Firewall Wizards mailing list archives
RE: FW-1 and RPC with MSDTC
From: "Andrew Helm-Cowley" <andrew.cowley () techie com>
Date: Fri, 12 Jan 2001 12:03:24 -0400
The RPC port is randomly assigned by the RPC-loc request. You can restrict the ports that are used by editing the registry (microsoft Q article Q154596). By doing this you can lock RPC down to 20 ports (Microsoft minimum). Andrew -----Original Message----- From: firewall-wizards-admin () nfr com [mailto:firewall-wizards-admin () nfr com]On Behalf Of Darren Reed Sent: Thursday, January 11, 2001 2:58 PM To: Michael Nelson Cc: jmegias () hyphop com; firewall-wizards () nfr net Subject: Re: [fw-wiz] FW-1 and RPC with MSDTC I think you've misunderstood the question. At least when one uses Sun RPC there is a "program number" (/etc/rpc) for each RPC service. FW-1 allows you to control access across the firewall based on the RPC number (it's encoded into the RPC packets). On the Microsoft front, I've no idea if they have a similar mechanism but I suspect they do. Afterall, how else do you get the right port number back to a query? The documentation in Samba provides some details and with some protocol analysis I was able to write a RPC proxy for IP Filter so I could firewall an Exchange server and still have things work without having to open up a bunch of ports for no good reason - only 137/tcp or whatever it is where those lookups happen. Darren In some email I received from Michael Nelson, sie wrote:
That's because the RPC port number is random. See http://www.microsoft.com/com/wpaper/dcomfw.asp (written by yours truly) for more info. The info applies to RPC as well as DCOM. -mike On Tue, 9 Jan 2001, Javier Megias wrote:We're trying to get one server, that has IIS4 with MSDTC components talk with a SQL Server 7 database with MSDTC,that is in the other interface
of
the firewall (checkPoint FW-1 SP3). It complains that it can't use RPC
or
that the RPC call isn't working., so we're triying to find out what RPC
app
numer we must use; have tried almost everything, and we can't get it to work. The IIS is inside a NT Domain, and the SQL Server 7 is inside a NT group. IIS ----------- FW-1 ------SQLServer7 I think that the fact could be that we don't really know how RPC really works :-) . Any wizard could light it? Thanks, Javier Megias
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Role of a Security Administrator Maddy (Jan 08)
- Re: Role of a Security Administrator Bennett Todd (Jan 08)
- Re: Role of a Security Administrator Webmaster (Jan 08)
- Re: Role of a Security Administrator Magosányi Árpád (Jan 08)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 11)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- RE: FW-1 and RPC with MSDTC Andrew Helm-Cowley (Jan 12)
- Re: FW-1 and RPC with MSDTC Darren Reed (Jan 12)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- Re: FW-1 and RPC with MSDTC Michael Nelson (Jan 15)
- FW-1 and RPC with MSDTC Javier Megias (Jan 10)
- <Possible follow-ups>
- Re: Role of a Security Administrator Harris Raymond D JR Civ AFAA/MSI (Jan 10)