From owner-freebsd-security Fri Nov 19 11:27:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id 8131A15598 for ; Fri, 19 Nov 1999 11:27:35 -0800 (PST) (envelope-from JHowie@msn.com) Received: from x86nts4 - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Fri, 19 Nov 1999 11:27:35 -0800 Message-ID: <00b301bf32c5$181579f0$fd01a8c0@pacbell.net> From: "John Howie" To: "Mauricio Westendorff Pegoraro" , "FreeBSD Security" References: <38342BBC.66802B68@pucrs.br> Subject: Re: Windows Authentication through ipfw Date: Fri, 19 Nov 1999 11:34:27 -0800 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6000 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mauricio, You'll need to allow access to ports 137/tcp, 138/tcp, and 139/tcp for everything to "sort-of" work. I say "sort of" as 135/tcp and 135/udp (DCE endpoint-mapper) should also be open along with allowing the possibility for communication on a variety of ports (both TCP and UDP) above 1023 which are dynamic endpoints. In other words, it's a mess. If I were you I would seriously consider installing RRAS on a machine on the LAN inside the firewall which establishes a PPTP connection to the PDC. That way, you only open up one port: 1723/tcp. Hope this helps, john... ----- Original Message ----- From: "Mauricio Westendorff Pegoraro" To: "FreeBSD Security" Sent: Thursday, November 18, 1999 8:39 AM Subject: Windows Authentication through ipfw > Hi. > > I have to place a small WinNT network behind a FreeBSD firewall. The > PDC is in the other side of the firewall. So, the WinNT machines must > authenticate through the firewall. Anyone knows what entries I should > put in ipfw configuration to make it possible? I've tried something > allowing traffic in ports 137 and 138, but it didn't work. I think it's > a pretty common case, but couldn't figure it out. > > Any help is welcome. Thanks. > > No mas, > MauricioWP. > > ----------------------------- > Mauricio Westendorff Pegoraro > UNIX Administration > PUCRS-BR > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message