LISTSERV - JOEBOX-L Archives

JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

	LISTSERV Archives
	JOEBOX-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Question on Groups, Firewall, and Filtering
From:	James Jalbert <[log in to unmask]>
Reply To:	Joebox User <[log in to unmask]>
Date:	Mon, 9 Jan 2012 14:42:37 -0500
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (2650 bytes) , text/html (3770 bytes)

Vince,
I have tried with the group all the way to the top, and all the way to the bottom, the only thing that changes is if I need my over-ride or not

James Jalbert
Network Administrator
Eastern Aroostook RSU #39
Phone: 207-493-4246
E-Mail: [log in to unmask]

>>> Vincent Vanier <[log in to unmask]> 1/9/2012 2:30 PM >>>
Check the order of your Groups. It sounds like you have them backwords if it's blocking a group that shouldn't be denied access to those ports.

Vincent Vanier, Technology Coordinator
Madawaska School Department
[log in to unmask]
(207)728-3371x408

On Mon, Jan 9, 2012 at 2:08 PM, James Jalbert <[log in to unmask]> wrote:

I am in hopes that someone out there can help me with this, here is the issue
First off the easy one, I have a group that I would like completely open on both filtering and firewall. This network has its own filter, and firewall in place, and I want to make sure that NOTHING is blocked to or from this site? I am assuming that an open port rule of Everyone Else to "this Group" allowing all protocols is what I want? I also assume that I will need one for "this Group" to Everyone Else to allow all out? By the way, our firewall is still at low, but looking to move it to medium, for everyone but "this group".
Second, and I think this is more complicated, Thanks to Vince for providing me with the Facebook Networks, so I can block all https traffic to their servers, this has worked great! How ever, I did set this up using a Facebook group with the network as members. Set a closed port rule to say all source from Private Lan to Facebook on tcp 443 is blocked. Now my issue comes in that we are looking to create a group for admins to allow them to get to facebook. The issue I am having is that when I create the group, enter in the IPs for the machines, then test it, i get the following results. Facebook is unblocked, I am able to get to the login site, I login to facebook, and my browser just spins, and spins, and spins...., then I get the connection time out page. My thought is that the content filter is going down the list of groups, finds me in my test group, and runs that content filter allowing me to facebook, but then is seeing my ip in the Private Lan group, which has port 443 to facebook closed? Does this sound right? Why is the firewall blocking me on a group that has no closed port rule associated to it? Any thoughts on this would be great. What would my best way around this issue be?
Thanks in advance everyone.

James Jalbert
Network Administrator
Eastern Aroostook RSU #39
Phone: 207-493-4246 ( tel:207-493-4246 )
E-Mail: [log in to unmask]

ATOM RSS1 RSS2

LISTS.MAINE.EDU