Re: [fw-wiz] Putting MS servers behind firewalls

From: Luca Berra (
Date: 06/08/04

  • Next message: "[fw-wiz] PIX to Router IPSec"
    Date: Tue, 8 Jun 2004 00:44:34 +0200

    On Mon, Jun 07, 2004 at 12:23:34PM +0600, Dilan Walgampaya wrote:
    >for proper operation. The worse is that exchange server work in a
    >dynamic port setup where the server opens a random port for each
    >different client. MS site has some registry edits that is supposed to
    >correct this dynamic port setup issue. But when I tried these they did
    >not work as per the document describes.
    they should.

    > Has anybody done this kind of a setup (with other than an ISA
    > server). I am interested in doing this with Netscreen/Pix and Linux
    >IPTables. Any help is appreciated.
    with pix you can use the "established" command to open the rpc dynamic
    port range after a connection to epmap (135/tcp) has been instantiated,
    no idea if you can do the same with netscreen
    iirc this is not possible with linux, but you can code a conntrack
    module for this, i suppose.


    Luca Berra --
            Communication Media & Services S.r.l.
      X        AGAINST HTML MAIL
     / \
    firewall-wizards mailing list

  • Next message: "[fw-wiz] PIX to Router IPSec"