access to hosted servers inside the firewall from inside vs outside
Uncle Jim
jim at jimani.com
Wed Jun 9 07:26:29 CDT 2004
On Tue, Jun 08, 2004 at 08:41:41PM -0500, hanasaki wrote:
> The
> use of the internal dns to resolve www.domain.com to the internal server
> also makes it impossible to find the external ip address for
> www.domain.com from an inside host (good for internal users/bad for
> admins that need to find the address and verify it)
You have a good DNS configuration, just reconfigure your admins to use
"dig @external.dns.com www.domain.com". It would also be VERY useful
to get an outside shell account for the admins.
> send internally sent email at domain.com using the smtp servers for the
> domain on the outside of the firewall and not require any internal smtp
> special configs. Not a clue how to do this.
In your DNS zone file for domain.com have something like
@ IN SOA ns.domain.com. hanasaki.domain.com. (
2004060900 ; Serial
.
.
.
domain.com. IN MX 50 local-smtp-host.domain.com.
IN MX 100 firewall.domain.com.
On your firewall have a smtp that will relay for domain.com.
Outside users will only be able to see firewall.domain.com and will send
mail there. Firewall.domain.com will be able to see local-smtp-host.domain.com
and will forward mail to it. Internal users will go directly to
local-smtp-host.domain.com.
--
Jim
More information about the Kclug
mailing list