Greetings, I'm just going to throw out some random guesses that might actually hit the right thing. I would look at forwarding traffic from port 139 (+/-, netbios anyway) from your PDC through the firewall to your now rouge NT box (you probably want to be VERY specific and careful about it). You might also want to think about doing something with the broadcast address traffic on that same port (Windows loves to broadcast). How many users will access the box? Have you thought about removing the NT box from the domain (making it only accountable to a workgroup), and making it a stand-alone server using it's own security?
Random guesses free of charge, Brooks > -----Original Message----- > From: Mark Janssen [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 26, 2000 4:02 AM > To: debian-user@lists.debian.org > Cc: [EMAIL PROTECTED] > Subject: NT Authentication over Debian Firewall/Router > > > > Hi List... > > This is not really debian related, (could even be not Linux related), but > there's a lot of good knowledge here... > > I have a internal (10.x.y.z) windows NT network, it's conncted to the > outside world through a linux proxy/fw/gateway (potato). The linux box > also connects a DMZ area for the webservers etc. Now the problem is that > we want to connect one of the NT servers from the private lan, and move it > to the DMZ area. When we do so, it can no longer find the NT Domain > controller (discovery by broadcasts) that is in the private lan, it needs > this PDC/BDC for user authentication. > > How do I get this NT server in the DMZ area to be able to find and contact > the PDC or BDC in the private lan. > > Please include a cc: to me... i'm on the digest list only... > > Mark Janssen Unix Consultant > Unix Support Nederland / PSInet Netherlands > E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 > http: markjanssen.homeip.net www.markjanssen.nl www.maniac.nl > Fax/VoiceMail: +31 20 8757555 Finger for GPG and GeekCode > > > -- > Unsubscribe? mail -s unsubscribe > [EMAIL PROTECTED] < /dev/null > >