Re: Windows Ports when used on DMZ
From: S. Pidgorny
Date: 06/28/05
- Next message: antioch: "Re: Beta1 antispy - no pm settings"
- Previous message: Dmitry Kopnichev: "Re: How can I retain ability to save to my portable disk's root on other computers?"
- In reply to: Steven L Umbach: "Re: Windows Ports when used on DMZ"
- Next in thread: Steven L Umbach: "Re: Windows Ports when used on DMZ"
- Reply: Steven L Umbach: "Re: Windows Ports when used on DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 19:02:07 +1000
When I was doing testing, the absolute minimum was - RPC with 1 static port,
DNS (UDP only is sufficient if no long response is expected), CIFS direct
hosting (445/TCP), Kerberos/UDP, LDAP (TCP, enable UDP which is "LDAP ping"
to keep firewall logs clean), LDAP GC over TCP, Kerberos/UDP and ICMP ping
(firewalls do filtering based on ICMP message number).
-- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:#TOfxezeFHA.220@TK2MSFTNGP12.phx.gbl... > See the links below for details from a KB article that discusses such. More > than likely your problem is with dynamic RPC in that you are finding ports > 1025-1030 being dropped by your firewall. You can configure dynamic RPC to > use a limited number of ports and then configure your firewall to allow > them. --- Steve > > http://support.microsoft.com/?id=154596 > http://support.microsoft.com/kb/179442/ > > "Derek Smith" <smithdl@sanjuancollege.edu> wrote in message > news:OGxhGKzeFHA.1680@TK2MSFTNGP09.phx.gbl... > > Hi, > > > > We have a Windows Server on a DMZ, and it's having trouble querying Active > > Directory. We have a PIX and have allowed what we thought is everything > > we need. Does anyone know exactly what ports are needed to query Active > > Directory and have all services running with a Windows Box right out of > > the box? > > > > More specifically, we are getting an RPC Error when trying to add > > administrators to the local groups. It works fine when we allow all IP, > > so we know the problem is with the PIX. > > > > Thanks in advance, > > > > Derek Smith > > > >
- Next message: antioch: "Re: Beta1 antispy - no pm settings"
- Previous message: Dmitry Kopnichev: "Re: How can I retain ability to save to my portable disk's root on other computers?"
- In reply to: Steven L Umbach: "Re: Windows Ports when used on DMZ"
- Next in thread: Steven L Umbach: "Re: Windows Ports when used on DMZ"
- Reply: Steven L Umbach: "Re: Windows Ports when used on DMZ"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
