Routing

內部外部網路未達到 TMG Forefront 2010(Hyper-V 環境)

  • January 5, 2011

下面是我的環境:

我有 1 台執行 Windows 2008 R2 的物理機,具有 Hyper-V 角色。這台機器有 3 個物理網卡:

  • 一個用於網際網路
  • 一個用於內部網路
  • 一種用於無線網路

所有 3 個在 Hyper-V 中都有各自的虛擬網路,我有一個額外的專用虛擬機網路用於 DMZ 網路。

在其中一台虛擬機中,我安裝了 TMG Forefront 2010 SP1,它可以使用所有 4 個網路。下面是防火牆的 IPCONFIG /ALL:

Windows IP Configuration

  Host Name . . . . . . . . . . . . : FRW-EXP1-02
  Primary Dns Suffix  . . . . . . . : exp1.eti.br
  Node Type . . . . . . . . . . . . : Hybrid
  IP Routing Enabled. . . . . . . . : Yes
  WINS Proxy Enabled. . . . . . . . : No
  DNS Suffix Search List. . . . . . : exp1.eti.br

Ethernet adapter Internet:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #4
  Physical Address. . . . . . . . . : 00-15-5D-01-06-0E
  DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::6d05:6033:4cfc:bdf5%15(Preferred)
  IPv4 Address. . . . . . . . . . . : 189.100.110.xxx(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.240.0
  Lease Obtained. . . . . . . . . . : quarta-feira, 5 de janeiro de 2011 11:17:24
  Lease Expires . . . . . . . . . . : quarta-feira, 5 de janeiro de 2011 16:07:02
  Default Gateway . . . . . . . . . : 189.100.96.xxx
  DHCP Server . . . . . . . . . . . : 201.6.2.43
  DHCPv6 IAID . . . . . . . . . . . : 436213085
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6D-75-6F-00-15-5D-01-06-0B
  DNS Servers . . . . . . . . . . . : 201.6.2.163
                                      201.6.2.43
  NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Rede Interna:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #3
  Physical Address. . . . . . . . . : 00-15-5D-01-06-0C
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::51ff:4723:ce4c:bbc3%14(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.50.75.10(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  DHCPv6 IAID . . . . . . . . . . . : 352327005
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6D-75-6F-00-15-5D-01-06-0B
  DNS Servers . . . . . . . . . . . : 10.50.75.1
                                      10.50.75.2
  NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter DMZ:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter #2
  Physical Address. . . . . . . . . : 00-15-5D-01-06-0A
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::d4c5:75cf:e9aa:73e1%13(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.10.1(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  DHCPv6 IAID . . . . . . . . . . . : 301995357
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6D-75-6F-00-15-5D-01-06-0B
  DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                      fec0:0:0:ffff::2%1
                                      fec0:0:0:ffff::3%1
  NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Wireless:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
  Physical Address. . . . . . . . . : 00-15-5D-01-06-0B
  DHCP Enabled. . . . . . . . . . . : No
  Autoconfiguration Enabled . . . . : Yes
  Link-local IPv6 Address . . . . . : fe80::459:8ca6:d02:8da1%11(Preferred)
  IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . :
  DHCPv6 IAID . . . . . . . . . . . : 234886493
  DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6D-75-6F-00-15-5D-01-06-0B
  DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                      fec0:0:0:ffff::2%1
                                      fec0:0:0:ffff::3%1
  NetBIOS over Tcpip. . . . . . . . : Enabled

我在 Forefront 有以下網路:

External: IP addresses external to the Forefront TMG Networks
Internal: 10.50.75.0 - 10.50.75.255
Local Host:
Perimiter: 192.168.10.0 - 192.168.10.255
Wireless: 192.168.1.0 - 192.168.1.255

在網路規則中,我有:

1 => Route => Local Host => All Networks
2 => Route => Quarantined; VPN => Internal
3 => NAT => Internal; VPN => Perimiter
4 => NAT => Internal; Perimiter; Quarantined; VPN; Wireless => External

我的問題是我只能與內部和外部網路進行通信。如果從 Forefront VM ping www.google.com 或 10.50.75.21,我會毫無問題地得到回复。如果我嘗試在 Perimiter 網路或無線網路上 ping 一台機器,它不會被路由回 Forefront,它是所有網路上的預設網關。這裡作為 ping 範例:

PS C:\Users\Administrator.TPB1> ping www.google.com

Pinging www.l.google.com [64.233.163.104] with 32 bytes of data:
Reply from 64.233.163.104: bytes=32 time=11ms TTL=58
Reply from 64.233.163.104: bytes=32 time=8ms TTL=58

Ping statistics for 64.233.163.104:
   Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 8ms, Maximum = 11ms, Average = 9ms
Control-C
PS C:\Users\Administrator.TPB1> ping 10.50.75.21

Pinging 10.50.75.21 with 32 bytes of data:
Reply from 10.50.75.21: bytes=32 time=1ms TTL=128
Reply from 10.50.75.21: bytes=32 time=1ms TTL=128
Reply from 10.50.75.21: bytes=32 time=1ms TTL=128
Reply from 10.50.75.21: bytes=32 time=1ms TTL=128

Ping statistics for 10.50.75.21:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 1ms, Maximum = 1ms, Average = 1ms
PS C:\Users\Administrator.TPB1> ping 192.168.10.3

Pinging 192.168.10.3 with 32 bytes of data:
Reply from 192.168.10.1: Destination host unreachable.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.10.3:
   Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
PS C:\Users\Administrator.TPB1>

對 192.168.10.3 的 ping 使目標主機無法訪問。以下是外圍虛擬機的 ipconfig:

PS C:\Users\Administrator.Administrator> ipconfig /all

Windows IP Configuration

  Host Name . . . . . . . . . . . . : app-exp1-02
  Primary Dns Suffix  . . . . . . . : 
  Node Type . . . . . . . . . . . . : Unkown
  IP Routing Enabled. . . . . . . . : No
  WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :
  Description . . . . . . . . . . . : Microsoft Virtual Machine Bus Network Adapter
  Physical Address. . . . . . . . . : 00-15-5D-01-06-08
  DHCP Enabled. . . . . . . . . . . : No
  IPv4 Address. . . . . . . . . . . : 192.168.10.3
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.10.1
  DNS Servers . . . . . . . . . . . : 201.6.2.163
                                              201.6.2.43

嘗試從 DMZ 機器 ping 192.168.10.1(網關)也不起作用。當我使用日誌和報告監控來自無線網路和外圍網路的數據包時,我沒有收到任何我嘗試發送的數據包連結 PING 或 HTTP。但是我確實收到了很多 NETBIOS 廣播的欺騙消息……就像 Forefront 認為它來自不同的網路,但我不知道為什麼。請幫忙!

Tks

當一切似乎都正確時,那是因為它可能是!

我通過從 Forefront 中刪除無線和外圍網路解決了這個問題,然後關閉 VM,然後從 Forefront VM 中刪除網卡,然後啟動,關閉,重新添加卡,啟動,使用不同的子網(不知道是否這一步是必要的,但我還是這樣做了),啟動,將網路重新添加到 Forefront。

在這場馬拉松之後,它開始工作了。來自外圍和無線的流量開始被 Forefront 辨識,並且數據包開始正常流動,配置與以前相同

引用自:https://serverfault.com/questions/218998

相關問答

Routing

在內部網路和 VPN 客戶端之間共享同一子網

  • August 24, 2012
檢視問答
Sccm

Forefront Endpoint Protection 中文件和程序排除項的語法?

  • September 1, 2015
檢視問答
Security

安裝後對數據庫的 FIM2010 R2 SP1 服務帳戶要求

  • December 1, 2014
檢視問答
Sccm

SCCM 遷移到 SCCM 2012

  • January 28, 2013
檢視問答
Windows

Openvpn Server Windows 需要防止客戶端在伺服器上使用預設網關

  • October 10, 2022
檢視問答
Routing

如何將預設 IPV6 路由複製到第二個路由表以繞過 VPN?

  • September 3, 2022
檢視問答