Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
cannot join an AD DC on a LAN from DMZ
« previous
next »
Print
Pages: [
1
]
Author
Topic: cannot join an AD DC on a LAN from DMZ (Read 2084 times)
rickeyw
Newbie
Posts: 13
Karma: 0
cannot join an AD DC on a LAN from DMZ
«
on:
April 22, 2020, 01:44:12 pm »
Good morning Everyone,
I couldn't find a similar one to the topic I am starting so I apologize if a repetition occur.
I am trying to join an MS Win 10 from my DMZ to an AD- server (MS Server 2016) into my LAN.
I did a research, and the port listed into the attachment are the ones that supposed to be opened but I think, I still miss something because I am still not able to join the domain.
Can you, please give a hand with this issue ?
Best,
rickey
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: cannot join an AD DC on a LAN from DMZ
«
Reply #1 on:
April 22, 2020, 02:06:32 pm »
Sorry, but I do not have this NSA zoom software that can scale up picture from nothing to readable by adding useful pixels
I guess these ports are open:
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
rickeyw
Newbie
Posts: 13
Karma: 0
Re: cannot join an AD DC on a LAN from DMZ
«
Reply #2 on:
April 22, 2020, 02:18:56 pm »
Sorry for this @hbc
The limitation of 256 KB for file does it. If you are on Windows, you can right click on it, and "Edit", and when "Paint" opens it, "Resize", "Pixels", and anything bigger than 1500 into "Horizontal" will make it back pretty.
Basically, I used the attached one.
In the link you sent me I need to open the "Server" ones ?
Best,
rick
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: cannot join an AD DC on a LAN from DMZ
«
Reply #3 on:
April 22, 2020, 03:41:29 pm »
Yes, you need the server ports. The main problem are those RPC ports which are dynamic. Thus you have to open a pretty wide range of ports.
Usually clients connect to RPC mapper (135) and get as return the dynamic high port which they should connect to. Nightmare for every firewall. For linux firewall exist RPC connection tracking modules which monitor the returned port from RPC mapper and allow connections to it. Did not see sth similar for pf.
I restrict the RPC range from 49152-50152 and hope that 1000 ports are enough for my clients
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
rickeyw
Newbie
Posts: 13
Karma: 0
Re: cannot join an AD DC on a LAN from DMZ
«
Reply #4 on:
April 22, 2020, 05:33:02 pm »
Thank you very much @hbc !
Let me do as advised, and I will revert to you tomorrow.
Best,
rick
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
cannot join an AD DC on a LAN from DMZ