I am having problems routing behind the firewall and would like your advice. I read your example for dns when its behind the firewall but thought you might have another way! I have ips 192.168.122.x with two different flavor email servers which are on the same hub behind the firewall. How do you recommend I enable mail to flow from one to the other considering I use dnat and both servers are obtaining their dns from the outside? Currently the firewall is dropping the traffic because it sees it trying to go out and come back in. Btw I used the two-card template to start! Thanks for all your help you''ve always been great!
On Wed, 31 Jul 2002, Thad Marsh wrote:> I am having problems routing behind the firewall and would like your advice. > I read your example for dns when its behind the firewall but thought you might have another way! > > I have ips 192.168.122.x with two different flavor email servers which > are on the same hub behind the firewall. > > How do you recommend I enable mail to flow from one to the other > considering I use dnat and both servers are obtaining their dns from the > outside? Currently the firewall is dropping the traffic because it sees > it trying to go out and come back in.Are these servers running some flavor of Unix? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Ones a Linux box with qmail the other is an exchange server! Thad Marsh President Marsh Technology Group, LLC. 15 East 21st Street Huntington Station, New York 11746 Phone: (631) 385-7250 Fax: (631) 673-3951 thad@marshtek.com -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wednesday, July 31, 2002 7:12 PM To: Thad Marsh Cc: Shorewall-users@shorewall.net Subject: Re: [Shorewall-users] routing question On Wed, 31 Jul 2002, Thad Marsh wrote:> I am having problems routing behind the firewall and would like your advice.=20 > I read your example for dns when its behind the firewall but thought you might have another way! > > I have ips 192.168.122.x with two different flavor email servers which > are on the same hub behind the firewall. > > How do you recommend I enable mail to flow from one to the other > considering I use dnat and both servers are obtaining their dns from the > outside? Currently the firewall is dropping the traffic because it sees > it trying to go out and come back in.Are these servers running some flavor of Unix? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wed, 31 Jul 2002, Thad Marsh wrote:> Ones a Linux box with qmail the other is an exchange server!Hmmm - then it looks like you are going to have to adopt one of the kludges described in FAQ 2/2a. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom, This network is solely for external purposes and has no connection to my real internal network. In a sense it is a dmz only I don''t have a third card on the firewall. =20 What other dangers do you foresee if I implement 2 and 2a? Thad Marsh President Marsh Technology Group, LLC. 15 East 21st Street Huntington Station, New York 11746 Phone: (631) 385-7250 Fax: (631) 673-3951 thad@marshtek.com -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wednesday, July 31, 2002 7:22 PM To: Thad Marsh Cc: Shorewall-users@shorewall.net Subject: RE: [Shorewall-users] routing question On Wed, 31 Jul 2002, Thad Marsh wrote:> Ones a Linux box with qmail the other is an exchange server!Hmmm - then it looks like you are going to have to adopt one of the kludges described in FAQ 2/2a. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wed, 31 Jul 2002, Thad Marsh wrote:> Tom, > > This network is solely for external purposes and has no connection to my real internal network. In a sense it is a dmz only I don''t have a third card on the firewall. > > What other dangers do you foresee if I implement 2 and 2a? >No dangers -- just silly to have two systems on the same LAN segment forwarding there traffic to each other through a third system... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I agree this is not what I really what to do but I need to be able to resolve and get the mail from server a and b behind the firewall. Bind 9 seems like it will work for the qmail box but was hopping to keep from installing a dns server on that. As for ms dns have no idea on how to replicate bind 9 views? -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wednesday, July 31, 2002 7:29 PM To: Thad Marsh Cc: Shorewall-users@shorewall.net Subject: RE: [Shorewall-users] routing question On Wed, 31 Jul 2002, Thad Marsh wrote:> Tom, > > This network is solely for external purposes and has no connection to my real internal network. In a sense it is a dmz only I don''t have a third card on the firewall.=20 > > What other dangers do you foresee if I implement 2 and 2a? >No dangers -- just silly to have two systems on the same LAN segment forwarding there traffic to each other through a third system... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wed, 31 Jul 2002, Thad Marsh wrote:> I agree this is not what I really what to do but I need to be able to > resolve and get the mail from server a and b behind the firewall. > > Bind 9 seems like it will work for the qmail box but was hopping to keep > from installing a dns server on that. As for ms dns have no idea on how > to replicate bind 9 views? >I''ve educated myself a bit more about Windows DNS resolution and I think that you can do it this way: On each system, place an entry in the hosts file refering to the other server and using the server''s internal IP. The Exchange box''s host file is in <systemroot>\system32\drivers\etc\hosts. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
I have a 100baseTX only hub that my network is plugged into. I''d like
to
connect a laptop with a 10baseT only lan card to the network by connecting
it with a crossover cable to a box on the network that has an extra 10/100
card. In other words, the existing box with the 2 cards would just let
everything to or from the laptop pass right on through with no filtering.
My question: is there a route I can add to do this, or do I need an iptables
rule?
Sincerely,
Jim Hubbard
.--.
|o_o |
|:_/ |
// \ \
(| | )
/''\_ _/`\
\___)=(___/
Rockingham County Linux Users Group
www.rock.lug.net
____________________________________