NT Domain across a WAN
Results 1 to 3 of 3

Thread: NT Domain across a WAN

Hybrid View

  1. #1
    Junior Member
    Join Date
    Apr 2001
    Location
    Philadelphia, PA
    Posts
    3

    Arrow NT Domain across a WAN

    I am looking at having to span an NT domain across multiple physical locations using a WAN. The WAN consists of T1's and T3's for our corporate backbone. The PDC will reside in one location with every other location having a BDC. I need to be able to replicate WINS, map drives, share files, authenticate users ... all the usual stuff as it would work inside a LAN. However, I am faced with having to configure routers and firewalls.

    Does anyone have experience doing this? I am looking at opening ports 42, 53, 135, 137, 138, and 139. Microsoft makes reference to all ports above 1024 needing to be open for RPC communication, but if I open up 137-139 and enable NETBios over TCP, will it work?

    Your help would be greatly appreciated!

    Thank you,
    Brian

  2. #2
    Registered User
    Join Date
    Mar 2000
    Location
    UK
    Posts
    226

    Post

    Probably. If the whole network is isolated from the internet then it should be fine. If your data transits the internet unencrypted at any point it would be a security problem.

    2.6.3 What ports must I enable to let NBT (NetBios over TCP/IP) through my firewall
    First of all, you should really, really reconsider if this is such a good idea to let NBT traffic through your firewall. Especially if the firewall is between your internal network and Internet.
    The problem with NBT is that at once you open it up through the firewall, people will have potential access to all NetBios services, not just a selection of them, such as printing.


    from http://161.53.42.3/~crv/security/nts...#ntsec-net-nbt

    for security info (and lots of it)

    The question is: How much file sharing and inter segment communication do you NEED? Would it be possible to structure the network so that hosts communicated with file servers / intranet web servers in a DMZ area of each subnet.

    Sorry if I haven't answered the question.
    What does this button do?

  3. #3
    Registered User
    Join Date
    Aug 1999
    Location
    near the backdoor to hell
    Posts
    804

    Post

    if possible, i recommend going with 2k, dont ahve to worry about replication, once it is setup, your good as gold. also has built in IPSEC.
    just something to plug towards the boss man

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •