Security Basics mailing list archives

Re: Open ports to establish a one-way trust

From: "Eric McCarty" <eric () piteduncan com>
Date: Tue, 1 Mar 2005 10:15:30 -0800

Your firewall logs will tell you what traffic is being dropped,
add/modify your rulesets accordingly. 

Eric

On Tue, 2005-03-01 at 10:15 -0600, Ju Ne wrote:

We have a domain in our WAN that needs an Active Directory
one-way trust established with our domain.  The change has been made in 
Active Directory but we have been unable to test this new trust?  What ports 
need to be opened at the firewall to allow this trust from a firewall 
perspective?  Are any of the ports listed below required for this trust?

TCP 135   Microsoft RPC
UDP 137  Netbios-ns
UDP 138  Netbios-dgm
TCP 139  Netbios
TCP 42  - WINS, Nameserv
TCP/UDP 389- LDAP
TCP 636 - SLDAP
TCP 3268 - MSFT-GC
TCP 3269 -MSFT-GC-SSL
TCP/UDP 53 -DNS
TCP/UDP 88 - Kerberos, www
TCP 445 - SMB

Thanks,

Djembe

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar  get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

-- 
Eric C. McCarty

Systems Administrator
Pite Duncan & Melmet, LLP
eric () piteduncan com
619 590-1300 x 2060

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Open ports to establish a one-way trust Ju Ne (Mar 01)
- RE: Open ports to establish a one-way trust dave kleiman (Mar 02)
- <Possible follow-ups>
- Re: Open ports to establish a one-way trust Eric McCarty (Mar 02)
- RE: Open ports to establish a one-way trust Depp, Dennis M. (Mar 02)
- RE: Open ports to establish a one-way trust Mike (Mar 02)