microsoft-ds (tcp 445) with Firewall-client (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Firewall Client



Message


abruggeman -> microsoft-ds (tcp 445) with Firewall-client (19.Jul.2005 8:45:00 AM)

Hello, I searched the forum and found some related topics but not exactly my problem.

I am trying to access a share (tcp 445) from a pc on the internal network to a server on a perimeter network. The firewall rules are set. The relationship is NAT.
It works fine when connecting as a secureNAT client (setting the ip route directly to the ISA), but not with the fw-client enabled. The fw-client doesn't seem to "pick up" the traffic, I see nothing in the log.
I adjusted several fw-client settings in Configuration>General>Define FW Client Settings, but I couldn't get it working.

I am curious for experiences of others.




tshinder -> RE: microsoft-ds (tcp 445) with Firewall-client (20.Jul.2005 5:15:00 AM)

Hi A,

What errors do you see in the logs?

Thanks!
Tom




ClintD -> RE: microsoft-ds (tcp 445) with Firewall-client (20.Jul.2005 9:35:00 AM)

You shouldn't try to get the Firewall Client to pick up SMB requests, as you'll be stuck in a chicken and egg scenario.

IF you get the Firewall Client to pick up SMB requests (you would need to find the component that initiates SMB requests, which can be LSASS or SVCHOST since SVCHOST is where the LanManWorkstation component will register) then you would be stuck in a scenario of the client being unable to contact the DC to logon because the FWC is picking up all of that traffic.

What rule allows the SecureNAT SMB request? What rule denies the FWC SMB request?




abruggeman -> RE: microsoft-ds (tcp 445) with Firewall-client (2.Aug.2005 7:57:00 AM)

Thanks for your replies, sorry for my late reply.

With the fw-client enabled, the logging shows:
port 3128, protocol TCP all, Initiated connection, no rule, from source address to localhost;
port 80, protocol http, Failed connection, Rule web access, User anonymous, from source to destination address;
port 3128, protocol TCP all, Closed connection, no rule, from source address to localhost;

Without using the fw-client the logging shows:
port 445, Microsoft CIFS (TCP), Initiated connection, rule xxx, no user, from source to destination address.

So there is no deny, but it looks like the fw-client changes the traffic from port 445 to 80. This cannot work.
I also changed the client settings lsass and svchost, but this didn't change the outcome.




Page: [1]