Re: companyweb cannot route over internet

Tech-Archive recommends: Fix windows errors by optimizing your registry

Oops. Answered my own question. I got it work without the software firewall.
I guess it couldn't hurt to add another card and have a software firewall,
too.If I did that I'd be twice as safe! Actually, I'd like to have a
firewall between the server and my inside users. Really, there is no reason
they should have all ports open to the server when they only need 3 or 4.

-Bob

"you know who maybe" <kilbyfan@xxxxxxxxxxxxxxxx> wrote in message
news:11n1r9ip8ov9jd8@xxxxxxxxxxxxxxxxxxxxx
> Hello Jenny,
>
> I had a problem at Step 3. I'm using a Cisco PIX hardware firewall so I'm
> not using two network cards, and hence no software firewall. Is this
> going to be a problem? This is how we do our corporate servers at the
> office, and so I'm doing a similar network setup for my home business with
> SBS.
>
> Thanks,
> -Bob
>
>
> ""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:RWwyavC5FHA.3936@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi,
>>
>> Thanks for posting here! Also thanks for Javier's input.
>>
>> The Companyweb site by default can be access from LAN. If we want to
>> access
>> it from internet, we need publish Sharepoint service to internet and open
>> related ports on the software firewall and the hardware firewall/router
>> to
>> allow the traffic. All we need to do is that rerun CEICW wizard.
>>
>> You can refer to the following steps:
>>
>> 1. Expand Standard Management | To Do List.
>> 2. Click Connect to the Internet in the right pane.
>> 3. Navigate the wizard to Firewall and then select Enable firewall. In
>> the
>> next page, please check items you want to publish to internet service to
>> internet are checked in services configuration page.
>> 4. Click Next and then select Allow access to the following web site
>> services from the internet.
>> 5. Make sure "Windows Sharepoint Services intranet site" be selected and
>> click Next.
>> 6. Click Create a new Web services certificate (input your FQDN as the
>> web
>> server certificate) and then click Next.
>> 7. Following the wizard to finish it.
>>
>> I suggest you take a look at the KB 825763 to configure the network
>> connection:
>>
>> 825763 How to configure Internet access in Windows Small Business Server
>> 2003
>> http://support.microsoft.com/?id=825763
>>
>> If you have installed router or hardware firewall outside the SBS 2003
>> network, please ensure you open the inbound and outbound 444 port and 443
>> port redirection on the hardware router or firewall. Check the
>> manufacturer's documentation for details on how to open ports of the
>> device.
>>
>> After did that, on the internet computer, type URL:http://FQDN or
>> URL:https://public IP:443 in IE to access the Companyweb site. Could you
>> access it now?
>>
>> More information:
>>
>> Generally, we open the ports we needed to allow some specific traffic.
>> You
>> can refer to the following list:
>>
>> TCP port Definition
>> 25 Email (SMTP)
>> 80 required for HTTP
>> requests for your site
>> 443 required for HTTPS
>> requests using SSL, which secures communications from your server and a
>> Web
>> browser
>> 444 Companyweb
>> 4125 Remote Web Workplace
>> 1723 (plus GRE Protocol 47) VPN
>> 3389 Terminal Services
>> 21 FTP
>>
>> Hope above information helps! I am happy to be assistance of you and look
>> forward to your reply!
>>
>> Have a nice day!
>>
>> Sincerely,
>>
>> Jenny Wu
>> Microsoft CSS Online Newsgroup Support
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
>> corresponding
>> newsgroups so that they can be resolved in an efficient and timely
>> manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Javier Gomez [SBS MVP]" <javier_gomez@xxxxxxxxxxxxxxxxxxxxxxxx>
>>>References: <11mvlejgf9men23@xxxxxxxxxxxxxxxxxx>
>>>Subject: Re: companyweb cannot route over internet
>>>Date: Mon, 7 Nov 2005 17:58:46 -0500
>>>Lines: 21
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
>>>X-RFC2646: Format=Flowed; Response
>>>Message-ID: <OBoZQ7#4FHA.1032@xxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.sbs
>>>NNTP-Posting-Host: pcp01501145pcs.univde01.de.comcast.net 68.82.178.158
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:168425
>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>
>>>You have to use the FQDN instead (the one you used for the SSL cert), not
>>>companyweb. The URL should be:
>>>https://hostname.domain.com:444
>>>
>>>--
>>>Javier [SBS MVP]
>>>www.msmvps.com/javier
>>><< SBS ROCKS!!! >>
>>>
>>>"you know who maybe" <kilbyfan@xxxxxxxxxxxxxxxx> wrote in message
>>>news:11mvlejgf9men23@xxxxxxxxxxxxxxxxxxxxx
>>>>I just got everything installed and patched per the getting started
>> guide.
>>>>It seems to be working fine here on the LAN. But when I access it over
>> the
>>>>internet it doesn't work by the dot com domain name. Why is this thing
>>>>using a non-routable domain like "companyweb" and not a dot com, for
>>>>example?
>>>>
>>>> Many thanks
>>>>
>>>
>>>
>>>
>>
>
>


.

Relevant Pages

  • Re: Webserver, DMZ, ports questions
    ... Internet accesible services like SMTP have a seperate ... DMZ or a third interface in the firewall. ... As far as source / destination ports goes. ... from the internet to my web server, ...
    (Focus-Microsoft)
  • Re: statefull inspection FW and hackers
    ... Stateful inspection can be best understood with security zones/level. ... most of the firewall dont allow anything to come from low ... This would mean that if internal user accesses internet ... In turn that will give to the attacker a way to understand what ports ...
    (Security-Basics)
  • Re: FIREWALL- worth the effort ?
    ... I only use internet intermitently and "pull the plug out" ... Do you have a home Cable/DSL Router? ... forward any ports from the outside world to your Macthrough ... The other function of a firewall is to prevent out bound ...
    (comp.sys.mac.system)
  • Re: Adding Programs w/ActiveSync 3.7
    ... > would be granted access to the internet. ... my firewall typically advises me that software is ... Activesync uses certain ports to communicate with the Pocket PC. ... install the software... ...
    (microsoft.public.pocketpc.activesync)
  • Re: avast
    ... > Just did a clean installation of xp pro sp1 and download 'avast anti ... Did you firewall before connecting to the internet? ... Internet and patch with the critical updates? ... Why you should use a computer firewall.. ...
    (microsoft.public.windowsxp.general)