Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Astaro Gateway Products > Network Security: Firewall, NAT, QoS, IPS and more
Reload this Page Logon to a Windows2000 DC through Firewall
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 08-01-2002, 06:52 PM
bbb's Avatar
bbb bbb is offline
Senior Member
  
Join Date: Sep 2001
Posts: 174
Default Logon to a Windows2000 DC through Firewall
Hi,

anyone knows exactly which Ports are really needed to login a Win2000 DC from a Client or Server in a DMZ through the Firewall onto an internal win2000 Domain Controller?
The target is to let a proxyserver/viruswall located in DMZ(not_ASL)login the internal Domaincontroller so that it can authenticate requests from the clients against the internal domain.
The internal DC is installed in compatible mode not in native mode.

I opened many Ports for that but i am not sure if they are all needed.
(CIFS,nbdgram,135tcp,139_udp,ldap389tcp/udp,kerberos_auth_88,MicrosoftLSA_1026,DNS_udp,pin g for testing)
I havent opened microsoft_ds_445 ... maybe one got some better experience with less ports?????

BBB
Reply With Quote
  #2 (permalink)  
Old 08-04-2002, 08:40 AM
Member
  
Join Date: Jul 2002
Posts: 48
Default Re: Logon to a Windows2000 DC through Firewall
Here's the no-guess approach I use. Disable any rules you may already have to access the Win2k server. Then set up a rule to "Log Drop" all traffic to it. Attempt to access the server. The log will show you what ports you need.

Hope this helps.

Farid
Reply With Quote
  #3 (permalink)  
Old 08-04-2002, 12:13 PM
bbb's Avatar
bbb bbb is offline
Senior Member
  
Join Date: Sep 2001
Posts: 174
Default Re: Logon to a Windows2000 DC through Firewall
Heh...that would not give me all information i need. Because after connecting the first used Port there will be another approach to other service etc...okay i could test port by port and open em one after another...grmpfl
Reply With Quote
  #4 (permalink)  
Old 08-05-2002, 09:58 AM
Senior Member
  
Join Date: Apr 2002
Location: UK
Posts: 408
Default Re: Logon to a Windows2000 DC through Firewall
Quote:
Originally posted by Bernd Buchenberger:
Heh...that would not give me all information i need. Because after connecting the first used Port there will be another approach to other service etc...okay i could test port by port and open em one after another...grmpfl
<font size="2" face="Verdana, Arial">Try this thread.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 03:12 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.