probably a simple pinhole / deployment question...

I'm new to this, so if my plan is incorrect please let me know...

I am deploying my first firewall, I plan to put my webserver, name
servers, and mail server in the DMZ (orange) and my workstations, mail
filter, and exchange server (SBS with Domain control) in the LAN
(green).

I already tried this once, but I'm starting over after being unable to
completely understand what pinholes need to be open between the Windows
based web server and the domain controller so that I can log into the
web server via remote desktop or access the web server's shared
folders. I looked around online and it seems like there are all kinds
of ports that Windows uses, but I don't want to open them all unless I
have to.

Also, does anyone know of a way to allow for Outlook Web Access with
this configuration, or will I have to move my Exchange server (SBS)
into the DMZ?

I'm using IPCop now, but may move to a M0n0wall

I'm here to learn - if I'm doing something moronic please let me know
in a manner that allows me to do so. Thanks,

Richard
Received on Mon May 1 01:09:00 2006