Re: Open ports? a member server behind a firewall.

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: ptwilliams (ptw2001_at_hotmail.com)
Date: 07/06/04 

Date: Tue, 6 Jul 2004 21:10:12 +0100

I believe you will need information to pass in both directions, thus
necessitating bi-directional rules on the internal firewall. 

-- 
Paul Williams
_________________________________________
 http://www.msresource.net
Join us in our new forums!
  http://forums.msresource.net
_________________________________________
"Ulrik" <ulrix@hotmail.com> wrote in message
news:eUZ$lgxYEHA.396@TK2MSFTNGP10.phx.gbl...
What do you mean?
The member server is a Windows 2003 Terminal Server and it is located on a
DMZ.
I know I have to allow traffic from member server to DC (configured on my
'internal' firewall).
The Question:
But do I also need to open ports from my DC to the member server (on my
'internal' firewall)?
/Ulrik
"Yonkey" <m_halezan@hotmail.com> wrote in message
news:O3Lys9rYEHA.808@tk2msftngp13.phx.gbl...
> You just need to open port on your internal firewall
>
> "Ulrik" <ulrix@hotmail.com> wrote in message
> news:%23EIuSorYEHA.4008@TK2MSFTNGP09.phx.gbl...
> > Hi
> >
> > Windows 2003 Active Directory and Windows 2003 member server.
> > The member server is behind a firewall. The rest of the Windows 2003
> domain
> > are located on an Intranet.
> >
> > What ports are needed to be open from the member server to Domain
> Controller
> > to authenticated and be a domain member?
> >
> > This are the ports I guess I have to open (from member to DC)
> > ICMP/Echo (ping)
> > UDP/TCP 53 (DNS)
> > UDP/TCP 88 (Kerberos authentication)
> > UDP/123 (Network Time Protocol-NTP)
> > UDP/TCP 389 (LDAP Access)
> > TCP 445 (Microsoft Directory Service)
> > UDP/137 Permit NetBIOS Name Resolution
> > UDP/138 Permit NetBIOS Datagram Service
> > TCP/139 Permit NetBIOS Session Service
> >
> > I guess I also need this ports?
> > TCP 135 (RPC Endpoint Mapper)
> > I'll need to allow one high port for Active Directory logon, greater
than
> > 1024. (The one you can get static through a reghack)
> >
> > Do I need to open any port from the Domain Controller to the member
> server?
> >
> > Best regards
> >
> > /Ulrik
> >
> >
>
>

Relevant Pages

  • Re: Open ports? a member server behind a firewall.
    ... necessitating bi-directional rules on the internal firewall. ... I know I have to allow traffic from member server to DC (configured on my ... But do I also need to open ports from my DC to the member server (on my ...
    (microsoft.public.win2000.general)
  • Re: Problems with authentication in a DMZ
    ... Check to see if these ports are open between the member server and the AD ... You could also check your firewall logs what is filtered out. ... Global catalog LDAP over SSL 3269/tcp ...
    (microsoft.public.security)
  • Re: Open ports? a member server behind a firewall.
    ... I know I have to allow traffic from member server to DC (configured on my ... 'internal' firewall). ... But do I also need to open ports from my DC to the member server (on my ...
    (microsoft.public.win2000.active_directory)
  • Re: Open ports? a member server behind a firewall.
    ... I know I have to allow traffic from member server to DC (configured on my ... 'internal' firewall). ... But do I also need to open ports from my DC to the member server (on my ...
    (microsoft.public.win2000.general)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)