Re: [fw-wiz] Putting MS servers behind firewalls
From: Luca Berra (bluca_at_comedia.it)
To: firstname.lastname@example.org Date: Tue, 8 Jun 2004 00:44:34 +0200
On Mon, Jun 07, 2004 at 12:23:34PM +0600, Dilan Walgampaya wrote:
>for proper operation. The worse is that exchange server work in a
>dynamic port setup where the server opens a random port for each
>different client. MS site has some registry edits that is supposed to
>correct this dynamic port setup issue. But when I tried these they did
>not work as per the document describes.
> Has anybody done this kind of a setup (with other than an ISA
> server). I am interested in doing this with Netscreen/Pix and Linux
>IPTables. Any help is appreciated.
with pix you can use the "established" command to open the rpc dynamic
port range after a connection to epmap (135/tcp) has been instantiated,
no idea if you can do the same with netscreen
iirc this is not possible with linux, but you can code a conntrack
module for this, i suppose.
-- Luca Berra -- email@example.com Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN X AGAINST HTML MAIL / \ _______________________________________________ firewall-wizards mailing list firstname.lastname@example.org http://honor.icsalabs.com/mailman/listinfo/firewall-wizards