Firewall Wizards mailing list archives
Re: Is it possible at all ...?
From: Ryan Russell <ryan () securityfocus com>
Date: Sat, 26 Aug 2000 11:22:30 -0700 (PDT)
On Fri, 25 Aug 2000, Chris wrote:
different IP networks. I'd like setup the DMZ and the Inside as follows, so that the domain controllers can exchange information, browsing works, NT user authentication and all the typical NT Domain stuff work. Is that possible at all? I opened ports 135,137,138,139 between the DMZ and the Inside but I do not get it to work?
Perhaps you don't have a WINS server set up, or the DMZ machines can't reach it, or don't have it programmed properly? As soon as you go to more than one IP subnet (which you almost always have to do with a DMZ) you will have to use WINS to make things work right. Of course, and I'm sure I won't be the only one to point this out, with the setup you've described, you might as well not have a DMZ. The moment one of your DMZ machines gets nailed (and you have to assume it will... that's why DMZs exist) then the attacker has everything they need to 0wn any inside machine they want. Why do you want NetBIOS running between the inside and DMZ? Ryan _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Is it possible at all ...? Chris (Aug 26)
- Re: Is it possible at all ...? Ryan Russell (Aug 26)
- Re: Is it possible at all ...? Jonn Martell (Aug 27)
- Re: Is it possible at all ...? Ryan Russell (Aug 26)