Just opening 135 is not going to be enough since that's only the RPC/DCOM
service locator.
The machine accessing the firewall'd machine will also need access to the
application port(s) that server-side RPC application(s) use. See
http://www.microsoft.com/com/wpaper/dcomfw.asp on how to configure the range
of dynamic RPC ports(*) assigned to applications on a machine. Note that
because the range of ports affects *ALL* RPC and DCOM applications, it will
have to be more than one port. How many exactly depends on a few factors
(**) -- but primarily the # of running applications that use RPC or DCOM.
(*) The article is about DCOM, it applies to RPC apps with dynamic ports
just the same.
(**) The factors include the fact that DCOM only grabs an RPC port the first
time it needs to talk across the network.
-mike
P.S. If you are using NAT, it's a little trickier if the app is
communicating via DCOM as opposed to plain RPC.
> -----Original Message-----
> From: Rob Scott [mailto:[EMAIL PROTECTED]]
>
> My employer has an off the shelf (yeah, right) software package that
> requires access to an SQL-server database that is located outside our
> internal network at a remote vendor. We are accessing this vendor's
> database through the Internet by (successfully) opening a
> firewall port for
> the database traffic, but the application also requires port
> 135 (the DCOM
> service locator port) in order to work.
>
> Apparently, Eagle Raptor version 5.0 (we're migrating to a Firewall-1
> implementation soon) blocks port 135 in such a way that I have been
> unsuccessful at allowing access to the vendors port 135.
> I've attempted to
> simply define a GSP service for it and created a rule that
> allows port 135
> service between inside and outside servers, but that does not work.
>
> If port 135 traffic can be allowed from internal to external
> networks in
> any way I would be incredibly appreciative for an explanation
> of how I
> might do that.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
