Re: unable to join domain from dmz
From: Micheal Espinola Jr (michealespinola_at_gmail.com)
Date: 12/30/04
- Previous message: brandon_at_xcodes.net: "Mail Servers blocking BAD Helo"
- In reply to: Andrew Shore: "RE: unable to join domain from dmz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Dec 2004 01:45:49 -0500 To: Andrew Shore <andrew.shore@holistecs.com>
If you have to (and sometimes you do), it should be an isolated domain
- with no connection/relation/usage/transparency/etc with any internal
domains.
However, there is no real reason to have WINS services on a DMZ.
On Tue, 28 Dec 2004 21:59:13 -0000, Andrew Shore
<andrew.shore@holistecs.com> wrote:
> Yes, yes it is.
>
> -----Original Message-----
> From: Phillip McCollum [mailto:PMcCollum@sanmanuel.com]
> Sent: 01 September 2004 18:51
> To: dan.tesch@comcast.net; Andrew Shore;
> security-basics@lists.securityfocus.com
> Subject: RE: unable to join domain from dmz
>
> Correct me if I'm wrong, but isn't it just a bad idea in general to have
> any sort of Domain Controller data on a server in the DMZ?
>
> Phillip McCollum
> Network Technician
> San Manuel Band of Mission Indians
> pmccollum - at - sanmanuel.com
>
> >>> "Andrew Shore" <andrew.shore@holistecs.com> 8/26/2004 7:33:52 AM
> >>>
> conduit permit ip host 172.17.0.10 172.17.0.0 255.255.0.0
>
> Is this the real line from the pix or a typo in the question?
>
> You should need conduit command from the 172.17.x.x to 172.17.x.x as
> this does not go through the firewall
>
> You need to allow netbios traffic to and from the BDC sever on the dmz
> to the PDC.
>
> Also as stated before you will need a wins server.
>
> conduit permit icmp any any is allow the ping command.
>
> Also you should really use access-list rather than conduit commands as
> I
> believe Cisco are dropping support for the conduit command with the
> next
> PIX OS release, mind you they've said that for years.
>
> Hope this helps
>
> Andy
> -----Original Message-----
> From: Dan Tesch [mailto:dan.tesch@comcast.net]
> Sent: 24 August 2004 21:50
> To: Security Basics
> Subject: Re: unable to join domain from dmz
>
> ***********************
> Your mail has been scanned by EdgeDefence(TM).
> ***********************
>
> You can do this by adding an entry in LMHOSTS also, you can google
> for instructions - simpler than setting up WINS.
>
> > You need to setup a WINS server. Otherwise you cannot cross
> subnets.
> >
> > On Mon, 23 Aug 2004 12:12:52 +0300, Bilal Dar <bdar@pbad.sbg.com.sa>
> wrote:
> > > I am having a problem, i couldn't figure out the reason till now.
> We
> are
> > > having our NT 4 Primary Domain Controller on the inside network,
> now
> i
> am
> > > installing another server in the DMZ as a Backup Domain
> Controller.
> When
> i
> > > try to join the domain during installation i get an error stating
> "The
> > > domain controller for the domain cannot be located"
> > >
> > > Dmz = 172.17.0.0/16
> > > Inside = 172.16.0.0/16
> > >
> > > PDC = 172.16.4.2
> > > NewServer = 172.17.0.10/16
> > >
> > > conduit permit icmp any any
> > > conduit permit ip host 172.17.0.10 172.16.0.0 255.255.0.0
> > > conduit permit ip host 172.17.0.10 172.17.0.0 255.255.0.0
> > > conduit permit tcp host 172.17.0.10 eq smtp any
> > > conduit permit tcp host 172.17.0.10 eq pop3 any
> > > conduit permit tcp host 172.17.0.10 eq domain any
> > > conduit permit udp host 172.17.0.10 eq domain any
> > > conduit permit ip host 172.17.4.2 host 172.17.0.10
> > >
> > > I can ping NewServer from Inside network. Am i missing something?
> > >
> > > Thanks
> > >
> > >
> >
> >
> > --
> > END OF LINE
> > -MCP
>
> ------------------------------------------------------------------------
> ---
> Computer Forensics Training at the InfoSec Institute. All of our class
> sizes
> are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand
> skills of
> a certified computer examiner, learn to recover trace data left behind
> by
> fraud, theft, and cybercrime perpetrators. Discover the source of
> computer
> crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
>
> ------------------------------------------------------------------------
> ----
>
> ------------------------------------------------------------------------
> ---
> Computer Forensics Training at the InfoSec Institute. All of our class
> sizes
> are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand
> skills of
> a certified computer examiner, learn to recover trace data left behind
> by
> fraud, theft, and cybercrime perpetrators. Discover the source of
> computer
> crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
>
> ------------------------------------------------------------------------
> ----
>
> ------------------------------------------------------------------------
> ---
> Computer Forensics Training at the InfoSec Institute. All of our class
> sizes
> are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand
> skills of
> a certified computer examiner, learn to recover trace data left behind
> by
> fraud, theft, and cybercrime perpetrators. Discover the source of
> computer
> crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
> ------------------------------------------------------------------------
> ----
>
>
-- ME2 <http://www.santeriasys.net/rss.php>
- Previous message: brandon_at_xcodes.net: "Mail Servers blocking BAD Helo"
- In reply to: Andrew Shore: "RE: unable to join domain from dmz"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
