Re: [fw-wiz] Putting MS servers behind firewalls

From: Luca Berra (bluca_at_comedia.it)
Date: 06/08/04

  • Next message: ghideon_at_ghideon.com: "[fw-wiz] PIX to Router IPSec"
    To: firewall-wizards@honor.icsalabs.com
    Date: Tue, 8 Jun 2004 00:44:34 +0200
    
    

    On Mon, Jun 07, 2004 at 12:23:34PM +0600, Dilan Walgampaya wrote:
    >for proper operation. The worse is that exchange server work in a
    >dynamic port setup where the server opens a random port for each
    >different client. MS site has some registry edits that is supposed to
    >correct this dynamic port setup issue. But when I tried these they did
    >not work as per the document describes.
    they should.

    > Has anybody done this kind of a setup (with other than an ISA
    > server). I am interested in doing this with Netscreen/Pix and Linux
    >IPTables. Any help is appreciated.
    with pix you can use the "established" command to open the rpc dynamic
    port range after a connection to epmap (135/tcp) has been instantiated,
    no idea if you can do the same with netscreen
    iirc this is not possible with linux, but you can code a conntrack
    module for this, i suppose.

    L.

    -- 
    Luca Berra -- bluca@comedia.it
            Communication Media & Services S.r.l.
     /"\
     \ /     ASCII RIBBON CAMPAIGN
      X        AGAINST HTML MAIL
     / \
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: ghideon_at_ghideon.com: "[fw-wiz] PIX to Router IPSec"