-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doug Sampson wrote: | Hi all, | | I'm still running the latest version of Dachstein CD. I want to move our | Exchange box to the DMZ from the LAN and have clients connect to it from the | LAN. However, the Exchange box needs to connect to our domain controllers in | the LAN for user authentication. I need to poke holes at port 136 through | 139. Where do I make these holes? | | I see that clients use ports above 1024 to make initial connections and that | the Exchange box opens ports above 1024 in response to the clients' | connection requests. Do I need to open holes for these? I believe I do not | need to do these because the connection coming from the Exchange box is in | response to the clients' connections so these would not be rejected by the | Dachstein router if that is how I understand it. | | Someday I will upgrade to Bering uClibc but for now I need to solve this | issue.
Well, your problem is you're using exchange... You can fairly easily put a firewall between the exchange box and the internet, because all the involved protocols are standards based and well documented. Microsoft networking, however, (including high-port traffic you mention, above) gets very upset if all parties are not in the same broadcast domain (MS Motto: What's a router?!?). This makes life with subnetted networks and routers tricky at best, and frequently downright impossible (at least without paying big $$$ for lots of MS server licenses). Unless someone with exchange experience chimes in (I've stayed as far away from exchange as I can), you'll probably need to ask your question on a more MS centric list and/or search google/MSDN for information on putting a firewall between your exchange server and clients. NOTE: If you're moving the exchange box to the DMZ mainly because of concernes that it might get hacked, an alternative would be to install an SMTP server in the DMZ that simply forwards mail to the exchange box sitting on the internal LAN, shielding it from the 'raw' internet in the process. - -- Charles Steinkuehler [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFDvtGlLywbqEHdNFwRAsg3AKDboR7votwgw7AvS7E4VZOKPQIXGQCg4hvO LLRFqD1BYYzCVqcs0s/y0QY= =OHt5 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
