"Magowan, Richard M. (ITS)" wrote:
>
> I'm the original poster. Seems as if I'm being made to do something pretty
> awful. They want me to put in an MS-Proxy machine and go around the
> firewall.
Sounds like its time to punt. ;)
Have a look at:
http://www.microsoft.com/com/wpaper/dcomfw.asp
In short, you can get DCOM to place nice with a firewall by making some
registry changes. The changes allow you to pick and choose the ports
DCOM will use. This will allow you to setup a couple of plugs in order
to pass the traffic.
This does not address the content concerns that Marcus and a few others
have, but it will allow you to pass DCOM through your firewall. One
final suggestion would be to assign ports out of the 49152 through 65535
range. These are private numbers so you are less likely to run into a
conflict (the document suggests ports in the 3000 through 4000 range).
When creating your firewall rules, be very specific about what inbound
IP addresses are allowed to be accessed. You may even want to come up
with a waver that the development manager has to sign which states that
you will provide access, but his group accepts responsibility for their
own security (as well as the rest of the network if they are used as a
relay).
Happy hunting,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
