Hello,
at the moment we are evaluating the ASL 3.2 for our company.
Yesterday evening we started a test run with the prepared firewall configuration and had to stop it frustrated some hours later :-(.
We have a leased line with two official ip blocks and one private.
The servers (W2K PDC with DNS; Exchange with Outlook Web Access; two Linux systems) should stand in the DMZ and become one official ip block.
Clients and rest of the system should be on the internal site (private IPs).
Internet
|
Router
|
official IP
Astaro-----DMZ (Servers with official IPs)
|
|
Intern (private IPs)
The normal Services like HTTP(s), SMTP, POP worked fine - surfing and mailing was no problem. The required windows ports below 1024 were opened (RPC, LDAP, NETBIOS, etc).
BUT we could not give the internal network the DNS address from the W2K Server in the DMZ (causes problems - no login from a client to the server). Outlook clients could not connect to their Exchange in the DMZ.
Livelog showed some blocks on the high ports 1026-1029 and 448...
We opened the high ports above 1024 for intern and voila outlook clients could connect to exchange but using the Windows DNS server was still not possible.
Question: Does anyone knows this problem and the dedicated high ports which has to be opened (we found some stuff in the Internet but nothing really helped)? And how to the Windows Server DNS in the DMZ?
Thanks a lot for help.
Regards.
Christian Haecker
This thread was automatically locked due to age.
