Re: Is this a 3-Leg Perimeter scenario?
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Thu, 19 Jan 2006 10:38:56 GMT
Hi Richard,
Thanks for your update.
>From the network diagram, to access the FTP server from the LAN client, the
traffic will NOT be sent to the ISA. The client will know the static route
to send the traffic to the hardware. We can try the following:
1. Add static routes on all LAN client of SBS, you can do so from command
line.
route add 10.0.0.0 mask 255.255.255.0 192.168.16.9 1
2. Configure port forwarding on the hardware route. To do so, you can
consult the router vendor.
3. Please help me confirm why the SmoothWall Firewall and the FTP Server
have the same IP 10.0.0.11. Do you mean the FTP server is hosted on the
Linux Firewall?
I am appreciated your time and look forward to hearing from you.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Richard Cass" <richardcass_AT_NO_SPAM_micronav.co.uk>
| References: <#P$KSM3GGHA.1760@xxxxxxxxxxxxxxxxxxxx>
<yedezm$GGHA.3764@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: Is this a 3-Leg Perimeter scenario?
| Date: Wed, 18 Jan 2006 15:59:26 -0000
| | Newsgroups: microsoft.public.windows.server.sbs
||
| Crina,
|
| Many thanks for your reply.
|
| 1. I have e-mailed you with a drawing (Visio) as requested.
| 2. Upon reading my post, I think I may have mislead you. To access the
FTP
| Server, you use the 10.0.0.11 from within the SBS environment and the
| SmoothWall firewall allows traffic through via the Orange NIC. So I would
| type http://10.0.0.11/ftp/ and that takes me to a Linux web page that
allows
| me to set up users, download files etc. I can access the same FTP Server
| also by the Public Domain IP address, but it still goes via the
SmoothWall
| firewall (via Red to Orange NICs).
| 3. E-mailed as requested.
| 4. E-mailed as requested
|
| Many thanks
| Richard
|
|
| ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:yedezm$GGHA.3764@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi Richard,
| >
| > Thank you for posting in SBS newsgroup.
| >
| > To narrow down the problem, would you please help me collect the
following
| > information?
| >
| > 1. The detailed network diagram. You can refer to the attached example:
| >
| > You can draw the diagram on Word and then send the file to me at
| > v-crinal@xxxxxxxxxxxxxx
| >
| > 2. You said "I can access the SmoothWall via the 192.168.16.9 address,
but
| > am unable to access the 10.0.0.11 address for either SmoothWall or FTP
| > Server", where are you accessing 10.0.0.11 from? LAN of SBS, internet or
| > FTP server itself?
| > 3. Please help me collect the route print on SBS.
| >
| > Input "route print > c:\route.txt" in Command Line
| >
| > and then send the route.txt to me.
| >
| > 4. Collect Ipconfig/all result form SBS, FTP and the client you are
| > accessing 10.0.0.11.
| >
| > I am appreciated your time to help me collecting the above information.
| >
| > I look forward to hearing from you.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
| > the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
| > doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > --------------------
| > | From: "Richard Cass" <richardcass_AT_NO_SPAM_micronav.co.uk>
| > | Subject: Is this a 3-Leg Perimeter scenario?
| > | Date: Tue, 17 Jan 2006 14:34:03 -0000
| > || Newsgroups: microsoft.public.windows.server.sbs
| > ||
| > | We have recently applied SBS 2003 SP1 and upgraded to ISA 2004.
| > | We have a Linux based firewall (SmoothWall) supporting a Linux based
FTP
| > server.
| > | Setup was like this:
| > | SBS2003 with 2 NICs: fixed IP for Internet Connection NIC. The
broadband
| > modem/router also has a fixed IP .
| > | FTP Server: HTTP: http://10.0.0.11 FTP: ftp://10.0.0.11/ of
| > ftp://fixed_IP_for_Internet_Connection_IP (same range as SBS IC NIC)
| > | SmoothWall firewall: 3 NICs - internal 192.168.16.9:81 (Green) (same
| > range as SBS internal); internal 10.0.0.11:81 (orange)
| > | The previous setup utilised the PersistentRoutes TCPIP registry
setting
| > to allow access to the 10.0.0.11 address, and this worked fine with ISA
| > 2000
| > | Upon upgrading to ISA 2004, it complained in the Event Log as follows:
| > | Event Type: Error
| > | Event Source: Microsoft Firewall
| > | Event Category: None
| > | Event ID: 14147
| > | Date: 30.12.2005
| > | Time: 15:20:45
| > | User: N/A
| > | Computer: <computername>
| > | Description:
| > | ISA Server detected routes through adapter Server Local Area
Connection
| > that do not correlate with the network element to which this adapter
| > belongs. For best practice, the address range of an ISA Server network
| > should match the address ranges routable through the associated network
| > adapter as defined in the routing table. Otherwise valid packets may be
| > dropped as spoofed. (This alert may occur momentarily when you create a
| > remote site network. You may safely ignore this message if it does not
| > reoccur.) The address ranges in conflict are: 10.0.1.0-10.255.255.255;.
| > | It also had the same error with the Internet Connection NIC in the
| > description.
| > | I have removed the PersistenRoutes entry, which was set as
| > 10.0.0.0,255.0.0.0, just leaving the data as 192.168.16.9,1 (this was
| > there
| > previously). I can access the SmoothWall via the 192.168.16.9 address,
but
| > am unable to access the 10.0.0.11 address for either SmoothWall or FTP
| > Server (as would be expected normally). The Event Log errors have
stopped.
| > | I do not particularly want to install a 3rd NIC to allow me access to
| > the
| > 10.0.0.11 address as the FTP Server has its own firewall and does not
need
| > to be behind ISA, but I would appreciate any workaround to allow me this
| > access.
| > | Thanks in advance,
| > | Richard
| > |
|
|
|
.
- References:
- RE: Is this a 3-Leg Perimeter scenario?
- From: "Crina Li"
- Re: Is this a 3-Leg Perimeter scenario?
- From: Richard Cass
- RE: Is this a 3-Leg Perimeter scenario?
- Prev by Date: Re: Setting up SBS 2003 and Windows Server 2003, same domain, 2 sites..
- Next by Date: RE: Windows Firewall Individual connection exceptions
- Previous by thread: Re: Is this a 3-Leg Perimeter scenario?
- Next by thread: Re: Is this a 3-Leg Perimeter scenario?
- Index(es):
Relevant Pages
|
|
