Re: probably a simple pinhole / deployment question...

rjvalenta@yahoo.com wrote:

> I am deploying my first firewall, I plan to put my webserver, name
> servers, and mail server in the DMZ (orange) and my workstations, mail
> filter, and exchange server (SBS with Domain control) in the LAN
> (green).

Just for clarification: You want to the DNS part of the AD for the
internal network at the Domain controller rather than at the nameserver
at the DMZ? Anything else would be stupid.

> I already tried this once, but I'm starting over after being unable to
> completely understand what pinholes need to be open between the Windows
> based web server

A Windows-based webserver generally is a bad idea, especially when
you're thing of IIS+ASP instead of WAMP.

> and the domain controller so that I can log into the
> web server via remote desktop or access the web server's shared
> folders. I looked around online and it seems like there are all kinds
> of ports that Windows uses,

but you only want RDP which is well documented to be using 3389/TCP and
sometimes HTTP on 80/TCP. Remote file access can be done via SMB shares
(NetBIOS on 137-139/TCP+UDP and/or SMB at 445/TCP), FTP or HTTP/WebDAV.
What is RTFM?

> Also, does anyone know of a way to allow for Outlook Web Access with
> this configuration, or will I have to move my Exchange server (SBS)
> into the DMZ?

Why do want to OWA and can't you think of some serious alternative that
is not inherently insecure?
Received on Mon May 1 01:09:01 2006