Server publishing rules and IP packet filters
Server publishing rules and Internet Protocol (IP) packet filters both open specific ports for communication between the local network and the Internet. In most situations, you will use server publishing rules to make internal servers accessible to external clients. Indeed, it is recommended that you use server publishing rules, because application filters can further process requests destined for the server. For more information on application filters, see Application filters.
In some cases, IP packet filters must be used:
| • | When you are publishing servers that are situated on a perimeter network (also known as a DMZ, demilitarized zone, and screened subnet), you must use IP packet filters to make them accessible to external clients |
| • | When you are publishing servers or services that are located on the ISA Server computer itself. |
For more information, see Server publishing rules and IP packet filters.
Publishing servers on a perimeter network
You configure server publishing rules to allow external clients access to servers situated on the local network. For example, you might want to publish a Simple Mail Transport Protocol (SMTP) server. Create a server publishing rule with the following configuration:
| • | Set the IP address of the internal server to the IP address of the FTP server. |
| • | Set the external IP address on ISA Server to an IP address on the external interface card belonging to the ISA Server computer. |
| • | Select the SMTP (Server) protocol. |
| • | Set the client type to Any user, group, or client computer to allow all external clients access to the SMTP server. |
If the SMTP server is located on a perimeter network rather than on the local network, use IP packet filters to open a port on the server. For example, to publish an SMTP server located on the perimeter network, create an IP packet filter with the following configuration:
| • | Set Servers that use this filter to All ISA servers in the array. | ||||||||
| • | Set the filter mode to allow packet transmission. | ||||||||
| • | Set the custom filter settings as follows:
| ||||||||
| • | Set Local Computer to This computer and specify the IP address of the SMTP server. | ||||||||
| • | Set Remote Computer to All remote computers. |
For more information, see Three-homed perimeter network configuration.
Server on the same computer as ISA Server
When a service is located on the same computer as ISA Server, you create IP packet filters to allow communication through to the specific port used by the service—not server publishing rules. For example, ISA Server includes a preconfigured IP packet filter called DNS filter that allows DNS queries on the ISA Server computer itself.
For a scenario that illustrates how IP packet filters are used, see Using packet filters to publish a Web server on the ISA Server computer.