Hello Bill Cole. At 12:35 -0500 23.01.2002, you wrote:
>At 8:17 AM +0100 1/23/02, Christian F Buser imposed structure on a >stream of electrons, yielding: >>Hello, >> >>Is it possible to define an IP range which should be considered as >>"client" in one of the following situations: >> >>(a) I get a line connected to a router. The router has the official >>IP address 123.123.123.58, a web server has the official IP address >>123.123.123.59, SIMS has the official IP address 123.123.123.60, >>and all my other computers have internal IP addresses only. The web >>server and SIMS are "outside", and don't have an internal address. >> >>(b) I get a line connected to a router. The router has the official >>IP address 123.123.123.58, a web server has the official IP address >>123.123.123.59, SIMS has the official IP address 123.123.123.60, >>but both addresses for the web server and SIMS are automatically >>translated to an internal address. >> >>(c) I get a line connected to a router. The router has the official >>IP address 123.123.123.58, the connections to the Web server and to >>SIMS are distributed via the same IP address using address >>translation. The web server and SIMS are using one of the internal >>IP addresses. > >You haven't explained which machines need to send mail via SIMS in >any of the 3 cases, so it's hard to say what you need to set up as >client addresses. Thought that was obvious: those clients that are on the internal addresses, in all 3 cases. >In general, if you have a SIMS machine that has an 'internal' (i.e. >RFC1918) address and your router is properly configured to NOT pass >anything from the outside aimed at such addresses, you should have >whatever internal range of machines which need to send mail as SIMS >clients. If the SIMS machine has no internal interface, then all the >internal machines will going through some sort of NAT before hitting >SIMS and that NAT address will need clearance. Yes, and this is the point. When I have a line which gives me some "official" addresses, and I put the SIMS server on one of these "outside" addresses, I may probably not say that the internal addresses are "clients". >I think the best setup is (c) since it lets you keep the details of >your network private from the world. The only reason to start >putting anything outside a NAT'ing router is for services that >actually break under NAT or when you need to expose discrete >instances of the same service (which is technically possible with >NAT but can get hairy) I have already set up a web server on such a configuration (WebTen 3), and it was a real pain... The point for my question is: I just don't want to force internal users to do "POP before SMTP" or "SMTP auth", if it can be solved in a different way. Thank you, Christian. -- Christian F. Buser, Hohle Gasse 6, CH-5507 Mellingen (Switzerland) Look at <http://www.rumantsch.ch/christian/welcome.html> Die Natur gab uns zwei Ohren, aber nur eine Zunge (Zulu). ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
