Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic
From: Jeri Morris (jerimorris2000_at_yahoo.com)
Date: 08/06/03
- Next message: chuck richards: "RPC MS03-026 and Windows 2000 SP2"
- Previous message: Paul: "Local Admin"
- In reply to: Steven L Umbach: "Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic"
- Next in thread: Steven L Umbach: "Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic"
- Reply: Steven L Umbach: "Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Aug 2003 10:07:06 -0700
Just tried that, and my Win2K box still isn't able to
initiate outbound traffic.
I disabled the All Inbound rule temporarily, and *was*
able to initiate outbound traffic, so even though that
rule is specific to inbound traffic, it seems to be what's
causing the problem. It's set up as follows:
Source address: Any IP Address
Destination address: My IP Address
Mirrored: No (changing to Yes doesn't make a difference)
Protocol type: Any
I added the following filters to my All Outbound rule to
no avail:
Filter Action: Permit
Source: My IP address
Destination: Any IP address
Mirrored: Yes
Protocol Type: TCP / Source port: Any / Destination port:
80
Protocol Type: TCP / Source port: Any / Destination port:
53
Protocol Type: TCP / Source port: Any / Destination port:
7 (ping)
Protocol Type: TCP / Source port: Any / Destination port:
Any
Protocol Type: Any
This should more than allow any outbound traffic, but I
still can't get from my Win2K box to the outside world
through HTTP or even Ping.
I can't help but think that it's something stupid. Any
suggestions for things (even stupid things) to look for?
Jeri Morris jerimorris2000@yahoo.com
>-----Original Message-----
>Hi Jeri. At first glance it looks like the all outbound
rule would permit that,
>but apparently the block all inbound is countering it for
the return connection
>ports. I would try to add specific rules for the outbound
ports you want and
>mirror them. For instance: source address - my address,
destination address -
>any [or specific list], source port - any, destination
port - 80, protocol -
>tcp. You may also need to add dns port 53 outbound for
internet access,
>depending on your dns setup. -- Steve
>
>
>"Jeri Morris" <jerimorris2000@yahoo.com> wrote in message
>news:008701c35b68$9aeac770$a301280a@phx.gbl...
>> I have a Windows 2000 server that's used only as a
web/ftp
>> server, and is otherwise accessible only through
Terminal
>> Services. It's not used as a file or print server.
>>
>> I have IPsec set up as follows:
>>
>> Permit:
>>
>> (All of the following are mirrored, matching packets
with
>> the exact opposite source and destination addresses.)
>> - HTTP (TCP and UDP port 80)
>> - Terminal Services (TCP port 3389 and RDP)
>> - FTP (TCP ports 20 and 21)
>>
>> Permit:
>>
>> - All outbound traffic (also mirrored)
>>
>> Block:
>>
>> - All inbound traffic (not mirrored)
>>
>> This allows the server to handle all incoming HTTP and
FTP
>> traffic and blocks all other inbound traffic. However,
>> unfortunately, it also blocks outbound HTTP and FTP
>> requests. I can't use a browser (e.g., for Windows
Update)
>> or FTP to get from my server to anything else.
>>
>> Any suggestions on what I need to do to enable outbound
>> HTTP and FTP?
>>
>> Thanks very much.
>>
>> Jeri Morris jerimorris2000@yahoo.com
>
>
>.
>
- Next message: chuck richards: "RPC MS03-026 and Windows 2000 SP2"
- Previous message: Paul: "Local Admin"
- In reply to: Steven L Umbach: "Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic"
- Next in thread: Steven L Umbach: "Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic"
- Reply: Steven L Umbach: "Re: Win2K, IPsec, and allowing outbound HTTP/FTP traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
