Microsoft clients logon - Mogens Valentin

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Mogens Valentin <monz@danbbs.dk>
To: Netfilter <netfilter@lists.netfilter.org>
Subject: Microsoft clients logon
Date: Thu, 17 Jul 2003 10:08:25 +0200	[thread overview]
Message-ID: <3F165979.B35B4411@danbbs.dk> (raw)

After rewriting an ipchains firewall to iptables, I've got problems
having M$ clients logon to an w2k server; that is,  I do not administer
that server, so it actually might not be my firewalling.

The w2k server is on a dedicated internal serversegment, clients are on
three other segments. Problem clients are winxp.
It takes a looong tme to logon (I'm told upto nearly half an hour),
other traffic no problem; it' only the login procedure.

So far, I forward M$ related tcp/udp ports 137:139, 445, 135, ldap,
kerberos in both directions between server and client segments.
Tcpdump shows traffic on these ports in both directions, leading me to
believe it should work.

Port 135 is "DCE endpoint resolution", which is an rpc service, and
AFAIK very basic for M$ networking.
Googling for DCE endpoint resolution reveals that others have  had
problems here. What I found didn't really tell if those writing about it
really understood what's going on, neither what kind of firewall were
used.

-- 
Kind regards / venlig hilsen,
Mogens Valentin, Mr Dev

IT Networking, Security, Server Setup
www.danbbs.dk/~monz   mrdev@danbbs.dk

next             reply	other threads:[~2003-07-17  8:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-17  8:08 Mogens Valentin [this message]
  -- strict thread matches above, loose matches on Subject: below --
2003-07-17 16:17 Microsoft clients logon Daniel Chemko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F165979.B35B4411@danbbs.dk \
    --to=monz@danbbs.dk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox