RE: OT (sort of): Setting up an OWA server in a DMZ
- From: "adrian bolzan" <abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Fri, 22 Apr 2005 15:16:26 +1000
Hi Andrew,
Thanks for the tip. I will probably configure RPC over HTTP, at least
once I have exchange installed. Right now I am finding it difficult to
add the 'OWA' server (in the DMZ) to the domain prior to installing
exchange, when the domain controllers are in the internal network.
Cheers,
Adrian
> -----Original Message-----
> From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, 22 April 2005 3:10 PM
> To: [ExchangeList]
> Subject: [exchangelist] RE: OT (sort of): Setting up an OWA
> server in a DMZ
>
> http://www.MSExchange.org/
>
> You should consider using the RPC over HTTP method instead of
> just RPC.
> Number 1 most ISPs today block port 135, thus if any of your
> employees have notebook computers that need to access their
> emails, chances will be slim that the ISP they connect up
> with on the go will have port 135 open.
>
> RPC over HTTP uses ports 80, and 443 (SSL).
>
> Andrew
>
>
> -----Original Message-----
> From: adrian bolzan [mailto:abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, April 22, 2005 12:48 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: OT (sort of): Setting up an OWA
> server in a DMZ
>
> http://www.MSExchange.org/
>
>
> Sorry, I should clarify the ports I have opened on the
> firewall. These were derived from the website:
> "Active Directory Replication over Firewalls"
> http://www.microsoft.com/technet/prodtechnol/windows2000serv/t
> echnologie
> s/activedirectory/deploy/confeat/adrepfir.mspx
>
> Although I did not want to configure a DC in the DMZ. I chose
> the swiss cheese method, Full Dynamic RPC.
> Thus,
> RPC endpoint mapper
> 135/tcp, 135/udp
>
> Network basic input/output system (NetBIOS) name service
> 137/tcp, 137/udp
>
> NetBIOS datagram service
> 138/udp
>
> NetBIOS session service
> 139/tcp
>
> RPC dynamic assignment
> 1024-65535/tcp
>
> Server message block (SMB) over IP (Microsoft-DS) 445/tcp, 445/udp
>
> Lightweight Directory Access Protocol (LDAP) 389/tcp
>
> LDAP over SSL
> 636/tcp
>
> Global catalog LDAP
> 3268/tcp
>
> Global catalog LDAP over SSL
> 3269/tcp
>
> Kerberos
> 88/tcp, 88/udp
>
> Domain Name Service (DNS)
> 53/tcp1, 53/udp
>
> I did not open these WINS ports
> Windows Internet Naming Service (WINS) resolution (if
> required) 1512/tcp, 1512/udp
>
> Nor these:
> WINS replication (if required)
> 42/tcp, 42/udp
>
>
>
> Cheers,
> Adrian
>
>
>
>
>
>
> > -----Original Message-----
> > From: adrian bolzan [mailto:abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx]
>
> > Sent: Friday, 22 April 2005 1:04 PM
> > To: [ExchangeList]
> > Subject: [exchangelist] OT (sort of): Setting up an OWA
>
> > server in a DMZ
> >
>
> > http://www.MSExchange.org/
> >
>
> >
>
> > Hi,
> >
>
> > This is sort of off-topic as I am stuck at setp 1 of building
>
> > an OWA server.
> >
>
> > I am trying to configure a new server to act as an OWA
>
> > server. It is located in our DMZ.
> > We do not use ISA server...
> >
>
> > IP address of 'OWA' server = 192.168.2.2 IP address of
>
> > Exchange server, which is also a DC = 192.168.1.5
> >
>
> > The way our firewall works is to set an alias on the DMZ
>
> > interface, and use IP address and Port forwarding.
> > The alias on the DMZ interface = 192.168.2.5.
> >
>
> > Thus, communications from the 'OWA' server to the exchange
>
> > server is sent to 192.168.2.5, with IP address and port
>
> > forwarding to 192.168.1.5
> > :
> >
>
> > 'OWA' server --> IP Alias on DMZ interface --> DC (with Exchange)
> > 192.168.2.2 --> 192.168.2.5 --> 192.168.1.5
> >
>
> >
>
> > My first problem is that when I try to join the OWA server to
>
> > the domain across the firewall I receive an error stating
>
> > that I am trying to connect to a closed port (presumably on
>
> > the exchange DC). All of the appropriate filters are in
>
> > place on the firewall to allow the communication. The closed
>
> > port is 138/UDP. This suggests that I need to configure the
>
> > DC to allow connections from the DMZ subnet.
> >
>
> > Any pointers on where I would find info on how to allow this
>
> > communication would be appreciated.
>
> >
>
> >
>
> >
>
> > Cheers,
> > Adrian
> >
>
> > ============================================================
> > IMPORTANT - This email and any attachments is confidential.
> > If received in error, please contact the sender and delete
>
> > all copies of this email. Please note that any use,
>
> > dissemination, further distribution or reproduction of this
>
> > message in any form is strictly prohibited. Before opening or
>
> > using attachments, check them for viruses and defects.
> > Regardless of any loss, damage or consequence, whether caused
>
> > by the negligence of the sender or not, resulting directly or
>
> > indirectly from the use of any attached files, our liability
>
> > is limited to resupplying any affected attachments.
>
> >
>
> > Any representations or opinions expressed in this email are
>
> > those of the individual sender, and not necessarily those of
>
> > the Capital Transport Services.
> > ============================================================
> >
>
> > ------------------------------------------------------
> > List Archives:
>
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
>
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org
>
> > Windows Security Resource Site:
>
> > http://www.windowsecurity.com/ Network Security Library:
>
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
>
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this MSEXchange.org
>
> > Discussion List as: abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx To
>
> > unsubscribe visit
>
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Report abuse to listadmin@xxxxxxxxxxxxxx
> >
>
>
> ============================================================
> IMPORTANT - This email and any attachments is confidential.
> If received in error, please contact the sender and delete
> all copies of this email. Please note that any use,
> dissemination, further distribution or reproduction of this
> message in any form is strictly prohibited. Before opening or
> using attachments, check them for viruses and defects.
> Regardless of any loss, damage or consequence, whether caused
> by the negligence of the sender or not, resulting directly or
> indirectly from the use of any attached files, our liability
> is limited to resupplying any affected attachments.
>
> Any representations or opinions expressed in this email are
> those of the individual sender, and not necessarily those of
> the Capital Transport Services.
> ============================================================
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as:
> andrew@xxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Network Security Library:
> http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as: abolzan@xxxxxxxxxxxxxxxxxxxxxxxxx To
> unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
>
============================================================
IMPORTANT - This email and any attachments is confidential.
If received in error, please contact the sender and delete
all copies of this email. Please note that any use,
dissemination, further distribution or reproduction of this
message in any form is strictly prohibited. Before opening or
using attachments, check them for viruses and defects.
Regardless of any loss, damage or consequence, whether caused
by the negligence of the sender or not, resulting directly or
indirectly from the use of any attached files, our liability
is limited to resupplying any affected attachments.
Any representations or opinions expressed in this email are
those of the individual sender, and not necessarily those
of the Capital Transport Services.
============================================================
Other related posts:
