I am pondering a design question. I want to set up an FTP server in my DMZ. In the past, I would throw up a server and put FTP on it, and setup local users or users to the FTP service and let that all work like that.
One of the requirements this time around is to have Active Directory authentication. This is where I start to wonder.
In some configurations, I would just NAT an address thru the firewall, ports 20 and 21, to the actual server, and then leave it on the production network, connected as a server in AD. I know that opens up some vulnerabilities, but it does solve my authentication problem.
So, if I put it in the DMZ, what do I need to have open for that server to be active in Active Directory? Is this a good design decision?