Not sure if I understand so I'm going to try and interpret what you said. I likewise, do not have a DMZ. Everything is mapped thru a Cisco PIX firewall using NAT. I chose not to use the imail database anyway because I do not necessarily want to give an email account to every IM user. However, I am using the same IP address as my web server. I didn't think that port 80 traffic and port 5177/78 traffic would interfere with one another. Also, I'm running short on public IP's. But, are you saying that you created a DNS entry with a new public IP that you mapped through your firewall to you server and that is the ip you used in the NAT host box in IM_server?? See...,I told you I didn't understand.
Thanks James -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Smart Business Lists Sent: Wednesday, February 12, 2003 4:52 PM To: James Hyde Subject: Re: [IpswitchIM_Forum] NAT Problems and Solutions James, Wednesday, February 12, 2003 you wrote: JH> How then, did you route traffic to your server if yor DNS is pointing to JH> your firewall?? Did you map your gateway address to your server?? That would JH> cause me great security concerns. We don't have a dmz - just inside and outside. The mail server as well as most everything else is inside so it takes a NAT to get to it. So I wanted to use the IMAIL server database. But when the IM tried to send data back to the sender it tried to go back on the external connection of the mail server (and there are more than one since therre are both IP-less and IP-ful domains). But of course this is not possible since there is only one gateway from the mail server to the firewall. So users could connect and users could talk to other users but they could not see what they were typing themselves. And so sometimes there would be 2 message boxes open. So I solved it by eliminating IMAIL period and setting up the IM database. Then I made a DNS entry for im.example.com and put that in the gateway. I made a new NAT entry then for that dns external so that the back route was always going to the user. And that worked. Now the dev machine I tried it on first is just a single bastion host (loosely called) with IPSEC. And on that machine I had to open both 5177 incoming and 5178 outgoing to make it work but I was able to make the IMAIL server work on it. Terry Fritts To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/ipswitchim_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/ipswitchim_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/Instant_Messenger/index.asp
