Outbound IP filters in SBS2003 Standard

  • Thread starter Thread starter Julie
  • Start date Start date
J

Julie

Hello everyone.

I also posted this on the SBS group, but it has everyone stymied. So I thought I'd
see if posting it here fares any better.

We're trying to configure RRAS on this SBS2003 Standard Edition (no ISA) box to block
internet access from some inside machines, but can't get it to work. The SBS is
configured with inside addresses of 192.168.16.x (the server is .2)

We open RRAS, go to NAT/Basic Firewall, and go into properties for Network Connection.

Now we click the button for Outbound Filters. Then click New to begin adding the inside
IP addresses to prohibit. This is where we're having trouble.

In the "Add IP Filter" panel, we check the Source Network checkbox, then enter the inside
IP address assigned to one of the machines we want to block. What do we put for netmask?
We tried 255.255.255.255 but it ends up blocking everything. (255.255.255.0 produces
an "invalid mask" error, which is correct since we only want to block one IP address.)

Example: Inside address to block is 192.168.16.24. If we put that in for IP address and
then the mask 255.255.255.255, and then check "Transmit all packets except those that meet
the criteria below," it lets all computers on, including the .24 machine. If we change it
to "Drop all packets except those that meet the criteria below," it blocks access for
everyone including the .24 machine.

Can anyone provide some guidance?

Thanks.
 
Julie said:
Hello everyone.

I also posted this on the SBS group, but it has everyone stymied. So I thought I'd
see if posting it here fares any better.

We're trying to configure RRAS on this SBS2003 Standard Edition (no ISA) box to block
internet access from some inside machines, but can't get it to work. The SBS is
configured with inside addresses of 192.168.16.x (the server is .2)

We open RRAS, go to NAT/Basic Firewall, and go into properties for Network Connection.

Now we click the button for Outbound Filters. Then click New to begin adding the inside
IP addresses to prohibit. This is where we're having trouble.

In the "Add IP Filter" panel, we check the Source Network checkbox, then enter the inside
IP address assigned to one of the machines we want to block. What do we put for netmask?
We tried 255.255.255.255 but it ends up blocking everything. (255.255.255.0 produces
an "invalid mask" error, which is correct since we only want to block one IP address.)

Example: Inside address to block is 192.168.16.24. If we put that in for IP address and
then the mask 255.255.255.255, and then check "Transmit all packets except those that meet
the criteria below," it lets all computers on, including the .24 machine. If we change it
to "Drop all packets except those that meet the criteria below," it blocks access for
everyone including the .24 machine.

Can anyone provide some guidance?

Thanks.
Click to expand...

I have same problem.
Demand dial filter work's but outbound filter do not block NAT connection
from address other then 192.168.2.24 with mask 255.255.255.255 (address of
RAS is 192.168.2.10)
 
Back
Top