|
Home > Archive > IIS Server Security > October 2006 > Create Virtual Directory from DMZ to LAN
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Create Virtual Directory from DMZ to LAN
|
|
|
| Hi,
I have a Windows 2000 server [IIS5] inside a DMZ with no access onto
the LAN except required ports [SQL etc]. The LAN server is part of a
Windows 2003 domain while the IIS machine is non-domain. I need to
upload files from our website and after trying to create the Virtual
Directory ran into some problems.
1 - Which firewall port do I need to open to allow access from DMZ to
LAN and how safe is it opening this port?
2 - How can I add ACL settings for the non domain machine into shared
directory on the domain machine?
3 - Am I approaching this incorrectly, and a better method exists?
Regards
Gary
| |
| Leythos 2006-10-03, 7:28 pm |
| In article <1159877994.332845.256060@b28g2000cwb.googlegroups.com>,
gary.brett@gmail.com says...
> Hi,
> I have a Windows 2000 server [IIS5] inside a DMZ with no access onto
> the LAN except required ports [SQL etc]. The LAN server is part of a
> Windows 2003 domain while the IIS machine is non-domain. I need to
> upload files from our website and after trying to create the Virtual
> Directory ran into some problems.
>
> 1 - Which firewall port do I need to open to allow access from DMZ to
> LAN and how safe is it opening this port?
>
> 2 - How can I add ACL settings for the non domain machine into shared
> directory on the domain machine?
>
> 3 - Am I approaching this incorrectly, and a better method exists?
Allowing File Sharing from DMZ to LAN means you have no security.
SQL Data is TCP 1433 only, and you would use SQL Authentication mode,
not Windows Authentication mode.
Instead of file sharing, do FTP and then pass it through from DMZ/LAN or
LAN to DMZ.
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
|
|
|