybasics
Betreff: Re: Firewall problem

    Forget Microsoft's suggestions about staying secure. Scratch the costs
of MS ISA server, or whatever they call that junk these days, and install
Mandrake, Suse, Red Hat :( , anything but winblows. I know FreeBSD/OpenBSD
blows tux out of the water, but you should start at something simpler.
Vasiliy Boulytchev
Colorado Information Technologies Inc.
----- Original Message -----
From: "Ash" <>
To: "Chris Berry" <>
Cc: <>
Sent: Tuesday, July 23, 2002 8:32 PM
Subject: Re: Firewall problem

> More information would be great. A short sollution would be to use
> OpenBSD pf. It not only has a good amount of documentation but is also
> on of the most veritile firewall solutions arround.
> Please give some more information on the configuration (like the rules
> implemented).
> Thanks,
> Ash
> ---
> Darkfire Secure Linux --
> On Tue, 2002-07-23 at 12:11, Chris Berry wrote:
> >
> >
> > We're using MS ISA server as our firewall. In accordance with their
> > best practices recommendation I've put it on a dual-homed machine and
> > up only the external interface with a default gateway. Our internet
> > connection is working well, and as far as I can tell reasonably secure.
> > However we can't connect telnet traffic, nor can I ping internet sites,
> > even though I have rules configured that should allow this.
> > Previously all of this worked but people without a proxy client
> > still connect to the internet which we didn't want. I might be able to
> > reconfigure the routing tables to allow that kind of traffic but I'm not
> > sure thats the right solution. My terminal emulator program doesn't
> > natively support proxies. We're on a very limited budget so any
> > I find probably has to be free. Does anyone have any suggestions or do
> > you need more information?