On Sun, 18 May 2003 20:37:13 -0700 (PDT), Jon Yeargers
<jony@lupinesystems.net> wrote:
> In the example of DNS configuration in
"shorewall_setup_guide#DNS" the
> impetus seems to be to have static, routeable (non RFC1918) addresses for
> all servers that have external visibility (DNS, WWW, mail, etc). Is this
> the preferred method? (looking at the setup for the author this seems to
> be used there too).
In cases where there are sufficient public addresses, I prefer to use them
for my internet-accessible servers. Since I wrote the setup guide and
designed my own network, it is natural that both reflect my preference.
Note that I only have a single server and it offers all of these services
(although over the weekend, I installed a second MTA on my firewall for
Virus scanning and Spam Filtering of incoming email.
> At this point I have everything running through a
> single IP and am using port forwarding to sort out the various bits of
> incoming data to the various machines responsible for each (WWW, mail,
> and soon, DNS). Granted that I only have one DNS server this way but
> seeing as how I have nothing without that one connection it
doesn''t make
> alot of
> sense to me to be able to make my address information available if the
> network itself is not.
I only have a single DNS server on the premises -- my secondary is in
Texas.
>
> Am I making a mistake by doing it this way? Or is it simply a matter of
> preference?
>
If you have just the single public IP address, then you are doing it the
only way possible.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net