Hi,
I am configuring an access-list for traffic from a dmz server to an internal
server. The dmz server is a 2003 domain member server. The internal server
is a 2003 AD controller and file server. The plan is to allow file access
from the dmz server to the internal server. Eventually, the dmz server will
be a front-end to the internal server from the Internet through SSH or
Terminal Server sessions. So far I opened the following ports to the
internal server (from the dmz) on the firewall:
TCP domain
UDP domain
tcp 88
udp 88
tcp 135
udp 389
tcp 389
tcp 445
udp netbios-ns
udp netbios-dgm
tcp netbios-ssn

I am able to perform nslookup from the dmz server using the internal server
for DNS and NAT seems to work fine. But when I try to map a drive from the
dmz server to a share on the internal server I get: "The drive could not be
mapped because  no network was found".
Am I missing something? Thanks for your help. C

[ Post a follow-up to this message ]

See if the following KB article helps and pay particular attention to how
dynamic rpc works and how to configure a server and firewall for it. You may
also want to check your firewall logs for dropped traffic from the computer 
in
the dmz and I would not be surprised if it showed inbound traffic to ports i
n
the range 1025-30 to the domain controller as the problem. Otherwise conside
r
using ipsec policy with a rule that allows ipsec protected traffic between t
he
two computers and through the firewall.  -- Steve

http://support.microsoft.com/defaul...Ben-us%3B179442
http://support.microsoft.com/defaul...Ben-us%3B233256

"Clementius" <anonymous@discussions.microsoft.com> wrote in message
news:%23ecQTDpTEHA.2324@TK2MSFTNGP10.phx.gbl...
> Hi,
> I am configuring an access-list for traffic from a dmz server to an intern
al
> server. The dmz server is a 2003 domain member server. The internal server
> is a 2003 AD controller and file server. The plan is to allow file access
> from the dmz server to the internal server. Eventually, the dmz server wil
l
> be a front-end to the internal server from the Internet through SSH or
> Terminal Server sessions. So far I opened the following ports to the
> internal server (from the dmz) on the firewall:
> TCP domain
> UDP domain
> tcp 88
> udp 88
> tcp 135
> udp 389
> tcp 389
> tcp 445
> udp netbios-ns
> udp netbios-dgm
> tcp netbios-ssn
>
> I am able to perform nslookup from the dmz server using the internal serve
r
> for DNS and NAT seems to work fine. But when I try to map a drive from the
> dmz server to a share on the internal server I get: "The drive could not b
e
> mapped because  no network was found".
> Am I missing something? Thanks for your help. C
>
>

[ Post a follow-up to this message ]

Scratch the idea for ipsec between the two computers. Forgot when I posted t
hat you
can't use ipsec between a domain member and a domain controller. A lt2p vpn
connection to a ras server on the lan and through the firewall with a persis
tent
connection may be something to consider though and would require certificate
s for
both machines which is easy enough to do for a W2003 domain.  --- Steve

"Steven Umbach" <n9rou@n0spam-comcast.net> wrote in message
news:%1Sxc.10567$0y.4335@attbi_s03...
> See if the following KB article helps and pay particular attention to how
> dynamic rpc works and how to configure a server and firewall for it. You m
ay
> also want to check your firewall logs for dropped traffic from the compute
r in
> the dmz and I would not be surprised if it showed inbound traffic to ports
 in
> the range 1025-30 to the domain controller as the problem. Otherwise consi
der
> using ipsec policy with a rule that allows ipsec protected traffic between
 the
> two computers and through the firewall.  -- Steve
>
> http://support.microsoft.com/defaul...Ben-us%3B179442
> http://support.microsoft.com/defaul...Ben-us%3B233256
>
> "Clementius" <anonymous@discussions.microsoft.com> wrote in message
> news:%23ecQTDpTEHA.2324@TK2MSFTNGP10.phx.gbl... 
>
>

[ Post a follow-up to this message ]

Thanks a lot Steve. It helped a good deal. C

"Steven Umbach" <n9rou@n0spam-comcast.net> wrote in message
news:%1Sxc.10567$0y.4335@attbi_s03...
> See if the following KB article helps and pay particular attention to how
> dynamic rpc works and how to configure a server and firewall for it. You
may
> also want to check your firewall logs for dropped traffic from the
computer in
> the dmz and I would not be surprised if it showed inbound traffic to ports
in
> the range 1025-30 to the domain controller as the problem. Otherwise
consider
> using ipsec policy with a rule that allows ipsec protected traffic between
the
> two computers and through the firewall.  -- Steve
>
> http://support.microsoft.com/defaul...Ben-us%3B179442
> http://support.microsoft.com/defaul...Ben-us%3B233256
>
> "Clementius" <anonymous@discussions.microsoft.com> wrote in message
> news:%23ecQTDpTEHA.2324@TK2MSFTNGP10.phx.gbl... 
internal[vbcol=seagreen] 
server[vbcol=seagreen] 
access[vbcol=seagreen] 
will[vbcol=seagreen] 
server[vbcol=seagreen] 
the[vbcol=seagreen] 
be[vbcol=seagreen] 
>
>

[ Post a follow-up to this message ]