RE: which ports to allow PDC login ?

Tue, 25 May 1999 16:21:57 -0700 

I think you may be in some trouble. MS NETLOGON and most versions of NAT
Don't Get Along (covered this month - thread "RE: "). And, as a few people
covered, most firewalls use some kind of NAT to separate the internal and
external networks... You have the ports right though. 137-139, and NETLOGON
is tcp (can't remember the exact port, off the top of my head).

And yeah, a DHCP request looks like a MAC address with an IP address of
0.0.0.0 and it's an Ethernet broadcast - I don't think there are any ports
involved. You'd need a firewall that forwarded these broadcasts somehow -
ick.

I really think you'd be better of re-working your architecture so that
people didn't log in from the outside of the firewall to the inside. Apart
from the technical problems in making it work, you'll have a raft of
security issues due to the traffic you'll have to allow through the
firewall. Maybe you can use a VPN type connection?

Cheers,

--
Ben Nagy
Network Consultant, CPM&S Group of Companies
Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520
 -----Original Message-----
From:   Tally [mailto:[EMAIL PROTECTED]] 
Sent:   Wednesday, May 26, 1999 5:29 AM
To:     [EMAIL PROTECTED]
Subject:        which ports to allow PDC login ?

**********************************************************
To allow a firewall logins by member NT servers
into
the PDC on the other side of the firewall, is it 
sufficient to allow only NetBIOS service ports ?
are 
there any other ports that need to be opened up to 
allow the logins of member NT servers into the NT
PDC ?

 NT member ------FIREWALL ------ PDC
  server
********************************************************
second what are the ports to allow DHCP requests
through.
is it just bootp ports or do we need any other
rules as 
well. because (i guess) dhcp requests (at first)
are made
at a MAC level(as the client still does not have IP

address!)

 NT client-------FIREWALL -------DHCP server

please email me asap.
thanks
tally
********************************************************
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to