Thanks, > > > > Reason being, I would like Arkeia clients to be able to connect to an = > > Arkeia Server (Daemon) running on an e-smith box. > > serveronly mode is (as documented in the manual) only for use on _INTERNAL_ > networks. The mode was designed for use on internal networks where some > other machine is providing firewalling. Understood and is happening. The box in question is inside a firewall and a www server outside the firewall. And I just wanted to make sure that once the firewall access and port forwarding is in place, I was not being held up by any blocking on the internal machine (e-smith). So I can use this internal machine to backup the external machine. > The packet filters are disabled and all machines on the same subnet are > treated as "local" and thus allowed access to services such as SMTP, > Samba, etc. > > Public machines should all be configured in server-gateway mode, potentially > with an unused "local" interface. And yes, other modes have been discussed. I have done this to another e-smith machine outside the firewall running e-smith and as a mail machine only. And to allow this machine to accept SMTP connections from machines behind the firewall, I added a new local network of say 200.0.0.10 that is the IP of the firewall and gave a subnet mask of 255.255.255.255 and used the default route. This has allowed all masq'ed SMTP connections coming out of the firewall (200.0.0.10) to be accepted and if I assume correctly this mail machine is now safe? The only machine it trusts apart from itself is the one machine 200.0.0.10? And if that was compromised - well the mail would be of less a concern anyhow. :) Cheers, Richard.
