Re: Who's blocking these ports? Please help...

From: Karl Levinson [x y] mvp (jamescagney90210@excite.com)
Date: 01/31/03 

From: "Karl Levinson [x y] mvp" <jamescagney90210@excite.com>
Date: Fri, 31 Jan 2003 08:55:08 -0500

Default settings for Windows 2000 does not block any ports. If you want to
check to see whether Windows 2000 IPSec is configured to block ports, see
here:

http://securityadmin.info/faq.htm#ipsec

Using a sniffer would possibly let you see if the packets are leaving the
server successfully... or check to see if there are proxy server logs
showing the packets leaving the server [hopefully there are logs]

http://securityadmin.info/faq.htm#sniffer

I have to wonder if the tech support is incorrect and their proxy server is
not routing this traffic correctly either outbound or maybe back inbound.
This to me is far more likely than thinking an ISP or router along the way
is blocking this.

"Ben Mannino" <bmannino@stny.rr.com> wrote in message
news:GHl_9.3456$iK4.1017@twister.nyroc.rr.com...
> Hi,
>
> Pulling my hair out for 2 days now...hope someone can help.
>
> Im running Win2000 Advanced Server w/IIS5 and 3 Windows XP
> clients running IE6. The entire setup is a hotel business center designed
> to
> allow pay-per-use web access to the guests.
>
> This feat is accomplished using two services running on the
> server - one is called Vicomsoft Internet Gateway (proxy server, IG for
> short)
> and the second is a custom built application designed to tell
> the IG which MAC addresses are allowed out. The
> IG basically takes over the TCP/IP routing and does this using
> two ports - the NAT port (10.10.10.61) and the Ethernet port
> (172.16.255.254).
> Each of these ports uses a NIC in the server. The 3COM for the NAT,
> and the Realtek for the LAN. The 3COM is connected to a router somehwere
> in the hotel. TCP/IP is unbound from this adapter as per the instructions
> from Vicomsoft (www.vicomsoft.com, if anyone is familiar with their
> products).
>
> The Realtek connects to a hub along with the 3 client PCs. The Realtek's
> TCP/IP settings are as follows:
> IP: 172.16.255.253
> Subnet: 255.255.0.0
> GW: 172.16.255.254
> DNS: 172.16.255.254
>
>
> Now on the surface, everything works fine. All the clients are assigned
IPs
> in the proper
> range (172.16.255.1 - 172.16.255.3) by the IG and when a client opens
their
> web browser
> they are able to open any web page without issue (the MAC address
> restriction was
> temporarily disabled for troubleshooting).
>
> The problem is, many guests checking their web-based email will enter a
port
> number at the end of their URL (ie, http://www.mymailserver.com:8383) and
> then after a few seconds, the browser comes up with a "Page cannot be
> displayed"
> error. Same on all the clients - none of them have any type of proxy
> setting in IE.
>
> If I take that same URL and enter it on the server's web browser, it comes
> up
> just fine. I figured somewhere, somehow, there's some kind of port
> filtering going
> on.
>
> I emulated their configuration here at home, but using Win2K Pro instead,
> and it
> works perfectly - I can enter any URL:port and it comes up fine, running
> through
> the IG. Therefore, I can only conclude that Win2K Adv Server has some
type
> of filtering enabled - but for the life of me I cannot find it.
>
> I spoke with Vicomsoft and they agree with me - their IG wont block those
> ports.
>
> I checked the Advanced TCP/IP properties for both NICs and neither has any
> filtering enabled. Someone suggested checking ISA and RRAS, and neither
is
> loaded or enabled. I tried looking at the security policies, but I can
make
> heads or
> tails of it.
>
> I've never used Wink2K Adv Server, but I do know that when they installed
> it,
> they accepted all the default settings. I have a feeling that buried
> somehwere deep
> under the hood of this OS is a checkmark that I can clear to make this
thing
> work.
>
> Please help save my sanity by suggesting a testing method, network
analyzer,
> web site or control panel I can check to see where these ports are getting
> stopped.
>
> Thanks very much in advance,
> Ben M.
>
> 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003

Relevant Pages

  • Re: Cannot connect to RWW from home PC
    ... That would be the address you need a DNS record for. ... You say "And in the router you need to forward to your external nic IP" ... Still can't telnet to any of your ports at your public ip address. ... Heres' the info for our server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Netopia 3347NWG with Remote Desktop and Remote Web Workplace
    ... Glad you're back in business Greg! ... Ports Closed ... Despite this, Remote Web Workplace DOES WORK now, and Connect to Server ... Exchange BPA updates), ...
    (microsoft.public.windows.server.sbs)
  • Solution -> Re: SSH tunnel question.
    ... change IPS and ports around but that is not a big deal. ... telnet/ftp/rsh open on a server including on the Internet facing ports! ... I will go from the corp desktop to a hop ... through the firewall to the hop ...
    (SSH)
  • Re: Exch2003 front-end questions
    ... all the supported protocol ports must be open on the inner ... communication between the front-end server and the back-end servers. ... lists the ports required for the intranet firewall. ...
    (microsoft.public.isa)
  • Re: Exch2003 front-end questions
    ... all the supported protocol ports must be open on the inner ... to inbound traffic (from the front-end server to the back-end servers). ...
    (microsoft.public.isa)