Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How do I set up users in a dmz to be able to login to an NT Server? 1
- Thread starter NEEDHLP
- Start date
-
1
- #2
It is possible but it can be tricky to get working with NT. About a year ago I had two domains one in the inside and one in the dmz but I wanted a trust relationship between the two. It took a couple of weeks to crack but it was worth the trouble in the end. Hope this info helps solve your troubles.
PDC on INSIDE = 192.168.100.1
PDC NAME = SERVER
NT DOMAIN = EXAMPLE
Firstly you must be able to ping the PDC from a computer on the DMZ. If you cannot ping it you must have missed the static route i.e.
static (inside,dmz) 192.168.100.1 192.168.100.1 netmask 255.255.255.255 0 0
this static should allow you to ping 192.168.100.1 from a DMZ client to your PDC. Next you must open the following ports which are:
conduit permit tcp host 192.168.100.1 eq 139 any
conduit permit udp host 192.168.100.1 eq netbios-ns any
conduit permit udp host 192.168.100.1 eq netbios-dgm any
If you still have trouble you may need to add these lines to a client lmhosts file {its been a while so I hope I got the correct info. It might be worth checking on microsoft website}
192.168.100.1 SERVER #PRE #DOM:EXAMPLE
192.168.100.1 "EXAMPLE \0x1B" #PRE
192.168.100.1 "EXAMPLE \0x00" #PRE
192.168.100.1 "EXAMPLE \0x1C" #PRE
192.168.100.1 "EXAMPLE \0x1E" #PRE
Good luck.
PDC on INSIDE = 192.168.100.1
PDC NAME = SERVER
NT DOMAIN = EXAMPLE
Firstly you must be able to ping the PDC from a computer on the DMZ. If you cannot ping it you must have missed the static route i.e.
static (inside,dmz) 192.168.100.1 192.168.100.1 netmask 255.255.255.255 0 0
this static should allow you to ping 192.168.100.1 from a DMZ client to your PDC. Next you must open the following ports which are:
conduit permit tcp host 192.168.100.1 eq 139 any
conduit permit udp host 192.168.100.1 eq netbios-ns any
conduit permit udp host 192.168.100.1 eq netbios-dgm any
If you still have trouble you may need to add these lines to a client lmhosts file {its been a while so I hope I got the correct info. It might be worth checking on microsoft website}
192.168.100.1 SERVER #PRE #DOM:EXAMPLE
192.168.100.1 "EXAMPLE \0x1B" #PRE
192.168.100.1 "EXAMPLE \0x00" #PRE
192.168.100.1 "EXAMPLE \0x1C" #PRE
192.168.100.1 "EXAMPLE \0x1E" #PRE
Good luck.
HI.
You should note that if you allow such traffic from DMZ to inside, then the DMZ cannot be considered DMZ anymore...
Bye
Yizhar Hurwitz
You should note that if you allow such traffic from DMZ to inside, then the DMZ cannot be considered DMZ anymore...
Bye
Yizhar Hurwitz
routeconfig
MIS
Hi,
You said "this static should allow you to ping 192.168.100.1 from a DMZ client to your PDC"
Shouldn't we need to add CONDUIT command to PING from DMZ workstation (e.g. 192.168.100.2) to Server?
#conduit permit icmp 192.168.100.1 192.168.100.2
Or will does it work just by defining STATIC as you have mention
Thanks
John
You said "this static should allow you to ping 192.168.100.1 from a DMZ client to your PDC"
Shouldn't we need to add CONDUIT command to PING from DMZ workstation (e.g. 192.168.100.2) to Server?
#conduit permit icmp 192.168.100.1 192.168.100.2
Or will does it work just by defining STATIC as you have mention
Thanks
John
- Status
Similar threads
- Locked
- Question
- Locked
- Question