Firewall Wizards mailing list archives
RE: Which ports to allow NT domain controllers ...?
From: "Ariel" <ariel () sys-security com>
Date: Sun, 27 Aug 2000 09:08:56 +0300
Since it seems no one likes NT on this list - I'll take the challenge of helping.... Before you start opening ports and making all crazy rules on you firewall, it most important to make sure you have adequate name resolution (and I don't mean DNS stile). All machines should be able to find PDCs and other "special" machines (like master browser etc.). For this purpose you should use WINS, or if you have a small network you can use the LMHOSTS file (don't forget that the #PRE #DOM:YOURDOMAIN are case sensitive!!). All this is needed since broadcasts don't pass the firewall (it being a router and so...), and after all you want NT NetBIOS operational. On the firewall you should have all NBT ports open (137,138 UDP 139 TCP) to the direction you wish open. Should you wish other types of communication open other then NBT and SMB you should have them opened separately. Ariel www.sys-security.com Because Security Is Not Trivial. -----Original Message----- From: Chris [mailto:puetzc () yahoo com] Sent: Saturday, August 26, 2000 5:29 PM To: firewall-wizards () nfr net Subject: [fw-wiz] Which ports to allow NT domain controllers ...? Which ports do I need to open to allow all needed NT domain controller packets to go through (updates to domain, browsing, etc.) a firewall? All my boxes are NT - no Unix. Any help is appreciated! Thanks! Chris __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Which ports to allow NT domain controllers ...? Chris (Aug 26)
- <Possible follow-ups>
- RE: Which ports to allow NT domain controllers ...? Ariel (Aug 27)
- RE: Which ports to allow NT domain controllers ...? Stefan Norberg (Aug 28)
- Re: Which ports to allow NT domain controllers ...? Jeffery . Gieser (Aug 28)