Off the top of my head the following are NOT required:
TCP 42
TCP/UDP 389
TCP 636
TCP/UDP 53 (You will need to have access to a DNS on both sides of
the LAN if you do not allow this.)
The others I am not sure about. You can avoid the pot hassles if you
setup IPSEC between the domain controllers.
Denny
-----Original Message-----
From: Ju Ne [mailto:ddjjembe1_at_hotmail.com]
Sent: Tuesday, March 01, 2005 11:16 AM
To: security-basics_at_securityfocus.com
Subject: Open ports to establish a one-way trust
We have a domain in our WAN that needs an Active Directory
one-way trust established with our domain. The change has been made in
Active Directory but we have been unable to test this new trust? What
ports
need to be opened at the firewall to allow this trust from a firewall
perspective? Are any of the ports listed below required for this trust?
TCP 135 - Microsoft RPC
UDP 137 - Netbios-ns
UDP 138 - Netbios-dgm
TCP 139 - Netbios
TCP 42 - WINS, Nameserv
TCP/UDP 389- LDAP
TCP 636 - SLDAP
TCP 3268 - MSFT-GC
TCP 3269 -MSFT-GC-SSL
TCP/UDP 53 -DNS
TCP/UDP 88 - Kerberos, www
TCP 445 - SMB
Thanks,
Djembe
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Received on Mar 02 2005
Intro
