Re: Open ports connection to w2003 server

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 08/26/04 

Date: Thu, 26 Aug 2004 13:47:19 +0200

Henrik,

Do you allow ICMP on your firewall? Can you ping default gateway from AD?
Can you ping AD from your firewall?

Mike

"Henrik" <Henrik@discussions.microsoft.com> wrote in message
news:D16ECE18-B4A5-4D08-8F43-10381FF255E4@microsoft.com...
> Hi Miha!
> It was a typo.
> tracert tells me from the clients to the DC subnet it stops at the
firewall.
> at the public ip interface.
> from the AD server it says destination port cant be reached.
>
> The AD server has 179.29.250.1 as its ip configuration.
>
> "Miha Pihler" wrote:
>
> > Henrik,
> >
> > Can you check the IPs that you written in your post... I think you mad a
> > typos, but I just want to be sure.
> >
> > Here is what you state in your post
> >
> > IPs:
> > 172.29.179.0 did you mean 179.29.179.0?
> >
> > What does tracert (trace route) tell you? E.g.
> >
> > In 179.29.179.0 network run tracert to 179.29.250.0 network. Check the
> > results. Check also in the oposite direction - from 179.29.250.0 network
to
> > 179.29.179.0
> >
> > Check on your router that they have appropriate routes configured for
> > appropriate subnets...
> >
> > My question. In what subnet is AD? 179.29.250.0?
> >
> > Mike
> >
> >
> > "Henrik" <Henrik@discussions.microsoft.com> wrote in message
> > news:FEB14D2F-08DC-4CF3-90D6-55D6AAAB6543@microsoft.com...
> > > Thanks for your answer!
> > >
> > > We have a local dns, AD on domain controller company.local the DC is
> > > connected to a unix firewall using NAT 193.23.250.3 as its
> > > and about 200 clients connected to it on the local area network
> > 179.29.251.0
> > > We are about to connect another lan on a different subnet 172.29.179.0
> > > that lan are given there ip, gw and an internet DNS from a dhcp with
that
> > > scope 179.0 - 179.255.
> > > the two lan are connected with a router that routes all traffic from
179
> > to
> > > the 250 subnet. between the router and the 250 network were the domain
> > > controller reside is a unix firwall.
> > > And all outbound traffic from the 250 network are using Network Adress
> > > Translation on the firewall using 193.23.250.3
> > >
> > > The problem is that we can't make the user in the subnet 179.29.179.x
> > member
> > > of the domain to use resources on the 179.29.151.x network. pinging
the
> > > network from either subnet will result in failure.
> > > we doesn't have a clue what hardware, configuration or solution to
> > implement.
> > > Please help.
> > > "Miha Pihler" wrote:
> > >
> > > > Here is an answer to your question.
> > > >
> > > > RPC endpoint mapper 135/tcp, 135/udp
> > > > NetBIOS name service 137/tcp, 137/udp
> > > > NetBIOS datagram service 138/udp
> > > > NetBIOS session service 139/tcp
> > > > RPC dynamic assignment 1024-65535/tcp
> > > > SMB over IP (Microsoft-DS) 445/tcp, 445/udp
> > > > LDAP 389/tcp
> > > > LDAP over SSL 636/tcp
> > > > Global catalog LDAP 3268/tcp
> > > > Global catalog LDAP over SSL 3269/tcp
> > > > Kerberos 88/tcp, 88/udp
> > > > DNS 53/tcp, 53/udp
> > > > WINS resolution (if required) 1512/tcp, 1512/udp
> > > > WINS replication (if required) 42/tcp, 42/udp
> > > > Network time protocol (NTP) 123/udp
> > > > ICMP
> > > >
> > > > Rule needs to permit inbound traffic on any port above 1023. If your
> > > > firewall permits this, there's very little reason even to have a
> > firewall.
> > > >
> > > > ****************
> > > >
> > > > Can you explain a bit more what you are trying to do and we can
probably
> > > > come with better way to connect to your DC then opening your
firewall
> > ports.
> > > > You might want to think about VPN, but you haven't given us enough
> > > > information to give any really good advice...
> > > >
> > > > Mike
> > > >
> > > > "Henrik" <Henrik@discussions.microsoft.com> wrote in message
> > > > news:51A63738-C254-4E3F-A835-408F429A0AB7@microsoft.com...
> > > > > Hi what UDP and TCP ports needs to be open to communicate with
windows
> > > > 2003
> > > > > server std edition with dns dhcp and active directory installed.
> > > > > Our firewall dont let any traffic in or out.
> > > > > Please help!
> > > >
> > > >
> > > >
> >
> >
> >

Relevant Pages

  • Re: XP SP2 - whats in it for me ?
    ... The AV software is usually detected by support center - I may be incorrect ... Mike Brannigan ... > firewall, as running both will undoubtable cause problems. ... >> When a new Service Pack is released you should seek guidance from any ...
    (microsoft.public.windowsxp.general)
  • Re: restore Cd how to use
    ... Hi Mike, ... Irene ... > You must set a firewall.. ... > F8 key as Windows starts to load.. ...
    (microsoft.public.windowsxp.newusers)
  • RE: Do I really need XP2?
    ... I may wind up not using SP2 and throw the dice! ... That percentage risk you asked for - I'm afraid it's 100. ... everything except a firewall and that's the risk factor of going without. ...
    (microsoft.public.windowsxp.general)
  • Re: Troubleshooting DNS Issues
    ... > Thanks, Mike, but I don't believe a firewall is blocking the way. ... nor I can see your DNS servers from the Internet. ... PING 67.141.46.228 56bytes of data. ... Regards, Mike Klinke ...
    (RedHat)
  • Re: using an O2 camera remotely
    ... >> it's not the same as live video. ... Thanks for the help Mike... ... at work into my Octane at home is through my firewall then into my home network. ...
    (comp.sys.sgi.admin)