Setting up 2 domains with one way trust to dmz
- From: fliben@xxxxxxxxx
- Date: 14 Nov 2006 14:58:26 -0800
What I have now is a domain on the inside interface of a firewall and
workgroups on the dmz. I am thinking for easier administration that
making a second domain on the dmz with a one way trust would help cut
down the administration of accounts and such.
To me it looks fairly straight forward for the domain creation. I would
create a new domain like dmz.xxxxx.com for the dmz with inside domain
being xxxxx.com.
Now the big question what ports need to be open for all this to work
correctly on the firewall?
I found ms artical 179442 which lists a ton of ports that need to be
opened to make this work.
I have no problem with the server ports its the client ports that I
don't like. maybe I am reading it wrong or something. any help would be
most welcome.
list of server ports
135/tcp RPC
389/TCP/UDP LDAP
636/TCP LDAP SSL
3268/TCP LDAP GC
3269/TCP LDAP GC SSL
53/TCP/UDP DNS
88/TCP/UDP Kerberos
445/TCP SMB
Client ports
1024-65535/TCP/UDP
or is this the same as I have configured already on the firewall of any
on the inside has access to dmz?
.
- Follow-Ups:
- Re: Setting up 2 domains with one way trust to dmz
- From: Roger Abell [MVP]
- Re: Setting up 2 domains with one way trust to dmz
- Prev by Date: Re: What is this?
- Next by Date: Re: Kerberos UDP vs TCP
- Previous by thread: What is this?
- Next by thread: Re: Setting up 2 domains with one way trust to dmz
- Index(es):
Relevant Pages
|
