We want to do what many may consider a security risk - allow Windows
NT ports 137,138 and 139 between initially three geographically separate sites.
We are wanting to run a Windows NT domain over our TCP/IP based
WAN ( which is connected to the Internet ) - through CISCO routers and a
Gauntlet 3.2 firewall running on SunOS 4.1.4 based host ( which will later
this year be running Gauntlet 4.0 for Solaris ).
Our site is the only one with a proxy-based firewall.
The plan is to have ip-helper and forward running on the gateway CISCO
at each site. On the firewall we will configure packet screening to
allow ports137,138 and 139 from our internal NT servers to 137, 138 and 139
on the external NT servers and also to the same ports on our gateway router.
Has anyone sucessfully done just this, or know if it can be done ?
Basically - will someone at another of our sites be able to join or log
in to our domain if the PDC is at our site, behind our firewall ?
Thanks for any help,
AU Network & Systems Administrator
Biomolecular Research Institute Computing Section
343 Royal Parade, Parkville, tel: +61 3 9662 7372
Victoria 3052 Australia fax: +61 3 9662 7346