RE: NT Authentication over Debian Firewall/Router
I'm just going to throw out some random guesses that might actually hit the
right thing. I would look at forwarding traffic from port 139 (+/-, netbios
anyway) from your PDC through the firewall to your now rouge NT box (you
probably want to be VERY specific and careful about it). You might also
want to think about doing something with the broadcast address traffic on
that same port (Windows loves to broadcast). How many users will access the
box? Have you thought about removing the NT box from the domain (making it
only accountable to a workgroup), and making it a stand-alone server using
it's own security?
Random guesses free of charge,
> -----Original Message-----
> From: Mark Janssen [mailto:firstname.lastname@example.org]
> Sent: Wednesday, July 26, 2000 4:02 AM
> To: email@example.com
> Cc: firstname.lastname@example.org
> Subject: NT Authentication over Debian Firewall/Router
> Hi List...
> This is not really debian related, (could even be not Linux related), but
> there's a lot of good knowledge here...
> I have a internal (10.x.y.z) windows NT network, it's conncted to the
> outside world through a linux proxy/fw/gateway (potato). The linux box
> also connects a DMZ area for the webservers etc. Now the problem is that
> we want to connect one of the NT servers from the private lan, and move it
> to the DMZ area. When we do so, it can no longer find the NT Domain
> controller (discovery by broadcasts) that is in the private lan, it needs
> this PDC/BDC for user authentication.
> How do I get this NT server in the DMZ area to be able to find and contact
> the PDC or BDC in the private lan.
> Please include a cc: to me... i'm on the digest list only...
> Mark Janssen Unix Consultant
> Unix Support Nederland / PSInet Netherlands
> E-mail: email@example.com GnuPG Key Id: 357D2178
> http: markjanssen.homeip.net www.markjanssen.nl www.maniac.nl
> Fax/VoiceMail: +31 20 8757555 Finger for GPG and GeekCode
> Unsubscribe? mail -s unsubscribe
> firstname.lastname@example.org < /dev/null