RE: Configure Hardware Firewall for SBS 2003

I have the same problem but need to clarify the following - when forwarding
ports through the hardware firewall / router, do you forward it to the ip
address of the external nic or internal nic? I've tried both but must still
be missing something.

"Edward Tian" wrote:

> Dear John:
> Thank you for posting here! Hello C_O, thank you for your useful suggestion!
>
> To narrow down this issue, please temporarily place a laptop directly
> connected to the external NIC of the SBS Server (Using a hub or switch,
> manually assign the IP address and default gateway), and then try accessing
> the RWW to see if it works.
>
> If the above test works fine, it reveals that the traffic is blocked by the
> hardware router. Please double check if the router is configured to forward
> the corresponding ports to the SBS box.
>
> If it doesn't work, we may need to gather the following information:
> 1. From a remote client, can you ping the public IP of the router? Can you
> also ping the FQDN (e.g. www.yourwebsite.com )?
>
> 2. Can you access RWW/OWA from an internal client?
>
> 3. Do you have ISA2000 installed?
>
> 4. Please send me the ICW log for analysis:
> The icwlog.txt file in the "C:\Program Files\Microsoft Windows Small
> Business Server\Support" folder.
>
> The icwdetails*.htm in the "C:\Program files\Microsoft Windows Small
> Business Server\Networking\ICW\" folder.
>
> 5. Could you tell me the detailed error information when configuring the
> ICW wizard?
>
> For your information:
> When a router is deployed at the SBS end, you must forward the port numbers
> to pass through the firewall:
> TCP 25 This port is used for incoming SMTP traffic. If you are using POP3
> connector, it's not necessary to open this port.
> TCP 80 HTTP web site
> TCP 110 This port is used for POP3 mail clients.
> TCP 443 SSL for OWA, RWW sites
> TCP 444 SSL for Companyweb
> TCP 4125 Remote Web Workplace
> TCP 3389 Terminal services
> TCP 1723 PPTP VPN connection
> GRE port (protocol number 47) This port is used for incoming PPTP VPN
> connection.
>
> I hope the above information helps. Please feel free to let me know if you
> have any questions or concerns.
> Have a nice day, John! :)
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | From: john@xxxxxxxxxxxxxxxx
> | Newsgroups: microsoft.public.windows.server.sbs
> | Subject: Configure Hardware Firewall for SBS 2003
> | Date: 15 Aug 2005 15:37:21 -0700
> | Organization: http://groups.google.com
> | Lines: 15
> | Message-ID: <1124145441.091472.273700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> | NNTP-Posting-Host: 67.43.130.51
> | Mime-Version: 1.0
> | Content-Type: text/plain; charset="iso-8859-1"
> | X-Trace: posting.google.com 1124145446 24910 127.0.0.1 (15 Aug 2005
> 22:37:26 GMT)
> | X-Complaints-To: groups-abuse@xxxxxxxxxx
> | NNTP-Posting-Date: Mon, 15 Aug 2005 22:37:26 +0000 (UTC)
> | User-Agent: G2/0.2
> | Complaints-To: groups-abuse@xxxxxxxxxx
> | Injection-Info: g44g2000cwa.googlegroups.com; posting-host=67.43.130.51;
> | posting-account=WWgs4wwAAACrGJT1nJ-lwv0sQJZ6yQ58
> | Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
> ne.de!news.glorb.com!postnews.google.com!g44g2000cwa.googlegroups.com!not-fo
> r-mail
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:144616
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | I recently changed ISPs and was given a new Gnet modem/router from the
> | new service provider but it does not support UPnP. So I created NAT
> | rules for ports 25, 443 and 4125 then ran the ICW (which of course
> | generates an error when trying to configure the firewall) but seems to
> | configure everything else. Email is received from my ISP on port 25 ok
> | and Outlook works using RPC via HTTP but I can't browse to OWA or RWW
> | on a remote computer (page cannot be displayed). All was working fine
> | when I was using the UPnP router so I suspect my NAT entries are
> | incorrect.
> |
> | Can anyone provide me with the specific NAT/Firewall setting for SBS
> | 2003 Standard?
> |
> | Thanks.
> |
> |
>
>
.

Relevant Pages

  • Re: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls
    ... I have a 5 machine LAN here at home and I have Astaro Security Linux ... >>I agree with Microsoft's recommendation for a hardware firewall on all ... Then the user finds about port forwarding, and as soon as the user has ... > at the router and cannot get to the computers in the local network. ...
    (Full-Disclosure)
  • Re: [Full-Disclosure] Microsoft urging users to buy Harware Firewalls
    ... > I agree with Microsoft's recommendation for a hardware firewall on all ... Besides protecting against the MSBlaster worm, a hardware ... Then the user finds about port forwarding, and as soon as the user has ... at the router and cannot get to the computers in the local network. ...
    (Full-Disclosure)
  • Re: How to Access Any Computer in a LAN by Remote Desktop
    ... >Finding the local port on client ... >is tcp) ... >It's usually telnet'ing to your router and use ... >remote desktop 123.123.123.123:3494 and you will ...
    (microsoft.public.windows.terminal_services)
  • Re: Mldonkey too old? LowID?
    ... I'm not sure why my router sometimes assigns a different local IP. ... TCP port 4662 is unavailable. ... Make sure your firewall or router is allowing/forwarding this TCP service port and your ED2K client is running ... However, despite mldonkey being up and running, and I have double checked to make sure that the ports mldonkey is using are the same ones I've mapped, it's not connecting. ...
    (Ubuntu)
  • Re: azureus port forwarding problem -- resolved
    ... iptables to open TCP ports 6881-6999 and a single UDP port in that range ... -- I've chosen UDP port 6973. ... Here's how I've set up port forwarding on the DSL modem and the router: ...
    (Fedora)
Loading