If MTS is using DCOM to generate that RPC traffic, you can run
"$winnt\system32\dcomcnfg" on the MTS server to set it to only use a
port range - say (TCP port 5000-5020). Hope this helps!
Jason
[EMAIL PROTECTED] wrote:
>
> Hello,
>
> I have a web server on my DMZ running IIS 4.0 and MTS 2.0 with and ODBC
> connection to a MS-SQL server behind our firewall. It was decided that it would
> be more secure to remove MTS from the web server and but it on the DB server or
> another server on the same subnet (basically remove it from the DMZ).
>
> Now you do this on MTS by exporting the specific package you need which creates
> a clinet install program that you run on the web server. However, I'm having a
> problem with the configuration of my firewall. Now I have two rules one letting
> everything from web server to mts server and vive-versa (this is in a test
> environment so it's safe for now). Looking at the logs the web server makes an
> initial udp connection using port 135 and then it picks a random udp high port.
> Also I need the second rule even though it is using the same ports (I don't know
> wh the fw does not see this as a reply and let it through).
>
> Opening udp high ports from my dmz to my internal network is not very secure.
> Does anyone know how to limit the port range? Has anyone done this before?
>
> Thanks,
>
> Joe
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
