Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Tom's Sample Network from his book
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Tom's Sample Network from his book - 5.Jul.2007 10:37:00 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
I have configued test lab as explained in Tom's book on VMWare server.
I have a DSL router (dynamic IP)---Linksys Router---Test Lab.
My question is how can I access FTP Server, Exchange Server and Webserver from internet? I already have a domain name registered. What IP do I use for MX Record, www record and ftp record?
I tried to use current IP address from my dsl router and it's not working. I also forwarded port 80 to external IP of ISA stil want work?
Any help please?
|
|
|
|
|
RE: Tom's Sample Network from his book - 9.Jul.2007 10:27:10 AM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
If you're using TZO, they automatically create an MX record for your domain, so you don't need to create MX records. Other DDNS services may do it differently, but you always get what you pay for :)
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Tom's Sample Network from his book - 9.Jul.2007 11:13:01 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Let's say I dont want to buy DDNs or TZO services, I will keep chaning my records when my IP address changes. (this is just for education purpose and it's temporary)
sample network(from your book) is in place fine, now how can I access webserver , ftp server and exchange server. I just want to access my sample network from outside world. what I have to change and where.
|
|
|
|
|
RE: Tom's Sample Network from his book - 14.Jul.2007 3:18:33 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Best way is to use DDNS. I've been using TZO for a long time and highly recommend it. Don't try to do your learning on the cheap -- DDNS is a lot more cost effective than registering a domain and getting dedicated addresses.
However, for just a lab environment -- we typically use a host file entry on the test client.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Tom's Sample Network from his book - 13.Mar.2008 10:53:48 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
quote:
I have configued test lab as explained in Tom's book on VMWare server.
I have a DSL router (dynamic IP)---Linksys Router---Test Lab.
My question is how can I access FTP Server, Exchange Server and Webserver from internet? I already have a domain name registered. What IP do I use for MX Record, www record and ftp record?
I tried to use current IP address from my dsl router and it's not working. I also forwarded port 80 to external IP of ISA stil want work?
Any help please?
Hi Tom,
I finally got DynDNS configured. Now question is on Linksys router what IP address do I forward port 80 so that it goes to web server on DMZ. I have configured 192.168.1.2 on ISA Server Ext NIC.
172.16.1.2 on my web server.
please help me figure this out.
|
|
|
|
|
RE: Tom's Sample Network from his book - 17.Mar.2008 10:07:56 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Thats exactly what I did.. On my Linksys router I forwarded port 80 and 21 to 192.168.1.2 (Ext NIC Address on ISA). but it is not working.
I did a port scan on my ISA server and for some reason port 21 is open and 80 is not.
Does port 80 and 21 needs to be open on ISA?
when I try to make connection from Ext to Web Server in DMZ logs say it's trying to make connection from ext to local host (why it does not see it as DMZ)?
|
|
|
|
|
RE: Tom's Sample Network from his book - 20.Mar.2008 12:21:27 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Linksys Router.
IP:192.168.1.1
Forwarding Port 80 HTTP to 192.168.1.2 (ISA Ext NIC)
Server configuration:
ISA Server:
Custom:VMNet2
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #2
Physical Address. . . . . . . . . : 00-0C-29-CB-73-CB
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.0.0.2
Ethernet adapter DMZ:
Custom:VMNet4
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #2
Physical Address. . . . . . . . . : 00-0C-29-CB-73-DF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.0.0.2
Ethernet adapter Ext:
Custom:VMNet(0) Default Bridged
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-CB-73-D5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled
Domain controller:
Custom:VMNet2
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-0C-29-0F-92-86
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.2
WEB Server
Custom:VMNet4
Description . . . . . . . . . . . : AMD PCNET Family PCI Ethernet Adapter
Physical Address. . . . . . . . . : 00-0C-29-4C-9D-8C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.16.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.2
with the above configuration I can access website from Internal network. (url: http://172.16.0.2)
I cannot access from external network.
URL: www.bhavin.us
Log:
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Defaul Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host
I also trying creating access rule to allow HTTP from Ext to Localhost but this is what I got in log
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Defaul Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host HTTP Method Get URL HTTP://192.168.1.2/bhavin
Why is it trying to go local host for destination network? it should be DMZ.
|
|
|
|
|
RE: Tom's Sample Network from his book - 20.Mar.2008 2:15:39 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
OK, the basic setup looks good.
Did you create a Network Rule connecting the DMZ ISA Firewall Network to the Default External Network?
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Tom's Sample Network from his book - 20.Mar.2008 6:35:59 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Yes I have the below network rule.
DMZ and Internal to External network with NAT Relationship
|
|
|
|
|
RE: Tom's Sample Network from his book - 25.Mar.2008 8:19:53 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Hi Tom,
Am I missing anything else?
|
|
|
|
|
RE: Tom's Sample Network from his book - 1.Apr.2008 11:26:44 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
OK, if there is a network rule connecting the DMZ to External, then you need an access rule that allows connections from DMZ to External.
If that fails, check the log files in real time and see what rule denies the connection.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Tom's Sample Network from his book - 3.Apr.2008 1:14:42 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
I have the below network rule:
Int <> Ext NAT,
DMZ <> Ext NAT
DMZ<> INT Route.
Access Rule:
Allow HTTP from DMZ : Int : to Ext
Error:
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Default Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host
I also trying creating access rule to allow HTTP from Ext to Localhost but this is what I got in log
Why it is trying to connect to localost instead of DMZ?
I tried to define access rule Allow HTTP from Ext <> Local host and now this is the error I get.
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Defaul Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host HTTP Method Get URL HTTP://192.168.1.2/pagerror.gif
it is trying to connect to 192.168.1.2 (which is ISA server IP address of ext NIC card.)
|
|
|
|
|
RE: Tom's Sample Network from his book - 4.Apr.2008 9:36:40 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
quote:
I have the below network rule:
Int <> Ext NAT,
DMZ <> Ext NAT
DMZ<> INT Route.
Access Rule:
Allow HTTP from DMZ : Int : to Ext
Error:
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Default Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host
I also trying creating access rule to allow HTTP from Ext to Localhost but this is what I got in log
Why it is trying to connect to localost instead of DMZ?
I tried to define access rule Allow HTTP from Ext <> Local host and now this is the error I get.
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Defaul Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host HTTP Method Get URL HTTP://192.168.1.2/pagerror.gif
it is trying to connect to 192.168.1.2 (which is ISA server IP address of ext NIC card.)
Hi Tom,
I got the above logs when I tried to connect to published website on DMZ from internet.
How would I connections to the external network?
|
|
|
|
|
RE: Tom's Sample Network from his book - 9.Apr.2008 7:03:59 PM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Hi Tom,
Can you please help me fix the problem? I also tried to check the log entries while browsing internet from Internal network and everything looks fine there.
quote:
ORIGINAL: bhavin78
quote:
I have the below network rule:
Int <> Ext NAT,
DMZ <> Ext NAT
DMZ<> INT Route.
Access Rule:
Allow HTTP from DMZ : Int : to Ext
Error:
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Default Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host
I also trying creating access rule to allow HTTP from Ext to Localhost but this is what I got in log
Why it is trying to connect to localost instead of DMZ?
I tried to define access rule Allow HTTP from Ext <> Local host and now this is the error I get.
Destination IP 192.168.1.2 Destination Port 80 Protocol HTTP Action Denied Rule Defaul Rule Client IP 192.168.1.1 SourceNetwork : External Destination Network Local Host HTTP Method Get URL [link=HTTP://192.168.1.2/pagerror.gif]HTTP://192.168.1.2/pagerror.gif[/link]
it is trying to connect to 192.168.1.2 (which is ISA server IP address of ext NIC card.)
Hi Tom,
I got the above logs when I tried to connect to published website on DMZ from internet.
How would I connections to the external network?
|
|
|
|
|
RE: Tom's Sample Network from his book - 11.Apr.2008 10:14:27 AM
|
|
|
bhavin78
Posts: 429
Joined: 18.Jul.2005
From: USA
Status: offline
|
Yes testing from Ext to DMZ.
My goal is to access Web Server, FTP Server, Exchange server from Ext.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
