Re: Still having firewall issues

Hi Aaron,

Thanks for your reply.

I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!

Thanks for your efforts and time on the issue and I will look forward to
your test result.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "BoboTWG" <aaron.nospam@xxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| References: <KD5of.42167$6e1.8794@xxxxxxxxxxxxxxxxxxxxxxxxxx>
<8o1GaafAGHA.1240@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Still having firewall issues
| Lines: 122
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <4EFof.42588$Zv5.14059@xxxxxxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 68.23.91.209
| X-Complaints-To: abuse@xxxxxxxxxxx
| X-Trace: newssvr25.news.prodigy.net 1134765696 ST000 68.23.91.209 (Fri,
16 Dec 2005 15:41:36 EST)
| NNTP-Posting-Date: Fri, 16 Dec 2005 15:41:36 EST
| Organization: SBC http://yahoo.sbc.com
| X-UserInfo1:
T[OWS\WEQJPQW^YS[@CBNWX@RJ_XPDLMN@GZ_GYO^JWTEPIB_NVUAH_[BL[\IRKIANGGJBFNJF_D
OLSCENSY^U@FRFUEXR@KFXYDBPWBCDQJA@X_DCBHXR[C@\EOKCJLED_SZ@RMWYXYWE_P@\\GOIW^
@SYFFSWHFIXMADO@^[ADPRPETLBJ]RDGENSKQQZN
| Date: Fri, 16 Dec 2005 20:41:36 GMT
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
ne.de!border2.nntp.dca.giganews.com!nntp.giganews.com!novia!newscon06.news.p
rodigy.com!prodigy.net!newsmst01b.news.prodigy.com!prodigy.com!postmaster.ne
ws.prodigy.com!newssvr25.news.prodigy.net.POSTED!1d9ddf9b!not-for-mail
| Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:230758
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Thanks Crina for the reply. I am going to reply to each line below right
| behind your questions so save confusion. Thanks again.
|
|
| ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:8o1GaafAGHA.1240@xxxxxxxxxxxxxxxxxxxxxxxx
| > 1. Do you only receive the spoof attack on internal NIC not external
NIC?
| I do not know. How would I find out. The Event Viewer does not specify
| which comtroller is receiving them.
|
| > 2. How many subnets are in your SBS internal network?
| One
|
| > 3. Does the warning affect the network traffic of your internal clients?
| Does not appear to.
|
| > 4. Please try to re-add the LAN address on the Internal network:
| I did that via ISA (is thatwhat you are referring to?).
|
| > 1) Open ISA console and then expand Configuration and click Networks. OK
| > 2) Double click Internal in the middle pane and then click Addresses
tab.
| OK
| > 3) High light the address and then click Remove. OK
| > 4) Click Add Adapter and then select Server Local Area Connection. OK
| > 5) Click OK twice. OK
| > 6) Try again to see if it helps. OK
| FYI, I have done this twice before. Has not helped with the spoof attack
| messages.
|
| > This behavior may also occur if both of the following conditions are
true:
| >
| > - The internal network adapter on the ISA Server computer points to a
| > default gateway address that is on the internal network.
| No default gateway difined.
|
| > - The network adapter on the server that has the published resource
points
| > to the same internal default gateway address as the ISA Server computer.
| >
| > To resolve this behavior, please perform the following steps:
| >
| > 1. Double check if you have removed the default gateway address on the
| > internal network adapter of the ISA Server computer. For ISA Server to
| > function correctly, the internal network adapter should not have a
default
| > gateway specified.
| >
| > 1) Click "Start", point to "Settings", and then click "Network and
Dial-up
| > Connections".
| > 2) Right-click the internal adapter, and then click "Properties".
| > 3) Click "Internet Protocol (TCP/IP)", and then click "Properties".
| > 4) Remove the default gateway address in the "Default gateway" box, and
| > then click "OK" two times.
| Never had a default gateway defined.
|
| > 2. If there are other internal networks that send and receive traffic
| > through the ISA Server computer, use the route add command with the -p
| > switch to add a persistent static route to each internal network. When
you
| > specify the gateway address, point to the internal router that permits
| > access to the other internal networks. Configure persistent static
routes
| > on the internal adapter of the ISA Server computer and on the server
that
| > has the published resource. For more information about how to use the
| route
| > command, type route /? at a command prompt.
| No other internal networks exist. THis is a very basic setup. Only 20
| computers.
|
| > 3. On the server that has the published resource, configure the default
| > gateway address to point to the internal address of the ISA Server
| computer.
| >
| > 1) Click "Start", point to "Settings", and then click "Network and
Dial-up
| > Connections".
| > 2) Right-click the internal adapter, and then click "Properties".
| > 3) Click "Internet Protocol (TCP/IP)", and then click "Properties".
| > 4) In the "Default gateway" box, type the internal address of the ISA
| > Server computer, and then click "OK" two times.
| I only have one server (SBS2003 Premium) that controls everything. Should
I
| do this? THis is what I was told to undo if it was setup this way.
|
| > 4. Please rerun the CEICW again to configure ISA as default settings.
| Will do it when the users are gone tonight.
|
| > Please refer to the following KB article:
| >
| > 825763 How to configure Internet access in Windows Small Business Server
| > 2003
| > http://support.microsoft.com/?id=825763
| >
| > For more info, please refer to:
| >
| > 888042 ISA Server 2004 does not support traffic redirection
| > http://support.microsoft.com/?id=888042
| >
| > 884496 Client computers cannot access external resources, and event ID
| 14147
| > http://support.microsoft.com/?id=884496
| >
| > 840681 Attempts to access published resources are logged as spoof
attacks
| > with
| > http://support.microsoft.com/?id=840681
| >
| > Besides, please check the following:
| >
| > 1. Check to see if a WINS server is listed on the WINS tab of TCP/IP
| > properties for existing External network adapters. If there is remove
it.
|
| THIS MIGHT BE IT. (Sorry for the shouting. Wanted to make sure you see
| this). There is an address in the WINS tab, on the external adaptor. It is
| pointing back to the SBS Server. Removed it.
|
| > 2. Please disable NetBIOS over TCP/IP on the External adapter from
| External
| > Connection Properties\TCP/IP properties\Advanced\Wins tab.
| Already set that way.
|
| > 3. Updated the NIC drivers.
| Done
|
| Thank you Crina. I will let you know if this resolves the problem.
|
| Aaron
|
|
|

.