[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Can not map NT file sharing of a machine in DMZ from Local Network
Different list...but yes you can change the bindings. In network properties, go to bindings tab. Since fw1 doesn't do IPX natively, it shouldn't be installed(but it will flow). In fact, the box should have minimal services, protocols, bindings, etc to keep it as efficient and secure as possible. Lance has some info on this. See www.enteract.com/~lspitz or http://www.phoneboy.com/fw1/faq/0073.html for more info. As for the original problem, I don't think it's a good idea to allow the kind of access your wanting for that box in the DMZ. You should have those services turned off. But it may already be to late for that. In your case, you may have a problem in that it won't work. NBT doesn't do NAT(w/some exceptions not applicable here) Network neighborhood needs a WINs server or must be on the same network as the other system. It's broadcast driven and these don't traverse routers/gateways. Some general info can be found at http://www.phoneboy.com/fw1/faq/0055.html or the link http://www.phoneboy.com/fw1/faq/0081.html. Have you ever run a sniffer trace on a windows based network? You can add an entry to your localhost file and give it an IP of the system in the DMZ. The only service/protocol you need is port 139. This is the session service which allows drive mappings, etc. But like I said, I don't think it's going to work. Maybe others can help out here. Robert - - Robert P. MacDonald, Network Engineer Team Lead, e-Business Infrastructure G o r d o n F o o d S e r v i c e Voice:email: [email protected] >>> "Andrew Bagrin" <[email protected]> 11/15/00 9:30:02 AM >>> > >What are you using as your webserver? If its NT and you have IPX loaded on >it, then NetBios will bind to IPX first. There is no real way to change >the binding order that I know off. I just got rid of IPX on the NT systems >that I needed to map across the FW > >Andrew Bagrin >Secure-1 >>www.secure-1.com >----- Original Message ----- >From: Birant AKARSLAN <[email protected]> >To: Firewall List <[email protected]> >Sent: Wednesday, November 15, 2000 8:51 AM >Subject: [FW1] Can not map NT file sharing of a machine in DMZ from Local >Network >> >> Hi! >> >> One of our customers can not map the file sharing of his webserver in the >> DMZ network from his Local Net. >> In the Rule Base, all NBT services (ports 137,138,139) from Local Net to >the >> Webserver is accepted. I have also tried not NATting from Local Net to DMZ >> but it did not work. On the other hand the machine in the Localnet can >ping >> the webserver,but it can neither find the machine as a computer nor see it >> in the Network Neighborhood. I have also tried to Nat(Static) the machine >in >> the Localnet to the DMZ-interface of Firewall,but it did not work either. >I >> know that it is an old issue,but acting as a newbie, can someone help me? >> >> As an addition the IP block of the Local Net is illegal and WebServer's is >> legal. >> >> Thaks in advance, >> Birant Akarslan ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|