Re: [IMail Forum] PIX

Tue, 05 Sep 2000 08:36:43 -0700 

Sort of OT, but can anybody point me to a good primer on DNS resolution from
behind a NAT firewall?  How do the PCs behind the NAT resolve to a server
also behind the NAT, while still letting people on the outside access the
NAT servers too?  I've got the IP mapping stuff working, just not the
internal DNS for the NAT'd boxes.

-Steve

----- Original Message -----
From: "Cal Frye" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 05, 2000 9:51 AM
Subject: Re: [IMail Forum] PIX


> [EMAIL PROTECTED] wrote:
> >
> > I have recently begun preparations for going live with iMail for a 2000
user organization.  I have a PIX 515 firewall with one inside and one
outside interface.  From what I understand, I can still place public mail
and web servers inside my protected NAT area.  I was wondering if anyone
else has done this with PIX 515 and iMail, as I have not and was curious as
to if there are any issues.  The config would resemble:
> >
> > fixup protocol smtp 25
> > static (inside, outside) <public ip> <private ip>
> > netmask 255.255.255.255 10 10
> > conduit permit tcp host <public ip> eq smtp any
> > conduit permit tcp host <public ip> eq 113 any
> >
> > Any suggestions would be appreciated.
> >
> > ---webmail
> > Please visit http://www.ipswitch.com/support/mailing-lists.html
> > to be removed from this list.
> >
> > An Archive of this list is available at:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>
> Carefully check the syntax for the alias command, which permits hosts on
> the inside to use DNS to find your mail server. DNS will return the
> "outside" address, and the alias command translates that back into the
> "inside" address. But be careful with the syntax, I seem to remember it
> was the reverse of the way we set it up originally. If you need further
> help, please email me directly, and I'll study our config in more detail
> to refresh my memory and be more specific. (Mind like a steel sieve!)
> [EMAIL PROTECTED]
>
> --
>   "If you lend someone $20, and never see that person again, it was
> probably worth it."
>
> Cal Frye, Western Reserve Academy, Hudson, Ohio
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>

Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/

Reply via email to