Help with open ports list

[Andyleates]

Hi

Our firewall guy left on Friday, so I am on a steep learning curve here - here is my problem.

We have a win 2000 web server in a DMZ that is having problems with security. You can't browse user lists when changing security, the server takes an age to log on, etc, so I guess it's having trouble contacting the DC.

If I open up all tcp and udp ports it works fine.

Can someone look over the list of ports that were previously open and tell me if something is obviously missing?

53/udp DNS
1521/tcp SQLNET
88/udp Kerberos
123/udp NTP
135/tcp
389/tcp LDAP
389/udp LDAP
445/tcp
1026/tcp

Many thanks

Andy

Andy Leates MCSE CCNA MCP+I

 

[PIXThis]

looks like your server has a port being blocked. Not sure what port that might be but if you have PDM and you dont have a sniffer, try this trick. Allow the ports your allowing now and create an access list on the DMZ to deny any other traffic. Try to browses your list again and watch the access list under PDM monitor to see what traffic/ports your PIX is blocking on this ACL . This may tell you what ports your server is trying to use as PDM will show what is being denied. dont forget to return your ACL to it's original state.