Joseph,
I suggest that you have a look at this white paper. I think it will explain
what you need to do.
regards Mark
http://www.microsoft.com/com/wpaper/dcomfw.asp
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 9:06 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Microsoft IIS 4.0 and MTS 2.0
Hello,
I have a web server on my DMZ running IIS 4.0 and MTS 2.0 with and ODBC
connection to a MS-SQL server behind our firewall. It was decided that it
would
be more secure to remove MTS from the web server and but it on the DB server
or
another server on the same subnet (basically remove it from the DMZ).
Now you do this on MTS by exporting the specific package you need which
creates
a clinet install program that you run on the web server. However, I'm
having a
problem with the configuration of my firewall. Now I have two rules one
letting
everything from web server to mts server and vive-versa (this is in a test
environment so it's safe for now). Looking at the logs the web server makes
an
initial udp connection using port 135 and then it picks a random udp high
port.
Also I need the second rule even though it is using the same ports (I don't
know
wh the fw does not see this as a reply and let it through).
Opening udp high ports from my dmz to my internal network is not very
secure.
Does anyone know how to limit the port range? Has anyone done this before?
Thanks,
Joe
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
