RE: Configure Hardware Firewall for SBS 2003
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Tue, 16 Aug 2005 03:36:53 GMT
Dear John:
Thank you for posting here! Hello C_O, thank you for your useful suggestion!
To narrow down this issue, please temporarily place a laptop directly
connected to the external NIC of the SBS Server (Using a hub or switch,
manually assign the IP address and default gateway), and then try accessing
the RWW to see if it works.
If the above test works fine, it reveals that the traffic is blocked by the
hardware router. Please double check if the router is configured to forward
the corresponding ports to the SBS box.
If it doesn't work, we may need to gather the following information:
1. From a remote client, can you ping the public IP of the router? Can you
also ping the FQDN (e.g. www.yourwebsite.com )?
2. Can you access RWW/OWA from an internal client?
3. Do you have ISA2000 installed?
4. Please send me the ICW log for analysis:
The icwlog.txt file in the "C:\Program Files\Microsoft Windows Small
Business Server\Support" folder.
The icwdetails*.htm in the "C:\Program files\Microsoft Windows Small
Business Server\Networking\ICW\" folder.
5. Could you tell me the detailed error information when configuring the
ICW wizard?
For your information:
When a router is deployed at the SBS end, you must forward the port numbers
to pass through the firewall:
TCP 25 This port is used for incoming SMTP traffic. If you are using POP3
connector, it's not necessary to open this port.
TCP 80 HTTP web site
TCP 110 This port is used for POP3 mail clients.
TCP 443 SSL for OWA, RWW sites
TCP 444 SSL for Companyweb
TCP 4125 Remote Web Workplace
TCP 3389 Terminal services
TCP 1723 PPTP VPN connection
GRE port (protocol number 47) This port is used for incoming PPTP VPN
connection.
I hope the above information helps. Please feel free to let me know if you
have any questions or concerns.
Have a nice day, John! :)
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: john@xxxxxxxxxxxxxxxx
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Configure Hardware Firewall for SBS 2003
| Date: 15 Aug 2005 15:37:21 -0700
| Organization: http://groups.google.com
| Lines: 15
| Message-ID: <1124145441.091472.273700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 67.43.130.51
| Mime-Version: 1.0
| Content-Type: text/plain; charset="iso-8859-1"
| X-Trace: posting.google.com 1124145446 24910 127.0.0.1 (15 Aug 2005
22:37:26 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Mon, 15 Aug 2005 22:37:26 +0000 (UTC)
| User-Agent: G2/0.2
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: g44g2000cwa.googlegroups.com; posting-host=67.43.130.51;
| posting-account=WWgs4wwAAACrGJT1nJ-lwv0sQJZ6yQ58
| Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!news.glorb.com!postnews.google.com!g44g2000cwa.googlegroups.com!not-fo
r-mail
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144616
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| I recently changed ISPs and was given a new Gnet modem/router from the
| new service provider but it does not support UPnP. So I created NAT
| rules for ports 25, 443 and 4125 then ran the ICW (which of course
| generates an error when trying to configure the firewall) but seems to
| configure everything else. Email is received from my ISP on port 25 ok
| and Outlook works using RPC via HTTP but I can't browse to OWA or RWW
| on a remote computer (page cannot be displayed). All was working fine
| when I was using the UPnP router so I suspect my NAT entries are
| incorrect.
|
| Can anyone provide me with the specific NAT/Firewall setting for SBS
| 2003 Standard?
|
| Thanks.
|
|
.
- Follow-Ups:
- RE: Configure Hardware Firewall for SBS 2003
- From: Harcasnz
- RE: Configure Hardware Firewall for SBS 2003
- References:
- Configure Hardware Firewall for SBS 2003
- From: john
- Configure Hardware Firewall for SBS 2003
- Prev by Date: Re: Can sharing be switched back?
- Next by Date: RE: EventViewer-SecurityLog
- Previous by thread: Re: Configure Hardware Firewall for SBS 2003
- Next by thread: RE: Configure Hardware Firewall for SBS 2003
- Index(es):
Relevant Pages
|
