 |
| Register | FAQ | Members List | Calendar | Links | Search | Today's Posts | Mark Forums Read |
|
||||||||
|
|
#1
08-19-2006, 10:33 AM
|
RRAS outbound filter not working
System is Windows Server 2003.
I want to use the RRAS outbound filter to limit web access for selected clients. I have two NIC's, one Internet-facing configured in RRAS for NAT and one LAN-facing. DHCP assigns reserved addresses to all LAN clients based on MAC. I group "Internet-allowed" clients in one net block and the rest in another. The internal network in 10.44.0.0/16. Allowed clients are in 10.44.7.0/255. Outbound filters is set to "Drop all packets except those that meet the criteria below". I have 3 outbound filter rules: 10.44.1.0/24 to any (allow server access to Internet) 10.44.7.0/24 to any (allow privileged clients access to Internet) 192.168.1.0/24 to any (allow outbound NIC access) I tried to add a rule to allow other stations access to Microsoft for Windows Updates but they lose all access, including to MS, when I move them out of 10.44.7.0/24. any to 207.46.0.0/16 (I attempt to ping to a known update.microsoft.com address within this block and I just get a timeout. Telnet to port 80 also times out with no connection, in case that server ignores pings.) My feeling is that the RRAS snapin is showing the correct rule, but it's not getting installed in the actual packet filter. I recall having a similar problem 2 years ago when I first set this server up and I had to delete all RRAS settings and recreate it from scratch to add a new filter rule. Are there known issues "pushing" rules down into the kernel? My own router is a Linux box and I'm very comfortable with the flexibility and logging of iptables. I'm regretting chosing Win2003 for this client as the GUI does not make things easier. It just makes failures harder to diagnose. Kenneth Porter 
|
|
#2
08-21-2006, 09:47 PM
|
|||
|
|||
|
Re: RRAS outbound filter not working
> I tried to add a rule to allow other stations access to Microsoft for > Windows Updates but they lose all access, including to MS, when I move > them out of 10.44.7.0/24. > > any to 207.46.0.0/16 what IP address and mask are you using for "any" Oliver >
|
|
#3
08-30-2006, 03:08 AM
|
|||
|
|||
|
Re: RRAS outbound filter not working
"Oliver O'Boyle" <(E-Mail Removed)> wrote in
news:(E-Mail Removed): > what IP address and mask are you using for "any" The checkbox for that is left unchecked, so the address and mask columns report "any".
|
 |
| Tags |
| filter, outbound, rras, working |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
