similar to: Exchange Server in DMZ

How would I use Big Brother with Shorewall and my loc and dmz zones to monitor hosts in both zones? If Big Brother''s server is on my LAN (loc) is it "safe" to forward the bb port from the dmz to the LAN? What would the security risks of this be? Common sense says that it may not be a good idea to forward stuff from the dmz to the LAN, but I''m inexperienced and unsure

Hiya, My two cents here .. I use a locked down Linux Sendmail relay (use sendmail null-client feature on any spare old server or PC) in my DMZ to relay Mail to the exchange server in my local zone. Its sort of the moat you have to cross over to get at the castle walls and the hot oil dumped on your head approach. Francesca C. Smith Lady Linux Internet Services 1801 Bolton Street # 1 Baltimore,

Guys, I've had a weird problem with Sendmail misbehaving in a way I don't really understand. I've worked round the problem but I'd like to understand what was going on. The MX for one of our domains, blah.com, pointed at an internal Exchange server. Mail relayed to a Sendmail MailScanner which then delivered to Exchange for this domain. The domain expired leading to all its mail

Hi, I have a box running with iptables and iproute2. it has 3 ethernet cards. One for the internet. another for LAN and yet another for DMZ. @ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall. Now , I want to forward port 80 to theese 3 web servers. How can I do it? I searched a lot from google. But, still no luck. -- Thank you Indunil Jayasooriya

Hi, in a three interface firewall I have eth0, loc, 10.1.5.1/16 eth1, int, 200.41.61.228/29 eth2, dmz, 192.168.1.1/24 (un)fortunately I got a group of public ip?s to use, so here is my problem in the dmz I have 192.168.1.3 redirected from eth1 alias 200.41.61.226 (a web server, works perfect). I am trying to set up a mail server also, a different machine, so I can?t use proxyarp, as with this,

Hi all, I set my sendmail.mc file to have a SMART_HOST entry of mail.xyz.com I do "make" and "service sendmail restart" ... I should be good, but no. :) If I do "host mail.xyz.com" I get the correct address and if I "telnet mail.xyz.com 25" I get a connection. however when I do a test mail - its trying to RELAY to another host. I thought SMART_HOST was

Hi, I have a network with 4 NIC, one external, DMZ, and two internal, B & C. It has been setup correctlly and working now. The problem I have now, is any client workstation running on network B, MSWindows 2K / XP / NT cannot connect to the primary domain controller which is in network C. The clients cannot even see the network domain in the explorere window. I believe the problem is

Hi Guys, I have been trying to configure shorewall 1) Internet Access to internal users 2) Have a DMZ that will house atleast 6 mail / web / ftp servers that will server our existing group companies outside our physical location. 3) Setup openvpn between our location and our group companies . What i have done so far is : - Created the 3 zones with the IP ranges as below. DMZ:172.16.10.x

I've been trying to do this for days, and I think I'm really close. It's become one of those so-close-yet-so-far sorts of things. I'm running Gentoo -- all sync'ed up and current as of a week ago -- with the following package versions: openldap-2.1.30-r5 pam_ldap-178-r1 nss_ldap-239-r1 smbldap-tools-0.9.1-r1 phpldapadmin-0.9.5 (very cool, I must say!) samba-3.0.14a-r2

hi dovecot mailinglist - Configuration FreeBSD-9.3 sendmail -d0.1 == sendmail-8.14.9 <<-- dovecot --version == dovecot-2.2.15 # =================================================================== # I'm trying to get sendmail to invoke dovecot.m4 ( dovecot-lda ) to # deliver emails to dovecot's virtual users ( /etc/dovecot/passwd ) # or mysql/postgresql virtual users #

I would like to setup dovecot (1.1.20) with LDAP virtual users, but I don't seem to understand how to get my sendmail to accept mail for the virtual users. (I am rather new to this, so I may have some misunderstandings) I have followed - wiki.dovecot.org/HowTo/DovecotOpenLdap (OpenLDAP 2.3.43) and I think I have IMAP working for virtual users. I can connect to port 143, enter a username and

I think I've found a bug in the LDAP stuff. I've got a LDAP backend setup based on the idealx scripts. When I try to join a machine to my domain, I get the following. The important bit I want to point out is that the LDAP search is looking for (a lot of) properties, but it seems to be looking for _ALL_ objectClass=sambaSamAccount's. At this point in the trace, it should be trying to

I have a sendmail question. Can someone point me to a list appropriate to get some sendmail.mc help?

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

From reading the documentation, I understand that it is recommended to put servers that may be at risk in a DMZ served via proxy-arp. In this case, the local clients that are behind a NAT would have their connections to the DMZ masqueraded, yes? Is there any way around this that would still be considered secure? Just looking for advice. Thanks, A.

I am trying to add a machine into my dmz. It is the first machine I''ve ever added to this dmz and fro some reason I cannot establish communication between the dmz and the machine. Here is an example of my setup: ISP router --> firewall (eth0) firewall (eth1) --> local network firewall (eth2) --> DMZ eth0 and eth2 have public IP addresses as does the machine I just added to

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

I have a Smoothwall server on my network and am running three network interfaces off it. 1) local LAN 192.168.0.0 with PCs and an internal dovecot server on 192.168.0.154. 2) internet interface 3) DMZ 192.168.2.0 which has a linux web server 192.168.2.1 on which I want to install a webmail so I can access my email remotely. Originally 192.168.2.1 couldn't see the 192.168.0.0 network but with

Having some painful problems with the dovecot lda and getting it to (a). Just work (b). Work with sendmail This is how I have dovecot setup (appropriate dovecot.conf snippets included) protocol lda { module_dir = /usr/local/lib/dovecot/lda postmaster_address = postmaster at bradphinney.com auth_socket_path = /var/run/dovecot-auth-master } auth default { .... # passwd-like file with

Hello !! I ve just install shorewall-common and shorewall-shell I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts fast eth2:172.17.0.0/16 epac eth2:172.18.0.0/16 fsa eth2:172.19.0.0/16 bu eth2:172.20.0.0/16 recto eth2:172.21.0.0/16 dmz eth1:81.91.225.224/27 I receive this error: ERROR: Invalid zone definition for