[techtalk] NT domain authentication through a Linux firewall
Caitlyn Maire Martin
caitlyn at netferrets.net
Wed Aug 16 09:33:51 EST 2000
Hi, everyone,
OK, here is what my problem has boiled down to, and I'm not sure if it's a
Linux issue or an NT issue, but I think it's Linux/firewall. I have an NT
Terminal Server on the DMZ and everything else behind the firewall. I am using
ipchains/ip masquerading to control outbound traffic, and that's all good. I'm
using ipportfw and ipmasqadm to allow limited inbound traffic, including domain
authentication. The firewall box, in case you missed my last message, is
Caldera 2.4 with the security patches applied to the 2.2.14 kernel. It's the
authentication that's failing, and I bet I'm missing opening something, but
according to all the NT docs I have, it doesn't look that way.
I know I am opening the ports correctly, because I can open/close telnet (port
23) to a Linux box behind the firewall, and it works properly. I have opened
tcp ports 135, 137, and 139, and UDP ports 137 and 138 as per the following
lines in my rc.firewall file:
ipmasqadm portfw -f
ipmasqadm portfw -a -P udp -L 0.0.0.0 137 -R 192.168.0.23 137
ipmasqadm portfw -a -P udp -L 0.0.0.0 138 -R 192.168.0.23 138
ipmasqadm portfw -a -P tcp -L 0.0.0.0 139 -R 192.168.0.23 139
ipmasqadm portfw -a -P tcp -L 0.0.0.0 135 -R 192.168.0.23 135
ipmasqadm portfw -a -P tcp -L 0.0.0.0 137 -R 192.168.0.23 137
Am I missing a port or something? Am I overlooking something simple and stupid?
I just can't wait for the 2.4 kernel with netfilter and a true 1:1 NAT, but
right now I have to make this work. It's been quite the learning experience.
Any suggestions are, as always, appreciated.
Best,
Caity
Caitlyn M. Martin
NetFerrets
caitlyn at netferrets.net
More information about the Techtalk
mailing list