Date: Fri, 19 Nov 1999 11:34:27 -0800 From: "John Howie" <JHowie@msn.com> To: "Mauricio Westendorff Pegoraro" <mwp@pucrs.br>, "FreeBSD Security" <freebsd-security@FreeBSD.ORG> Subject: Re: Windows Authentication through ipfw Message-ID: <00b301bf32c5$181579f0$fd01a8c0@pacbell.net> References: <38342BBC.66802B68@pucrs.br>
next in thread | previous in thread | raw e-mail | index | archive | help
Mauricio, You'll need to allow access to ports 137/tcp, 138/tcp, and 139/tcp for everything to "sort-of" work. I say "sort of" as 135/tcp and 135/udp (DCE endpoint-mapper) should also be open along with allowing the possibility for communication on a variety of ports (both TCP and UDP) above 1023 which are dynamic endpoints. In other words, it's a mess. If I were you I would seriously consider installing RRAS on a machine on the LAN inside the firewall which establishes a PPTP connection to the PDC. That way, you only open up one port: 1723/tcp. Hope this helps, john... ----- Original Message ----- From: "Mauricio Westendorff Pegoraro" <mwp@pucrs.br> To: "FreeBSD Security" <freebsd-security@FreeBSD.ORG> Sent: Thursday, November 18, 1999 8:39 AM Subject: Windows Authentication through ipfw > Hi. > > I have to place a small WinNT network behind a FreeBSD firewall. The > PDC is in the other side of the firewall. So, the WinNT machines must > authenticate through the firewall. Anyone knows what entries I should > put in ipfw configuration to make it possible? I've tried something > allowing traffic in ports 137 and 138, but it didn't work. I think it's > a pretty common case, but couldn't figure it out. > > Any help is welcome. Thanks. > > No mas, > MauricioWP. > > ----------------------------- > Mauricio Westendorff Pegoraro > UNIX Administration > PUCRS-BR > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00b301bf32c5$181579f0$fd01a8c0>