Server 2003 RRAS Port Blocking issue
Posted on 2008-10-15
We have a Server 2003 system set up and have been experiencing issues with virus spam causing us to be blacklisted. I added a second NIC to the server and set one up on a private IP range with the router (10.2.2.2 and router at 10.2.2.1) and our internal LAN is on 10.1.1.2 (server). I set RRAS to have a static route to 0.0.0.0 to go through gateway at 10.2.2.1 (so it forwards all traffic to the gateway). The internet works like this, the DHCP gateway is set to the server NIC (10.1.1.2) and everyone's internet works.
Now, I have gone to the NAT/Firewall section and have been trying to work with the INTERNET NIC, because it is the one with the translated #s and mappings next to it, so I assume that's the one to work with. I have attempted all kinds of setup configurations, but when I go to View Mappings, they seem to not have taken effect. I have tried various settings, and nothing seems to block the offending PCs.
HOW do I set up static packet filter to BLOCK OUTBOUND attempts to send spam. I have tried many many combinations of settings in the packet filter with no success. Even now, I have an outbound filter that states ANY traffic on destination port 25 is to be blocked. I have another that says ANY traffic FROM IP address 10.1.1.52 (an offending address) is to be blocked, but I still have plenty of mappings from that IP.
As of right now, I have inbound and outbound filters for the IP 10.1.1.52 to ANY destination on ANY port, and I still have mappings for that IP. Is there a configuration issue with my RRAS? The only network card I show mappings on under NAT/Basic Firewall is my "internet" interface (the nic connected to the wan)