On Friday 06 August 2004 07:53 pm, Ken wrote:> I''ve got a small network and have successfully used Shorewall on a
> single IP (static) and two interface setup for the past three years.
> The firewall also runs DNS, Apache and Sendmail. I''m planning on
> moving the web server and mail to a DMZ machine and setting up a three
> interface configuration.
>
> As I sit here thinking ahead, I''m not sure I understand how the
mail
> server would operate on the DMZ. Doesn''t sendmail require a live
IP
> address? If I wanted my DNS to also reside on the DMZ, can these
> services function properly on a local address? Does Shorewall need to
> be installed on the DMZ machine as well?
>
> The Three-Interface Firewall guide is fairly straight forward as far
> as the firewall goes. I''m not sure I really understand the DMZ
setup
> (if any). Or is just simply setting up the gateway from the DMZ to the
> firewall sufficient?
>
> Thanks,
> Ken
All you need do is have port 25 (incoming) routed to the dmz machine
and allow outbound 25 from that the dmz machine outward to the
net, (and presumably only the DMZ machine can get out on 25, so
as to keep any worms that get in from getting out again).
If you allow people to pop their mail from outside then 110 must
also go to the dmz machine.
Sendmail will be happy.
--
John Andersen - NORCOM
http://www.norcomsoftware.com/