'ISA 2000'에 해당되는 글 62건

  1. 2007.01.10 [ISA 2000] 서비스가 사용하는 포트 정리
  2. 2007.01.09 [ISA 2000] DNS 서버 퍼블리싱


사이게이트(Sygate) 프로그램에서 제공하는 서비스(애플리케이션) 별 포트 사용 현황 목록입니다.

ISA Server에서 자주 사용하는 서비스가 미리 정의되어 있지만, 그 외의 포트들도 사용해야 할 경우가 있으므로 따로 목록을 정리해 두는 것도 좋습니다.

<hr>

##############################################################################
# Sybergen Access Server and SyGate Application Rule Configuration File
# version 1.9
# Copyright(c) 2000 by Sybergen Networks Inc., all rights reserved.
#
##############################################################################
#
# For details, please visit:  http://www.sybergen.com/support/conf_sg.htm
#                             http://www.sybergen.com/support/applications.htm
#
#  Overview:
#
# This file defines a list of rules for Sybergen Access Server or SyGate to
# follow when processing packets.   According to each rule, Sybergen Secure
# Desktop or SyGate will dynamically create a serias of tunnels to provide
# the path for packets to flow through.
#
#
#  ----------------------------------------------------------------------------------------
#  An application rule consists of:
#
#  :INIT <Rule Name>
#  Triggering Transaction
#  :SUB
#  Sub-trans-1
#  Sub-trans-2
#  ........
#  :END
#
#  Where: <Rule Name> is the name of the application. This could be any name. See example
#         for detail.
#         Triggering transaction is the first traffic the application generates
#
#  Sub-trans-x and Triggering Transaction could be "Inbound Trans" and "Outbound Trans"
#  defined below respectively.
#
#  ----------------------------------------------------------------------------------------
#  Inbound Trans Syntax:
#
#  Direction  ProtocolType  DestinationPortLow DestinationPortHigh ClientIP ClientPort MaxIdleTime Options

#  Description:
#  ===========
#
#  Filed Name  Valid Value
#  ==========  ===========
#
#  Direction:   IN
#  ProtcolType:  "TCP" or "UDP"
#
#  DestinationPortHigh: The upper bound of the destination port range
#  DestinationPortLow:  The lower bound of the destination port range
#
# (note: INIT Trans have and only have one port. The current version doesn't support
# a range of ports on INIT trans. In the other words, PortHigh shall be equal to
# PortLow on INIT trans.
#
#  ClientIp:  This field tells Sybergen Access Server or SyGate where to pass the
#                       incoming packet with the destination port in the range defined by
#                       DestinationPortHigh and DestinationPortLow.
#                      
#                       This field has to be set to 0.0.0.0 for Sub-trans-x.
#                       For Triggering Transaction, this field must be set to the IP
#                       of one of the clients.
#
#  ClientPort:         This field tells Sybergen Access Server or SyGate which port of the
#                       ClientIp to send the incoming packet with the destination port in
#                       the range defined by DestinationPortHigh and DestinationPortLow.
#
#                       If this value is 0, the packet will be send to the port same
#                       as the destination port of the incoming packet.
#    If this value is not zero, the packet will be sent to the defined
#                       port instead of the original destination port. By doing this, we
#                       can redirect the packets sent to
#    port 8080 of Sybergen Access Server or SyGate PC to port 80 of
#                       Sybergen Access Server or SyGate client by using
#                       following line:
#
#                       IN TCP 8080 8080 192.168.0.2 80 0 -
#
#
#  MaxIdleTime:  This field tells Sybergen Access Server or SyGate to close the tunnel
#                       after certain idle milliseconds.
#
#                       Set to 0 for Sybergen Access Server or SyGate to use the default
#                       idle timeout value. 
#                     
#
#  Options:    
#   - ----- None
#
#   M ----- This value tells Sybergen Access Server or SyGate
#                             to close all Sub-tunnels if the triggering connection no
#                             longer exists due to either timeout or user application disconnect,
#                             etc.
#     This option is only valid in Triggering Transaction.
#
#   H ----- H.323 specfic rule. Sybergen Access Server or
#                             SyGate will process the packets according to H.323 protocol.
#                             Users should not use this option to define new rules.
#
#   A ----- This option tells Sybergen Access Server or SyGate
#                             to pass packets from any remote hosts to specific port defined
#                             in the rule. If this option is not specified, only the packets
#                             from the remote host that the Triggering Transaction visited
#                             can be passed to the ClientPort of the triggering client. See
#                             "DirectPlay" rule for more details.
#
#   D ----- This option can only be used in Sub-Trans-x. It tells
#                             Sybergen Access Server or SyGate to keep creating tunnels for
#                             each connection between the triggering Sybergen Access Server
#                             or SyGate client and remote hosts. Without this option, only one
#                             tunnel can be created for each Sub-Trans-x rule. See "DirectPlay"
#                             rule for more details.
#
#  ----------------------------------------------------------------------------------------
#
#  Outbound Trans Syntax:
#
#  Direction  ProtocolType  DestinationPortLow DestinationPortHigh ClientIp MaxIdleTime Options
#
#  Description:
#  ===========
#
#  Direction:   OUT
#
#  ProtcolType:  "TCP" or "UDP"
#
#  DestinationPortHigh: The upper bound of the destination port range
#  DestinationPortLow:  The lower bound of the destination port range
#
# (note: INIT Trans have and only have one port. The current version doesn't support
# a range of ports on INIT trans. In the other words, PortHigh shall be equal to
# PortLow on INIT trans.
#
#  ClientIp:  This field tells Sybergen Access Server or SyGate which client
#                       can trigger the rule.  In Trigger Tansaction, 0.0.0.0 means any
#                       client can trigger.   In Sub-Trans-x, ClietnIP has to be 0.0.0.0
#
#  MaxIdleTime:  This field tells Sybergen Access Server or SyGate to close the
#                       tunnel after certain idle milliseconds.
#
#                       Set to 0 for Sybergen Access Server or SyGate to use the default
#                       idle timeout value. 
#                     
#  Options:    
#   - ----- None
#
#   M ----- This value tells Sybergen Access Server or SyGate
#                             to close all Sub-tunnels if the triggering connection no longer
#                             exists due to either timeout or user application disconnect, etc.
#     This option is only valid in Triggering Transaction.
#
#   R ----- This option tells Sybergen Access Server or SyGate
#                             to use a different source port to send the packet. See
#                             "DirectPlay" rule for more details.
#    
#   H ----- H.323 specfic rule. Sybergen Access Server or SyGate
#                             will process the packets according to H.323 protocol. Users
#                             should not use this option to define new rules.
#
#   F ----- FTP activity mode specfic. Users should not use this
#                             option to define new rules.
#
#   I ----- IRC DCC mode specifc. Users should not use this option
#                             to define new rules.
#
#   D ----- This option can only be used in Sub-Trans-x. It tells
#                             Sybergen Access Server or SyGate keep creating tunnels for each
#                             connection between the triggering Sybergen Access Server or
#                             SyGate client and remote hosts. Without this option, only one
#                             tunnel can be created for each Sub-Trans-x rule. See "DirectPlay"
#                             rule for more details.
#
# Note: 1)  After making any changes to this file, you MUST stop and restart the
#     Sybergen Access Server or SyGate service for your changes
#                               to be in effect. 
#  2) Un-installing or re-installing Sybergen products may remove or update
#                               this file.
#    Please save a copy of any change you made in this file.
#############################################################################
#
# TROUBLESHOOTING
#
#
# For the apprule to work, there are certain way to check for error.
# Example:
#
# #
# # :INIT "Our FTP server"
# # IN TCP 21 21 192.168.0.2 0 86400000 -
# # :SUB
# # :END
# #
#
# 1) No "#" sign and blank space in front of this rule.
# 2) No error initialing the previous rule
#
# :INIT "Our FTP server"
# IN TCP 21 21 192.168.0.2 0 86400000 -
# :SUB
# :END
#
# 3) Check the log file in the Sybergen Access Server or SyGate Manager under
#               troubleshooting to see if the rule is being properly executed.
#
#
#############################################################################


##### SYSTEM DEFINITION ##################################################

# FTP Active mode
:INIT "FTP Active mode"
OUT TCP 21 21 0.0.0.0 86400000 MRF
:SUB
:END

# IRC DCC. The IRC port is usually 6660-6670, 7000, 8888, or 9999
# If you are using a different port number just change one of
# these apprules to the port number you are using.
:INIT "mIRC port 6660"
OUT TCP 6660 6660 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6661"
OUT TCP 6661 6661 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6662"
OUT TCP 6662 6662 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6663"
OUT TCP 6663 6663 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6664"
OUT TCP 6664 6664 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6665"
OUT TCP 6665 6665 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6666"
OUT TCP 6666 6666 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6667"
OUT TCP 6667 6667 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6668"
OUT TCP 6668 6668 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6669"
OUT TCP 6669 6669 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 6670"
OUT TCP 6670 6670 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 7000"
OUT TCP 7000 7000 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 8888"
OUT TCP 8888 8888 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC port 9999"
OUT TCP 9999 9999 0.0.0.0 0 MRI
:SUB
IN TCP 59 59 0.0.0.0 0 0 -
IN TCP 113 113 0.0.0.0 0 0 -
:END

:INIT "mIRC Chat"
OUT TCP 100 100 0.0.0.0 0 MRI
:SUB
IN TCP 101 101 0.0.0.0 0 0 -
:END

:INIT "mIRC Fserve"
OUT TCP 110 110 0.0.0.0 0 MRI
:SUB
IN TCP 111 111 0.0.0.0 0 0 -
:END

:INIT "mIRC Send"
OUT TCP 120 120 0.0.0.0 0 MRI
:SUB
IN TCP 121 121 0.0.0.0 0 0 -
:END

:INIT "mIRC Get"
OUT TCP 130 130 0.0.0.0 0 MRI
:SUB
IN TCP 131 131 0.0.0.0 0 0 -
OUT TCP 132 132 0.0.0.0 0 -
:END

##### USER DEFINITION ########


# CU-SeeMe
#
# This will allow you to connect to the CU-SeeMe network.
# You will need to have the H.323 apprule in order to video
# conference with anyone.
:INIT "CU-SeeMe"
OUT UDP 24032 24032 0.0.0.0 0 R
:SUB
IN UDP 1414 1414 0.0.0.0 0 0 ADH
IN UDP 1424 1424 0.0.0.0 0 0 ADH
IN TCP 1503 1503 0.0.0.0 0 0 AD
IN TCP 1720 1720 0.0.0.0 0 0 ADH
IN UDP 1812 1813 0.0.0.0 0 0 AD
IN TCP 7640 7640 0.0.0.0 0 0 AD
IN TCP 7642 7642 0.0.0.0 0 0 AD
IN UDP 7648 7648 0.0.0.0 0 0 AD
IN TCP 7648 7648 0.0.0.0 0 0 AD
IN TCP 7649 7649 0.0.0.0 0 0 AD
IN UDP 24032 24032 0.0.0.0 0 0 AD
IN UDP 56800 56800 0.0.0.0 0 0 AD
OUT UDP 1414 1414 0.0.0.0 0 DH
OUT UDP 1424 1424 0.0.0.0 0 DH
OUT TCP 1503 1503 0.0.0.0 0 D
OUT TCP 1720 1720 0.0.0.0 0 DH
OUT UDP 1812 1813 0.0.0.0 0 D
OUT TCP 7640 7640 0.0.0.0 0 D
OUT TCP 7642 7642 0.0.0.0 0 D
OUT UDP 7648 7648 0.0.0.0 0 D
OUT TCP 7648 7648 0.0.0.0 0 D
OUT TCP 7649 7649 0.0.0.0 0 D
OUT UDP 56800 56800 0.0.0.0 0 D
:END


# Internet Phone
:INIT "Internet Phone 5"
OUT UDP 22555 22555 0.0.0.0 0 -
:SUB
:END


# Net2Phone
:INIT "Net2Phone"
OUT UDP 6801 6801 0.0.0.0 0 R
:SUB
IN UDP 1 30000 0.0.0.0 0 0 AD
IN TCP 1 30000 0.0.0.0 0 0 AD
:END


# Calista Incoming
:INIT "Calista IP Phone"
OUT TCP 4099 4099 0.0.0.0 R
:SUB
IN UDP 3000 3000 0.0.0.0 0 0 D
:END


# BAYVPN
:INIT "BAYVPN"
OUT UDP 500 500 0.0.0.0 0 -
:SUB
:END


# FW1VPN
:INIT "FW1VPN"
OUT UDP 259 259 0.0.0.0 0 -
:SUB
:END


# Shiva VPN
# (set the mobile option in the Shiva VPN client software
# to be your public IP address)
# :INIT "Shiva VPN"
# OUT UDP 2233 2233 0.0.0.0 0 -
# :SUB
# IN UDP 2233 2233 0.0.0.0 0 0 AD
# :END


# CITRIX Metaframe
:INIT "CITRIX Metaframe"
OUT TCP 1494 1494 0.0.0.0 0 R
:SUB
IN TCP 1494 1494 0.0.0.0 0 0 AD
:END


# MS Terminal Server
:INIT "MS Terminal Server"
OUT TCP 3389 3389 0.0.0.0 0 R
:SUB
IN TCP 3389 3389 0.0.0.0 0 0 AD
:END


# NTP (Network Time Protocol)
:INIT "Network Time Protocol"
OUT UDP 123 123 0.0.0.0 0 R
:SUB
IN UDP 123 123 0.0.0.0 0 0 AD
:END


# CrisNet
:INIT "CrisNet"
OUT TCP 32760 32760 0.0.0.0 0 R
:SUB
IN TCP 1367 1367 0.0.0.0 0 0 AD
IN TCP 32760 32760 0.0.0.0 0 0 AD
:END


# RealAudio on Port 7070
:INIT "RealAudio 7070"
OUT TCP 7070 7070 0.0.0.0 0 R
:SUB
IN UDP 6970 7170 0.0.0.0 0 0 AD
:END


# QuickTime 4 Client & RealAudio on Port 554
:INIT "QuickTime"
OUT TCP 554 554 0.0.0.0 0 R
:SUB
IN UDP 6970 32000 0.0.0.0 0 0 AD
:END


# QuickTime 4 Server - Modification tested on 8/9/99
# (change 192.168.0.2 to correct IP address)
# :INIT "QuickTime Server"
# IN TCP 6970 6970 192.168.0.2 0 0 -
# :SUB
# IN UDP 6970 7000 0.0.0.0 0 0 AD
# :END


# Napster
:INIT "Napster"
OUT TCP 6699 6699 0.0.0.0 0 R
:SUB
IN TCP 6699 6699 0.0.0.0 0 0 AD
:END


# Netop Remote control
:INIT "Netop Remote control"
OUT UDP 6502 6502 0.0.0.0 0 R
:SUB
IN UDP 6502 6502 0.0.0.0 0 0 AD
:END

# Netop Remote control
# (change 192.168.0.2 to correct IP address of your Netop server)
# :INIT "Netop Remote control Server"
# IN UDP 6502 6502 192.168.0.2 0 0 -
# :SUB
# :END


# Timbuktu
:INIT "Timbuktu"
OUT TCP 407 407 0.0.0.0 0 R
:SUB
IN TCP 1024 65534 0.0.0.0 0 0 D
:END


# Virtual Network Computing - VNC
:INIT "VNC"
OUT TCP 5900  5900  0.0.0.0 0 R
:SUB
IN TCP 5900  5900  0.0.0.0 0 0 AD
:END


# Virtual Network Computing - VNC Server
# (change 192.168.0.2 to correct IP address of your VNC server)
# :INIT "VNC Server"
# IN TCP 5900  5900  192.168.0.2 0 0 -
# :SUB
# :END


# GUNtelle
:INIT "GNUtella"
OUT TCP 6346 6346 0.0.0.0 0 R
:SUB
IN UDP 6346 6346 0.0.0.0 0 0 AD
:END


# Dialpad
:INIT "Dialpad"
OUT TCP 7175 7175 0.0.0.0 0 R
:SUB
IN UDP 51200 51201 0.0.0.0 0 0 AD
IN TCP 51210 51210 0.0.0.0 0 0 AD
IN TCP 1584 1585 0.0.0.0 0 0 AD
OUT TCP 8680 8686 0.0.0.0 0 D
:END


# How To Use ICQ with Sybergen Access Server and SyGate
# This apprule is needed because ICQ needs to listen to some TCP ports
# to receive incoming events.
#
# By default, the machines behind Sybergen Access Server or SyGate can
# send messages, and create chat but others on Internet cannot send messages
# create chat rooms or send files directly to Sybergen Access Server or
# SyGate clients.
# ---------------------------------------------------------------------
# ICQ99 for one client
#
# One User version, only one user can be supported behind SyGate or
# Sybergen Access Server with this apprule. In ICQ under
# 'Preferences & security', click 'Preferences' and then goto Connections,
# click on 'I am behind a firewall or proxy' then click on
# 'Firewall Settings' then click 'I don't have a SOCKS Proxy
# server on my firewall or I am using another Proxy server' then click
# Next then click 'Use the following TCP listen ports for incoming event'
# and set the TCP ports for 20000 to 20019.
#
:INIT "ICQ99"
OUT UDP 4000 4000 0.0.0.0 18000000 R
:SUB
IN TCP 20000 20019 0.0.0.0 0 0 AD
:END
#
#
# ---------------------------------------------------------------------
# ICQ99 for multiple clients
#
# On the following appules, change the IP address to the IP address of the
# ICQ client.  Then enable the following apprules, one for each ICQ client.
# Then in ICQ under 'Preferences & security', 'Preferences' and Connections,
# click on 'I am behind a firewall or proxy' then click on 'Firewall Settings'
# then click 'I don't have a SOCKS Proxy server on my firewall or I am using
# another Proxy server' then click Next then click 'Use the following TCP
# listen ports for incoming event' and set the TCP ports for the corresponding
# port numbers (20000 to 20019; 20020 to 20039; 20040 to 20059).
#
# Note: ICQ99 single client apprule must be disabled for these ones to work.
#
# :INIT "ICQ99 client 1"
# OUT UDP 4000 4000 192.168.0.2 18000000 R
# :SUB
# IN TCP 20000 20019 0.0.0.0 0 0 AD
# :END
#
# :INIT "ICQ99 client 2"
# OUT UDP 4000 4000 192.168.0.3 18000000 R
# :SUB
# IN TCP 20020 20039 0.0.0.0 0 0 AD
# :END
#
# :INIT "ICQ99 client 3"
# OUT UDP 4000 4000 192.168.0.4 18000000 R
# :SUB
# IN TCP 20040 20059 0.0.0.0 0 0 AD
# :END
#
#
# ---------------------------------------------------------------------
# ICQ2000 for one client
#
# One User version, only one user can be supported behind SyGate or
# Sybergen Access Server with this apprule. In ICQ under
# 'Preferences & security', click 'Preferences' and then goto Server, set
# the Server port number to 4000.  Then goto Connections, click on User,
# click on 'Not using Proxy' then click 'Use the following TCP listen
# ports for incoming event' and set the TCP ports for 20000 to 20019.
#
:INIT "ICQ2000"
OUT TCP 4000 4000 0.0.0.0 18000000 R
:SUB
IN TCP 20000 20019 0.0.0.0 0 0 AD
:END
#
#
# ---------------------------------------------------------------------
# ICQ2000 for multiple clients
#
# On the following appules, change the IP address to the IP address of the
# ICQ client.  Then enable the following apprules, one for each ICQ client.
# In ICQ under 'Preferences & security', click 'Preferences' and then goto
# Server, set the Server port number to 4000.  Then goto Connections, click
# on User, click on 'Not using Proxy' then click 'Use the following TCP listen
# ports for incoming event' and set the TCP ports for the corresponding
# port numbers (20000 to 20019; 20020 to 20039; 20040 to 20059).
#
# Note: ICQ2000 single client apprule must be disabled for these ones to work.
#
# :INIT "ICQ2000 client 1"
# OUT TCP 4000 4000 192.168.0.2 18000000 R
# :SUB
# IN TCP 20000 20019 0.0.0.0 0 0 AD
# :END
#
# :INIT "ICQ2000 client 2"
# OUT TCP 4000 4000 192.168.0.3 18000000 R
# :SUB
# IN TCP 20020 20039 0.0.0.0 0 0 AD
# :END
#
# :INIT "ICQ2000 client 3"
# OUT TCP 4000 4000 192.168.0.4 18000000 R
# :SUB
# IN TCP 20040 20059 0.0.0.0 0 0 AD
# :END


# BuddyPhone - with GameRouter
#
# Each computer using BuddyPhone will use a unique listoning port
# number, use port number 710 and up for each client.  In BuddyPhone,
# set the first client to 710, the next to 711, the next to 712 and
# so on.  Then change the IP address of the following apprules to
# corespond with the IP address of the BuddyPhone client.  And then
# enable the apprule.
#
# :INIT "BuddyPhone client1"
# OUT TCP 700 700 192.168.0.2 0 R
# :SUB
# IN TCP 710 710 0.0.0.0 0 0 AD
# :END
#
# :INIT "BuddyPhone client2"
# OUT TCP 700 700 192.168.0.3 0 R
# :SUB
# IN TCP 711 711 0.0.0.0 0 0 AD
# :END
#
# :INIT "BuddyPhone client3"
# OUT TCP 700 700 192.168.0.4 0 R
# :SUB
# IN TCP 712 712 0.0.0.0 0 0 AD
# :END


# Abbott Chat
:INIT "Abbott Chat"
OUT UDP 18236 18236 0.0.0.0 0 R
:SUB
IN UDP 18231 18231 0.0.0.0 0 0 AD
IN TCP 18232 18235 0.0.0.0 0 0 AD
:END


# PalTalk
:INIT "PalTalk1"
OUT TCP    5001    5001    0.0.0.0    0    R
:SUB
IN UDP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2095    2095    0.0.0.0    0    0    AD
IN TCP     5200    5203    0.0.0.0    0    0    AD
OUT UDP    2090    2091    0.0.0.0    0    D
OUT TCP    2090    2091    0.0.0.0    0    D
OUT TCP    2095    2095    0.0.0.0    0    D
OUT TCP    5200    5203    0.0.0.0    0    D
:END

:INIT "PalTalk2"
OUT TCP    5002    5002    0.0.0.0    0    R
:SUB
IN UDP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2095    2095    0.0.0.0    0    0    AD
IN TCP     5200    5203    0.0.0.0    0    0    AD
OUT UDP    2090    2091    0.0.0.0    0    D
OUT TCP    2090    2091    0.0.0.0    0    D
OUT TCP    2095    2095    0.0.0.0    0    D
OUT TCP    5200    5203    0.0.0.0    0    D
:END

:INIT "PalTalk3"
OUT TCP    5003    5003    0.0.0.0    0    R
:SUB
IN UDP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2095    2095    0.0.0.0    0    0    AD
IN TCP     5200    5203    0.0.0.0    0    0    AD
OUT UDP    2090    2091    0.0.0.0    0    D
OUT TCP    2090    2091    0.0.0.0    0    D
OUT TCP    2095    2095    0.0.0.0    0    D
OUT TCP    5200    5203    0.0.0.0    0    D
:END

:INIT "PalTalk4"
OUT TCP    5004    5004    0.0.0.0    0    R
:SUB
IN UDP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2095    2095    0.0.0.0    0    0    AD
IN TCP     5200    5203    0.0.0.0    0    0    AD
OUT UDP    2090    2091    0.0.0.0    0    D
OUT TCP    2090    2091    0.0.0.0    0    D
OUT TCP    2095    2095    0.0.0.0    0    D
OUT TCP    5200    5203    0.0.0.0    0    D
:END

:INIT "PalTalk5"
OUT TCP    5005    5005    0.0.0.0    0    R
:SUB
IN UDP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2090    2091    0.0.0.0    0    0    AD
IN TCP     2095    2095    0.0.0.0    0    0    AD
IN TCP     5200    5203    0.0.0.0    0    0    AD
OUT UDP    2090    2091    0.0.0.0    0    D
OUT TCP    2090    2091    0.0.0.0    0    D
OUT TCP    2095    2095    0.0.0.0    0    D
OUT TCP    5200    5203    0.0.0.0    0    D
:END

:INIT "PalTalk Video"
OUT TCP    8080    8080    0.0.0.0    0    -
:SUB
IN TCP     8080    8080    0.0.0.0    0    0    AD
:END


# ICUII Client
:INIT "ICUII Client"
OUT TCP 2019 2019 0.0.0.0 0 R
:SUB
IN TCP 2000 2038 0.0.0.0 0 0 AD
IN TCP 2050 2051 0.0.0.0 0 0 AD
IN TCP 2069 2069 0.0.0.0 0 0 AD
IN TCP 2085 2085 0.0.0.0 0 0 AD
IN TCP 3010 3030 0.0.0.0 0 0 AD
OUT TCP 2000 2038 0.0.0.0 0 D
OUT TCP 2050 2051 0.0.0.0 0 D
OUT TCP 2069 2069 0.0.0.0 0 D
OUT TCP 2085 2085 0.0.0.0 0 D
OUT TCP 3010 3030 0.0.0.0 0 D
:END


# AIM Talk
:INIT "AIM Talk"
OUT TCP 5190 5190 0.0.0.0 18000000 R
:SUB
IN TCP 5190 5190 0.0.0.0 0 0 D
:END


# MSN Messenger
:INIT "MSN Messenger"
OUT TCP 1863 1863 0.0.0.0 18000000 R
:SUB
IN TCP 1863 1863 0.0.0.0 0 0 AD
:END


# Powwow 4.0
#
# This apprule must be used with the MSN Messanger apprule
:INIT "Powwow 4.0"
OUT TCP 13224 13224 0.0.0.0 0 R
:SUB
IN TCP 13223 13224 0.0.0.0 0 0 AD
IN TCP 23213 23214 0.0.0.0 0 0 AD
IN UDP 13223 13223 0.0.0.0 0 0 AD
:END


# Ultima Online
:INIT "Ultima Online"
OUT TCP 7775 7775 0.0.0.0 0 R
:SUB
IN TCP 5001 5010 0.0.0.0 0 0 AD
IN TCP 7775 7777 0.0.0.0 0 0 AD
IN TCP 8888 8888 0.0.0.0 0 0 AD
IN TCP 8800 8900 0.0.0.0 0 0 AD
IN TCP 9999 9999 0.0.0.0 0 0 AD
IN TCP 7875 7875 0.0.0.0 0 0 AD
OUT TCP 5001 5010 0.0.0.0 0 D
OUT TCP 7775 7777 0.0.0.0 0 D
OUT TCP 8888 8888 0.0.0.0 0 D
OUT TCP 8800 8900 0.0.0.0 0 D
OUT TCP 9999 9999 0.0.0.0 0 D
OUT TCP 7875 7875 0.0.0.0 0 D
:END


# H.323 compliant video player, NetMeeting 2.0, 3.0, Intel Video Phone
# Incoming calls are not possible due to NetMeeting assigning ports
# dynamically. - Modification tested 1-12-2000
:INIT "Netmeeting"
OUT TCP 1720 1720 0.0.0.0 0 RH
:SUB
IN UDP 1024 65534 0.0.0.0 0 0 DH
OUT UDP 1024 65534 0.0.0.0 0 DH
IN TCP 1024 1502 0.0.0.0 0 0 DH
OUT TCP 1024 1502 0.0.0.0 0 DH
IN TCP 1504 1730 0.0.0.0 0 0 DH
OUT TCP 1504 1730 0.0.0.0 0 DH
IN TCP 1732 65534 0.0.0.0 0 0 DH
OUT TCP 1732 65534 0.0.0.0 0 DH
OUT TCP 1503 1503 0.0.0.0 0 D
OUT TCP 1731 1731 0.0.0.0 0 D
IN TCP 1503 1503 0.0.0.0 0 0 D
IN TCP 1731 1731 0.0.0.0 0 0 D
:END


# Battle.net (Diablo, WarCraft II)
#   Notice: we added StarCraft built-in support
#
# Because of some limitations with Blizzards battle.net only one person
# at a time can play Diablo or WarCraft.  StarCraft, however supports
# multiple Sybergen Access Server clients and SyGate clients playing at
# the same time.  But the Sybergen Access Server and SyGate server can
# not join a game with any of its client computers.
:INIT "Battle.net"
OUT TCP 6112 6112 0.0.0.0 0 R
:SUB
IN UDP 6112 6112 0.0.0.0 0 0 AD
:END


# Everquest
#
# 1. Make sure you're using the latest build of SyGate
# 2. Install the EverQuest game on the SyGate server. It doesn't need
# to be running, just installed on the server.
#
# Everquest will work on SyGate.  However, few customers have reported
# it will freeze after playing the game for limited time and must reboot
# the system.  The only solution to it for now is to start the game on
# SyGate server first, then let the client PC join the game, that will
# solve the problem.  We are still waiting for solution from the Sony
# Interactive regarding this matter.


# Abuse.net
:INIT "Abuse.net"
OUT     TCP     43      43      0.0.0.0 0       R
:SUB
IN      TCP     43      43      0.0.0.0 0       0       AD
IN      TCP     113     113     0.0.0.0 0       0       AD
OUT     TCP     113     113     0.0.0.0 0       D
:END


# ActiveWorld
:INIT "ActiveWorld"
OUT TCP 7777 7777 0.0.0.0 0 R
:SUB
IN TCP 7000 7100 0.0.0.0 0 0 AD
:END


# DirectPlay (Game Zone, Mplayer, Boneyards) - Modification tested on 8/16/99
# Most DirectPlay games use this rule
:INIT "DirectPlay"
OUT TCP 47624 47624 0.0.0.0 0 R
:SUB
IN TCP 47624 47624 0.0.0.0 0 0 AD
IN UDP 2300 2400 0.0.0.0 0 0 AD
IN TCP 2300 2400 0.0.0.0 0 0 AD
OUT UDP 2300 2400 0.0.0.0 0 D
OUT TCP 2300 2400 0.0.0.0 0 D
IN TCP 9110 9110 0.0.0.0 0 0 AD
OUT TCP 9110 9110 0.0.0.0 0 D
IN TCP 9113 9113 0.0.0.0 0 0 AD
OUT TCP 9113 9113 0.0.0.0 0 D
IN TCP 28800 29000 0.0.0.0 0 0 AD
OUT TCP 28800 29000 0.0.0.0 0 D
IN UDP 8000 9000 0.0.0.0 0 0 AD
IN TCP 8000 9000 0.0.0.0 0 0 AD
OUT UDP 8000 9000 0.0.0.0 0 D
OUT TCP 8000 9000 0.0.0.0 0 D
:END


# For hosting on the MSN Gaming Zone
:INIT "The Zone"
OUT UDP 28800 28800 0.0.0.0 0 R
:SUB
IN TCP 47624 47624 0.0.0.0 0 0 AD
OUT TCP 47624 47624 0.0.0.0 0 D
IN UDP 2300 2400 0.0.0.0 0 0 AD
IN TCP 2300 2400 0.0.0.0 0 0 AD
OUT UDP 2300 2400 0.0.0.0 0 D
OUT TCP 2300 2400 0.0.0.0 0 D
IN TCP 28800 29000 0.0.0.0 0 0 AD
OUT TCP 28800 29000 0.0.0.0 0 D
IN UDP 28800 28800 0.0.0.0 0 0 AD
:END


# Westwood Online - C&C Tiberian Sun & Dune 2000
#   Note: Westwood Online supports only one user per public IP
# address at any given time. Apprule courtesy of Quantus' World
:INIT "Westwood Online"
OUT TCP 4000 4000 0.0.0.0 0 R
:SUB
IN TCP 4000 4000 0.0.0.0 0 0 AD
IN UDP 1140 1234 0.0.0.0 0 0 AD
IN TCP 1140 1234 0.0.0.0 0 0 AD
OUT UDP 1140 1234 0.0.0.0 0 D
OUT TCP 1140 1234 0.0.0.0 0 D
:END


# Rainbow Six
:INIT "Rainbow Six"
OUT TCP 2346 2346 0.0.0.0 0 R
:SUB
IN TCP 2346 2346 0.0.0.0 0 0 AD
:END


# Rainbow Six server
# (Change 192.168.0.2 to the IP address of your Rainbow Six server)
# :INIT "Rainbow Six Server"
# IN TCP 2346 2346 192.168.0.2 0 0 -
# :SUB
# :END


# Delta Force
:INIT "Delta Force"
OUT UDP 3568 3568 0.0.0.0 0 R
:SUB
IN TCP 3100 3999 0.0.0.0 0 0 AD
IN UDP 3100 3999 0.0.0.0 0 0 AD
OUT UDP 3100 3999 0.0.0.0 0 D
OUT TCP 3100 3999 0.0.0.0 0 D
:END


# Delta Force Server
# Where 192.168.0.2 is your Delta Force server
# :INIT "Delta Force Server"
# OUT UDP 3568 3568 192.168.0.2 0 -
# :SUB
# IN TCP 3100 3999 0.0.0.0 0 0 AD
# IN UDP 3100 3999 0.0.0.0 0 0 AD
# OUT UDP 3100 3999 0.0.0.0 0 D
# OUT TCP 3100 3999 0.0.0.0 0 D
# :END


# Soldier Of Fortune
:INIT "Soldier Of Fortune"
OUT TCP 28910 28910 0.0.0.0 0 R
:SUB
IN TCP 28910 28910 0.0.0.0 0 0 AD
:END


# Half Life
:INIT "Half Life"
OUT TCP 27015 27015 0.0.0.0 0 R
:SUB
IN TCP 27015 27015 0.0.0.0 0 0 AD
:END


# Half Life Server
# (change 192.168.0.2 to correct IP address of your Half Life server)
# :INIT "Half Life Server"
# IN TCP 27015 27015 192.168.0.2 0 0 -
# :SUB
# :END


# KALI
# Built-in supported.


# Quake2
# (change 192.168.0.2 to correct IP address of your Quake2 server)
# :INIT "Quake2 Server"
# IN UDP 27910 27910 192.168.0.2 0 0 -
# :SUB
# :END


# Bungie.net, Myth, Myth II Server
# (Change 192.168.0.2 to correct IP address)
# :INIT "Bungie.net Server"
# IN TCP 3453 3453 192.168.0.2 0 0 -
# :SUB
# :END


# Unreal server
# (Change 192.168.0.2 to the IP address of your Unreal server)
# :INIT "Unreal Server"
# IN TCP 7777 7777 192.168.0.2 0 0 -
# :SUB
# :END


# Unreal Tournament Server
# Apprule made possible by: MutantKiller@planetunreal.com
# (Change 192.168.0.2 to the IP address of your Unreal Tournament server)
# Unreal Game Data
# :INIT "UT Game Data"
# IN UDP 7777 7777 192.168.0.2 0 0 -
# :SUB
# :END
#
# Unreal Query Data
# :INIT "UT Server Query"
# IN UDP 7778 7778 192.168.0.2 0 0 -
# :SUB
# :END
#
# Unreal Uplink
# :INIT "UT Server Uplink"
# OUT TCP 27900 27900 0.0.0.0 60000 -
# :SUB
# IN UDP 7779 7781 0.0.0.0 0 0 A
# :END
#
# Unreal Admin Webserver
# :INIT "UT Webserver"
# IN TCP 8888 8888 192.168.0.2 0 0 -
# :SUB
# :END


# Nullsoft Shoutcast Server
# :INIT "Nullsoft Shoutcast Server"
# IN TCP 8000 8000 192.168.0.2 0 0 -
# :SUB
# IN TCP 8001 8001 0.0.0.0 0 0 -
# :END


# Fuse Server
# (change 192.168.0.2 to correct IP address of your Fuse server)
# :INIT "Fuse Server"
# IN TCP 4500 4500 192.168.0.8 0 0 -
# :SUB
# :END


# Heretic II Server
# (change 192.168.0.2 to correct IP address of your Heretic server)
# :INIT "Heretic II Server"
# IN TCP 28910 28910 192.168.0.2 0 0 -
# :SUB
# :END


# Hexen II
# Each computer behind Sybergen Access Server or SyGate,
# hosting Hexen II must have a different port number.
# Below is an EXAMPLE of three apprules for hosting Hexen II
# - Player 1 has IP address of 192.168.0.2, with a port number 26900
# - Player 2 has IP address of 192.168.0.3, with a port number 26901
# - Player 3 has IP address of 192.168.0.4, with a port number 26902
# Just change the IP address to the IP address of the computer hosting
# Hexen II, and set the Port number to a unique number
# To connect to Hexen II from outside of your LAN you must put the IP
# address if your external Network Card/Modem and the prot number of
# the game you wish to join.
#
# Hexen II server 1
# (change 192.168.0.2 to correct IP address of your Hexen II server)
# :INIT "Hexen II Server 1"
# IN UDP 26900 26900 192.168.0.2 0 0 -
# :SUB
# :END
#
#
# Hexen II server 2
# (change 192.168.0.3 to correct IP addres of your Hexen II server)
# :INIT "Hexen II Server 2"
# IN UDP 26901 26901 192.168.0.3 0 0 -
# :SUB
# :END
#
#
# Hexen II server 3
# (change 192.168.0.4 to correct IP address of your Hexen II server)
# :INIT "Hexen II Server 3"
# IN UDP 26902 26902 192.168.0.4 0 0 -
# :SUB
# :END


# Laplink Server
# (change 192.168.0.2 to correct IP address)
# :INIT "Laplink server"
# IN TCP 1547 1547 192.168.0.2 0 0 -
# :SUB
# :END


# Remotely Possible Server
# (Change 192.168.0.2 to the IP address of your Remotely Possible server)
# :INIT "Remotely Possible Server"
# IN TCP 799 799 192.168.0.2 0 0 -
# :SUB
# :END


# Lotus Notes Server (Port 1352)
# (Change 192.168.0.2 to the IP address of your Notes server)
# :INIT "Lotus Notes Server"
# IN TCP 1352 1352 192.168.0.2 0 0 -
# :SUB
# :END


# pcANYHWERE host inside.
# You need replace the 192.168.0.2 in the following line to
# your client's IP address and remove the comments flag '#' from
# following two rules
#
# :INIT "pcANYWHERE Use"
# IN TCP 5631 5631 192.168.0.2 0 0 -
# :SUB
# :END
#
# :INIT "pcANYWHERE Seek"
# IN UDP 5632 5632 192.168.0.2 0 0 -
# :SUB
# IN UDP 22 22 0.0.0.0 0 0 -
# :END


########################################################################
# Following demos how to make servers on Sybergen Access Server
# or SyGate client visiable to outside.
#
# Demo Web Server1 on Sybergen Access Server or SyGate client,
# use http://<sygate's ip>:80 to access 192.168.0.2:80
#
# You need replace the 192.168.0.2 in the following line to
# your client's IP address and remove the comments flag '#' from
# following rule.
#
# :INIT "Our WEB Server"
# IN TCP 80 80 192.168.0.2 0 0 -
# :SUB
# :END
#
# Demo FTP Server1 on Sybergen Access Server or SyGate client
# You need replace the 192.168.0.2 in the following line to
# your client's IP address and remove the comments flag '#' from
# following rule.
#
# :INIT "Our FTP server"
# IN TCP 21 21 192.168.0.2 0 86400000 -
# :SUB
# :END
#
# Demo TELNET Server on Sybergen Access Server or SyGate client
# You need replace the 192.168.0.2 in the following line to
# your client's IP address and remove the comments flag '#' from
# following rule.
#
# :INIT "Our TELNET server"
# IN TCP 23 23 192.168.0.2 0 36000000 -
# :SUB
# :END
#
# Demo Mail Server on Sybergen Access Server or SyGate client
# You need replace the 192.168.0.2 in the following line to
# your client's IP address and remove the comments flag '#' from
# following rule.
# Generally, you receive mail with POP3 protocol,
# send mail with SMTP protocol.
#
# :INIT "Our Mail(POP3) server"
# IN TCP 110 110 192.168.0.2 0 0 -
# :SUB
# :END
#
# :INIT "Our Mail(SMTP) server"
# IN TCP 25 25 192.168.0.2 0 0 -
# :SUB
# :END
#
#
# www.sygate.co.kr
# Wowcall
:INIT "Wowcall"
OUT TCP 8000 8000 0.0.0.0 0 R
:SUB
IN UDP 4000 4020 0.0.0.0 0 0 AD
IN TCP 8000 8000 0.0.0.0 0 0 AD
:END
# Telefree
:INIT "Telefree"
OUT UDP 32000 32000 0.0.0.0 0 -
:SUB
IN UDP 32000 32000 0.0.0.0 0 0 AD
IN TCP 9001  7777 0.0.0.0 0 0 AD
:END
#
# Sorbada
:INIT "soribada"
OUT TCP 8765 8765 0.0.0.0 0 R
:SUB
IN UDP 9001 9004 0.0.0.0 0 0 AD
:END
#


###################### End Of APPRULE.CFG #########################

reTweet
Posted by 문스랩닷컴
blog comments powered by Disqus

    댓글을 달아 주세요


    DNS 호스팅에 가능한 시나리오는 두 가지가 있습니다.

    시나리오 1: ISA Server에서 DNS 서버를 사용한 DNS 호스팅

    기본적으로 ISA Server에는 미리 정의된 DNS 쿼리 패킷 필터가 포함되어 있습니다.

    Name: DNS Filter
    Filter Type: Predefined
    Protocol: UDP
    Direction: Send Receive
    Local Port: All ports
    Remote Port: Fixed port, 53
    Local Computer: Default IP address on the External interface(s)
    Remote Computer: All Remote Computers

    이전 패킷 필터의 방향이 원격 포트 53에서 "Send Receive"이기 때문에 필터를 사용하면 ISA Server는 사용자 데이터그램 프로토콜(UDP) 포트 53에서 수신 대기하는 외부 DNS 서버로 DNS 쿼리를 보내고 이 쿼리에 대한 응답을 받을 수 있습니다.

    필터는 ISA Server로 들어오는 DNS 쿼리를 사용하지 못합니다. 외부 클라이언트 컴퓨터에 대해 DNS 서버를 호스트하는 경우 사용자 지정 DNS 패킷 필터를 추가해야 들어오는 DNS 쿼리를 DNS 서버에서 수신할 수 있습니다. 이런 패킷 필터의 예는 다음과 같습니다.

    Name: DNS Query
    Protocol: UDP
    Direction: Receive Send
    Local Port: Fixed port, 53
    Remote Port: All ports
    Local Computer: Default IP address on the External interface(s)
    Remote Computer: All Remote Computers

    DNS 쿼리는 UDP 프로토콜을 사용하는 반면 주 DNS 서버와 보조 DNS 서버 간의 DNS 영역 전송은 TCP(전송 제어 프로토콜) 프로토콜을 사용합니다. ISA Server의 외부 네트워크 어댑터에서 보조 DNS 서버로 DNS 영역 전송이 필요할 경우 다음과 같이 다른 사용자 지정 패킷 필터를 만들어야 합니다.

    Name: DNS Zone transfer
    Protocol: TCP
    Direction: Both
    Local Port: Fixed port, 53
    Remote Port: All ports
    Local Computer: Default IP address on the External interface(s)
    Remote Computer: All Remote Computers

    승인 받지 않은 DNS 서버로 DNS 영역이 전송되는 것을 방지하려면 DNS 서버를 설정하여 지정된 DNS 서버로만 영역을 전송할 수 있도록 해야 합니다. 그렇지 않으면 지정된 원격 컴퓨터가 "All Remote Computers" 대신 보조 DNS 서버의 인터넷 프로토콜(IP) 주소가 되도록 이전 패킷 필터를 수정할 수 있습니다. DNS 영역 전송에 대한 자세한 내용은 Windows 2000 온라인 도움말을 참조하십시오.


    시나리오 2: ISA Server의 개인 네트워크에 있는 DNS 서버

    ISA Server의 개인 네트워크에 있는 DNS 서버를 사용하여 ISA Server의 네트워크 어댑터에 있는 클라이언트에 대한 DNS 쿼리를 확인하려면 DNS 게시 규칙을 만들어야 합니다.


    1. Server Publishing Rule을 마우스 오른쪽 단추로 누르고 New를 누른 다음 Rule을 누릅니다.
    2. 서버 게시 규칙의 이름을 입력하고 Next를 누릅니다.

    3. 내부 DNS 서버의 IP 주소와 ISA Server의 외부 인터페이스를 입력하고 Next를 입력합니다.

    4. 프로토콜로 DNS Query Server를 누르고 Next를 누릅니다.

    5. Any Request에 규칙을 적용하고 Next를 누른 다음 Finish를 누릅니다.

    ISA Server의 네트워크 어댑터에 있는 보조 DNS 서버로 DNS 영역을 전송해야 하는 경우 다른 서버 게시 규칙을 만들어야 합니다. 앞에서 설명한 DNS 쿼리 규칙과 동일한 일반 지침을 사용하고 프로토콜로 DNS Zone Transfer를 선택합니다.
    reTweet
    Posted by 문스랩닷컴
    blog comments powered by Disqus

      댓글을 달아 주세요



      Web Analytics Blogs Directory