Hi all, running Dachstein 102CD using extended firewall scripts.
Am now planning on moving a very hardened Exchange box from the internal network to the DMZ. It has a web interface. What I need to ensure is the following: 1) clients from internal network can access their mailboxes on the Exchange box in the DMZ. 2) allow external clients to access web interface of the Exchange box from Internet. I've set the DMZ type to PRIVATE and assigned a different private network number (192.168.2.x) to it. ############################################################################ ### # DMZ setup (optional) ############################################################################ ### # Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO) DMZ_SWITCH=PRIVATE DMZ_IF="eth2" DMZ_NET=192.168.2.0/24 Set up port forwarding as follows: # PRIVATE DMZ switches ############################################################################ ### # Services port-forwarded to the DMZ network # Indexed list: "Protocol LocalIP LocalPort RemoteIP [ RemotePort ]" DMZ_SERVER0="tcp $EXTERN_IP smtp 192.168.2.4 smtp" DMZ_SERVER1="tcp $EXTERN_IP 8080 192.168.2.15 www" DMZ_SERVER2="tcp $EXTERN_IP 8000 192.168.2.4 www" DMZ_SERVER3="tcp $EXTERN_IP www 192.168.2.2 www" DMZ_SERVER3="tcp $EXTERN_IP 443 192.168.2.2 443" Before I move the Exchange box, I decided to test the existing NETWORK.CONF file by placing a laptop in the DMZ and assigning 192.168.2.4 to it. I can ping it from the internal network but I am finding that I cannot ping 192.168.1.1 or anything in the 192.168.1.1/24 network from 192.168.2.4. Is that normal behavior? Would Outlook clients in the internal network be able to access the Exchange box inside the DMZ in the normal manner as if it was inside the internal network? Does hosts in the DMZ have access to the private DNS records that are available to the internal network hosts? Do I need to establish DNS records on the public dns server for any of the hosts in the DMZ in order for the internal network hosts to be able to reach DMZ hosts? ~Doug ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
