LISTSERV - JOEBOX-L Archives

JOEBOX-L Archives

Joebox User

JOEBOX-L@LISTS.MAINE.EDU

	LISTSERV Archives
	JOEBOX-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show HTML Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Question on Groups, Firewall, and Filtering
From:	Vincent Vanier <[log in to unmask]>
Reply To:	Joebox User <[log in to unmask]>
Date:	Mon, 9 Jan 2012 14:30:17 -0500
Content-Type:	multipart/alternative
Parts/Attachments:	text/plain (2318 bytes) , text/html (3102 bytes)

Check the order of your Groups.  It sounds like you have them backwords if
it's blocking a group that shouldn't be denied access to those ports.

Vincent Vanier, Technology Coordinator
Madawaska School Department
[log in to unmask]
(207)728-3371x408



On Mon, Jan 9, 2012 at 2:08 PM, James Jalbert <[log in to unmask]> wrote:

>  I am in hopes that someone out there can help me with this, here is the
> issue
>
> First off the easy one, I have a group that I would like completely open
> on both filtering and firewall. This network has its own filter, and
> firewall in place, and I want to make sure that NOTHING is blocked to or
> from this site? I am assuming that an open port rule of Everyone Else to
> "this Group" allowing all protocols is what I want? I also assume that I
> will need one for "this Group" to Everyone Else to allow all out? By the
> way, our firewall is still at low, but looking to move it to medium, for
> everyone but "this group".
>
> Second, and I think this is more complicated, Thanks to Vince for
> providing me with the Facebook Networks, so I can block all https traffic
> to their servers, this has worked great! How ever, I did set this up using
> a Facebook group with the network as members. Set a closed port rule to say
> all source from Private Lan to Facebook on tcp 443 is blocked. Now my issue
> comes in that we are looking to create a group for admins to allow them to
> get to facebook. The issue I am having is that when I create the group,
> enter in the IPs for the machines, then test it, i get the following
> results. Facebook is unblocked, I am able to get to the login site, I login
> to facebook, and my browser just spins, and spins, and spins...., then I
> get the connection time out page. My thought is that the content filter is
> going down the list of groups, finds me in my test group, and runs that
> content filter allowing me to facebook, but then is seeing my ip in the
> Private Lan group, which has port 443 to facebook closed? Does this sound
> right? Why is the firewall blocking me on a group that has no closed port
> rule associated to it? Any thoughts on this would be great. What would my
> best way around this issue be?
>
> Thanks in advance everyone.
>
>
>
> James Jalbert
> Network Administrator
> Eastern Aroostook RSU #39
> Phone: 207-493-4246
> E-Mail: [log in to unmask]
>
>

ATOM RSS1 RSS2

LISTS.MAINE.EDU