Welcome to ISAserver.org

Windows Xp Infront of ISA

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Windows Xp Infront of ISA

Page: [1]

Message

<< Older Topic Newer Topic >>

Windows Xp Infront of ISA - 21.Feb.2005 10:44:00 AM

Callam.Fletcher

Posts: 9
Joined: 20.Feb.2005
From: Edinburgh
Status: offline

Hello!

I know this might sound daft, but i just can't think of a different solution.

My flatmate needs to be able to access all sorts of ports and protocols for the various games and programs he has. Setting everything up in isa server 2004 would be a nightmare, especially since there is little information on how to configure his exact requirements. So i have been trying to set up a bypass of isa server for his machine. I didn't succeed. So here is what my next mission is going to be:

Put the adsl modem in his pc and have him enable Internet Connection Sharing through windows xp. Then place a physical wire between his computer's NIC and NIC(1) of the firewall server. Am i right in thinking this would act like an internet input? If so, i can proceed to configure my 'internal' (protected) network through NIC(2).

Flatmate would have standard internet with no protection, and anything on NIC(2)'s subnet would be fully protected. Is that how it would work?

A few more questions:

Would the wire going between his XP machine and my firewall server have to be crossover? Or could i pass it through a hub?

If i publish a web server within the firewall, would it function correctly through this setup?

Pleeeeeeeaase help! please, please, please! THANKYOU ! - Callam

Post #: 1

Featured Links*

RE: Windows Xp Infront of ISA - 21.Feb.2005 1:37:00 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi Cal,

Why not put a third NIC in the ISA firewall, then configure an all open access rule for hosts on the DMZ. Install the Firewall client on his computer so he had full protocol support and let 'er rip. Make sure that no access rules allow his computer access to your network, because it sounds like his machine has more spyware, scumware and worms on it than Texas law allows [Smile]

HTH,
Tom

(in reply to Callam.Fletcher)

Post #: 2

RE: Windows Xp Infront of ISA - 21.Feb.2005 6:07:00 PM

Callam.Fletcher

Posts: 9
Joined: 20.Feb.2005
From: Edinburgh
Status: offline

Thank you very much Tom for your response!

Ok, this is what i've done:

I've selected the "Perimiter" network template from the available predifined templates.

This is the state of my hardware on the ISA Server Firewall Computer:

1. Adsl Modem - External Network

2. NIC(1) - Internal Network (192.168.0.0 - 192.168.0.255)
IP: 192.168.0.1
MASK: 255.255.255.0
DG: 192.168.0.1

3. NIC(2) - Perimiter Network (10.0.0.0 - 10.0.0.255)
IP: 10.0.0.1
MASK: 255.0.0.0
DG: 10.0.0.1

I wasn't quite sure if by "All Open Access Rule", you meant a predifined rule from somewhere, or one that i should just create. So, well, i didn't look for a predifined one and created the following (within firewall policy):

ALLOW ALL AOUTBOUND TRAFFIC from EXTERNAL, PERIMITER to PERIMITER, EXTERNAL for ALL USERS

I then set up the firewall client on my flatmates pc and explicitly set his IP to 10.0.0.32 (my fingers slipped and i thought i'd leave it at 32).

I have a cable going from his computer to NIC(2) on the server. The cable isn't crossover, but it works anyway. I think this is because he has a "1394 Net Adapter". Anyhow, the connection was made.

I configured his firewall client to talk to 10.0.0.1 (NIC(2)), and dispite the fact that testing this connection has never returned a response (it allways just keeps on searching), it claims to be connected.

Having enabled the "web proxy" on the "perimiter" network and configured his browser settings, he can browse the web fine. Which suggests that the access rule i created is functioning. However, connecting to his game servers still doesn't work.

When "All Outbound Traffic" is selected, does that mean every single peice of traffic no matter what its shape or form, or does it just mean all protocols difined within isa server? Because my problem is that i dont know how to configure the user defined protocols for his games. I'm not sure what ports they use and if they're primary or secondary or send/recieve etc.

So what do you think the next step is? You don't realise how greatful i am for your help!

Thankyou so much! [Smile]

(in reply to Callam.Fletcher)

Post #: 3