Firewall Wizards mailing list archives
Re: FW-1 and RPC with MSDTC
From: Darren Reed <darrenr () reed wattle id au>
Date: Fri, 12 Jan 2001 05:58:15 +1100 (EST)
I think you've misunderstood the question. At least when one uses Sun RPC there is a "program number" (/etc/rpc) for each RPC service. FW-1 allows you to control access across the firewall based on the RPC number (it's encoded into the RPC packets). On the Microsoft front, I've no idea if they have a similar mechanism but I suspect they do. Afterall, how else do you get the right port number back to a query? The documentation in Samba provides some details and with some protocol analysis I was able to write a RPC proxy for IP Filter so I could firewall an Exchange server and still have things work without having to open up a bunch of ports for no good reason - only 137/tcp or whatever it is where those lookups happen. Darren In some email I received from Michael Nelson, sie wrote:
That's because the RPC port number is random. See http://www.microsoft.com/com/wpaper/dcomfw.asp (written by yours truly) for more info. The info applies to RPC as well as DCOM. -mike On Tue, 9 Jan 2001, Javier Megias wrote:We're trying to get one server, that has IIS4 with MSDTC components talk with a SQL Server 7 database with MSDTC,that is in the other interface of the firewall (checkPoint FW-1 SP3). It complains that it can't use RPC or that the RPC call isn't working., so we're triying to find out what RPC app numer we must use; have tried almost everything, and we can't get it to work. The IIS is inside a NT Domain, and the SQL Server 7 is inside a NT group. IIS ----------- FW-1 ------SQLServer7 I think that the fact could be that we don't really know how RPC really works :-) . Any wizard could light it? Thanks, Javier Megias
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Role of a Security Administrator Maddy (Jan 08)
- Re: Role of a Security Administrator Bennett Todd (Jan 08)
- Re: Role of a Security Administrator Webmaster (Jan 08)
- Re: Role of a Security Administrator Magosányi Árpád (Jan 08)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 11)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- RE: FW-1 and RPC with MSDTC Andrew Helm-Cowley (Jan 12)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)
- <Possible follow-ups>
- Re: Role of a Security Administrator Harris Raymond D JR Civ AFAA/MSI (Jan 10)