Port Inquiry

[rtiv]

I have a web and external DNS server sitting in my DMZ. I need to be able to administer these W2K boxes via Terminal services. I have a PIX520, does anyone know the correct port (s) which need to be opened to accomodate my request? When I log into a box which is on my internal LAN and start W2K Term Services Admin, I can't see the two servers which are in the DMZ.

Thanks

 

[yizhar]

HI.

You will need to open port TCP 3389,
and access the internal ip address of these hosts if you are connecting from inside.

It is best to open this port to traffic only from your administration workstation.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[rtiv]

I put the following conduit in, is this correct ?

conduit permit tcp 172.22.9.5 255.255.0.0 eq 3389 host 172.22.5.77

9.5 is the server and 5.77 is my admin client workstation.

I just opened up Windows Terminal Services admin from a server with an IP of 172.22.2.190 and it does not disply the server in the DMZ from the list of servers. Just for kicks, I put in:

conduit permit tcp 172.22.9.5 255.255.0.0 eq 3389 any

then I tried to see if I could view the server from MS Term Services, but couldn't ? I thought that above statement would open the port up to everyone ?

 

[yizhar]

HI.

If you are connecting from inside to dmz, and you have a
global (dmz) 1 ...
command, then you do not need any additional "conduit" command since any traffic from inside to dmz is allowed by default unless you block it, but it requires translation (nat & global *OR* static *OR* nat 0).

You won't see the server in the list. Simply connect directly to the ip address.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar