• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

External user going through my proxy?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> External user going through my proxy? Page: [1]
Login
Message << Older Topic   Newer Topic >>
External user going through my proxy? - 29.Dec.2008 12:36:49 PM   
oscrmyr77

 

Posts: 3
Joined: 29.Dec.2008
Status: offline
I have a external address going through my ISA server and having a hard time figuring out HOW??

When I look in the proxy log file I see that it is using the rule...Allow all HTTP traffic from ISA Server to all networks (for CRL downloads).

When I disable that rule it just picks up on another one.

Please help.
Thanks,
Nick

127.0.0.1 anonymous Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)  2008-12-29 17:32:27 ISASERVER - search.live.com 208.69.36.233 80 922 770 168067 http GET http://search.live.com/video/results.aspx?amp;q=&amp;amp;q=browse%3aTelevision%5cAll%5cTopCollections%5cArrestedDevelopment&amp;amp;ru=%2fvideo%2fresults.aspx%3famp%3bq%3d&amp;amp;docid=255523487865&amp;amp;FORM=TVVL10&amp;q=browse%3aMusic%5cAll%5cTopCollections%5cKingsofLeon&amp;ru=%2fvideo%2fresults.aspx%3famp%3bq%3d%26amp%3bq%3dbrowse%253aTelevision%255cAll%255cTopCollections%255cArrestedDevelopment%26amp%3bru%3d%252fvideo%252fresults.aspx%253famp%253bq%253d%26amp%3bdocid%3d255523487865%26amp%3bFORM%3dTVVL10&amp;docid=372828668222&amp;FORM=VIVL52 Inet 200 [System] Allow all HTTP traffic from ISA Server to all networks (for CRL downloads) Req ID: 163c9d31; Compression: client=No, server=No, compress rate=0% decompress rate=0% Local Host External 0xd80 Allowed -
Post #: 1
RE: External user going through my proxy? - 29.Dec.2008 2:34:23 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
This rule has been configured with Local Host to External Allow access. So, the log entry here shows 127.0.0.1 which is for LocalHost and its going on for Search.live.com which is external....What's wrong with this rule and the behavior?

As per me it's perfectly fine...

_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to oscrmyr77)
Post #: 2
RE: External user going through my proxy? - 29.Dec.2008 3:43:52 PM   
oscrmyr77

 

Posts: 3
Joined: 29.Dec.2008
Status: offline
The issue is the 208.69.36.233 address is not our address but it is all over our logs accessing these websites. Also, when looking at the logs there is 7.2GB of data from 127.0.0.1 within ONE DAY to these websites like google and so on. We are being blocked by websites like news.google.com and slahdot and others. This is a problem but not sure how they are getting through.

(in reply to inderjeet)
Post #: 3
RE: External user going through my proxy? - 29.Dec.2008 3:56:24 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
quote:

ORIGINAL: oscrmyr77

The issue is the 208.69.36.233 address is not our address but it is all over our logs accessing these websites. Also, when looking at the logs there is 7.2GB of data from 127.0.0.1 within ONE DAY to these websites like google and so on. We are being blocked by websites like news.google.com and slahdot and others. This is a problem but not sure how they are getting through.


Can you send me that log file at isaissues@yahoo.com ?? 

Well, further looking into the issue it seems the IP 208.69.36.233 is registered for OpenDNS, LLC

Do you have DNS Servers on the ISA Server's External Interface? If yes, remove them and have your ISPs DNS IPs added into the Forwarders on your internal DNS Servers. It is not recommended to have DNS servers on your external ISA interface...

< Message edited by inderjeet -- 29.Dec.2008 4:07:05 PM >


_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to oscrmyr77)
Post #: 4
RE: External user going through my proxy? - 29.Dec.2008 4:36:55 PM   
oscrmyr77

 

Posts: 3
Joined: 29.Dec.2008
Status: offline
I think you’re on the right track but not sure I quite understand. We do have several DNS servers mostly internal and one that is used for responding to external lookups on our domains. That server is connected to the internal card and I created a publishing rule so the DNS server can respond to the external lookups. I did however  “disable recursion” lookup so that it would only respond to with information for our domains. There is no DNS server installed on the actual ISA server though.
Thanks,
Nick

(in reply to inderjeet)
Post #: 5
RE: External user going through my proxy? - 29.Dec.2008 4:45:01 PM   
inderjeet

 

Posts: 463
Joined: 25.Nov.2008
Status: offline
Read the below article for how to configure your NICs in ISA enviornment
http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html

Brief Steps

1. Remove DNS server entries from the External NICs TCP/IP properties from ISA Server
2. On your internal DNS put the ISA Server's Internal IP as default Gateway
3. On the same DNS server, go to the DNS console > right click on DNS server properties and go to Forwarders Tab. Add your ISPs DNS IPs in that list
4. Create an Access rule in ISA which allows DNS from internal to external for all users
5. Configure all your servers, dekstops and laptops to use your internal DNS for name resolution

Hope that helps

< Message edited by inderjeet -- 29.Dec.2008 4:46:10 PM >


_____________________________

Inderjeet (MSFT)
My Blog: http://isingh.spaces.live.com

If you are a Microsoft Gold Partner, Contact us for Advisory/Consulting Services, Check https://partner.microsoft.com/US/supportsecurity/40012316

(in reply to oscrmyr77)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> External user going through my proxy? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts