Firewall Wizards mailing list archives
RE: (no subject)
From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Fri, 22 Nov 2002 12:57:19 -0600
I am not sure why you require it in your DMZ. If you need something to act as a bastion or proxy for SMTP email, why not use a cheapware SMTP server on something like Linux? Even if you do need Exchange, you shouldn't need domain rights to just do SMTP. If you need it to provide external access to email, I would look at something like OWA instead. As for what to open, here is a sample from a PIX that I did a while ago (sorry it is in conduit format) conduit permit udp host 172.16.1.1 eq netbios-ns host 10.100.0.10 conduit permit udp host 172.16.1.1 eq netbios-dgm host 10.100.0.10 conduit permit tcp host 172.16.1.1 eq 139 host 10.100.0.10 conduit permit udp host 172.16.1.1 eq 139 host 10.100.0.10 conduit permit tcp host 172.16.1.1 eq 135 host 10.100.0.10 It provided access from the DMZ host to the DC. I think that 135 and 139 may not have needed to be opened (I don't recall for sure and I don't have a latest config to see if I removed them or not). Thanks. Wes Noonan, MCSE/CCNA/CCDA/NNCSS Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com
-----Original Message----- From: Dean Pullen [mailto:deanpullen () yahoo com] Sent: Friday, November 22, 2002 12:04 To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] (no subject) Hi guys, I've basically been told that we require an Exchange system operated within our DMZ setup. After much reading I've decided to go for a front-end, back-end Exhange system, with the Exchange front-end in the DMZ and the back-end in the LAN. However, even though I've opened up all the ports specified in MS' white papers between the DMZ and LAN, I cannot connect to the domain/active directory from the Front-End server. How do I go about this? I mean all I am trying at the moment is to connect to our internal Domain by accessing the network ID in the My Computer properties and trying typing in the Domain. Do I have to do anything else?! Sorry for my amateurishness(!) but we're a small firm and cannot afford a fully-fledged exchange specialist, thus I'm doing it! Thanks in advance. Dean Pullen. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- (no subject) LazloCarreidas (Nov 06)
- <Possible follow-ups>
- Re: (no subject) broyds (Nov 06)
- (no subject) Dean Pullen (Nov 22)
- Re: (no subject) Skip Frizzell (Nov 22)
- Message not available
- Re: (no subject) Skip Frizzell (Nov 24)
- Re: (no subject) Skip Frizzell (Nov 22)
- Re: (no subject) Paul D. Robertson (Nov 24)
- RE: (no subject) Noonan, Wesley (Nov 22)
- RE: (no subject) Don Goldstein (Nov 25)
- RE: (no subject) Paul Robertson (Nov 25)
- RE: (no subject) Nieveler, Juergen (Nov 26)
- RE: (no subject) Paul D. Robertson (Nov 26)