RE: Which ports to allow NT domain controllers ...?

["Ariel" <ariel () sys-security com>]

Since it seems no one likes NT on this list - I'll take the challenge of
helping....

Before you start opening ports and making all crazy rules on you firewall,
it most important to make sure you have adequate name resolution (and I
don't mean DNS stile). All machines should be able to find PDCs and other
"special" machines (like master browser etc.). For this purpose you should
use WINS, or if you have a small network you can use the LMHOSTS file (don't
forget that the #PRE #DOM:YOURDOMAIN are case sensitive!!). All this is
needed since broadcasts don't pass the firewall (it being a router and
so...), and after all you want NT NetBIOS operational.

On the firewall you should have all NBT ports open (137,138 UDP 139 TCP) to
the direction you wish open. Should you wish other types of communication
open other then NBT and SMB you should have them opened separately.


Ariel
www.sys-security.com
Because Security Is Not Trivial.

-----Original Message-----
From: Chris [mailto:puetzc () yahoo com]
Sent: Saturday, August 26, 2000 5:29 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] Which ports to allow NT domain controllers ...?

Which ports do I need to open to allow all needed NT
domain controller packets to go through (updates to
domain, browsing, etc.) a firewall? All my boxes are
NT - no Unix. Any help is appreciated! Thanks!
Chris
__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards