RE: Mapping problem



"Dmitry Demchuk" wrote:

> Hi everybody.
>
> I've got annoying issue with Routing and Remote access on one of my win2k3
> servers. I have added "Remote assess / VPN server" role, selected custom
> config and chosen only NAT/basic firewall component. Firewall set as "Basic
> firewall only" and inbound filters configured.
> Two servers out of three work fine. On the third one, firewall works for
> sure, but in "rrasmgmt.msc /s" IP routing -> Nat / Basic firewall -> right
> pane there is no mapping and packet translation statistics. Popup -> Show
> mappings shows nothing.
> Does anybody know how to help this? The information is really helpful
> sometimes.
>

This might not be related, but i've also seen times when the RRAS gui does
not update correctly. In my case static routes that appeared in "route print"
did not appear. I only found one way to correct problems with this gui, and
that was to use netsh to reset the routing/ip configuration.
before trying this i recommend you do "netsh routing ip dump >
some-safe-file.txt" - incase you want to put your config back
please make sure you understand the implications of doing this - to reset
this component the command is "netsh routing ip reset"



> Other firewall related questions I have:
> Is there any way to see statistics on dropped packets (source addresses /
> destination ports)?
seems i need to look at this in more depth - if you are using the "Basic
Firewall" (Part of ICS service) then you can capture this level of info. When
you enable RRAS you have to disable ICS, which turns off this logging. So far
I didn't manage to get the same functionality from any RRAS logs :-(

> What's the difference between TCP and TCP connected? Does Connected in terms
> of inbound filtering mean only connections that established from the server
> already?
you seem to have understood the distinction correctly; remember "the server
already" could include clients that the server is performing NAT for

> Is there any other software firewall solution suitable for public HTTP
> server with quite high traffic and users served? I tried few recommended
> like Outpost firewall, they usually die on my servers.
if we put the logging issue aside for the moment (see above) what
functionality don't you have from the RRAS firewall?

>
> Any help or hint is gratefully appreciated.
>
> Best regards,
> Dmitry
>
>
>
>
.

Relevant Pages

  • Re: Forcing RPC over HTTP instead of TCP
    ... They don't support it, but we're trying to eliminate some things. ... config is as follows on the same side of the firewall: ... Back-end Exchange Server ... On the hostile side of the firewall is our outlook client. ...
    (microsoft.public.exchange.admin)
  • Re: FreeBSD FTP problem
    ... Arcadius A. wrote to Ryan Thompson and FreeBSD Questions: ... >> Check your firewall config carefully, and make sure you have a good ... >> including the same timeout delays, you can ignore your firewall for the ... > But I'm not running any firewall on my server... ...
    (freebsd-questions)
  • Re: IIS on SBS 2003 behind COX Cable...
    ... I found a different place to configure it under Server ... Remote Access under IP routing. ... I could not find the firewall settings under ... > to the exceptions tab and add a new port. ...
    (microsoft.public.inetserver.iis)
  • Re: Internet Access from LAN
    ... OK I ran CEICW and enabled the firewall and now I can't get onto the internet ... If all you have is General and Static Routes under IP Routing, ... >> On the server in my Routing and Remote Access MMC, ...
    (microsoft.public.windows.server.sbs)
  • Re: PoPToP and... routing? - SOLVED!
    ... here are my working config files for poptop-1.1.4.b4 with a Windows ... I should probably state explicitly that having had a working PoPToP ... >> ping anything behind the firewall. ... >> Which leads me to suspect routing to be my cause of grief. ...
    (comp.unix.bsd.openbsd.misc)