RE: AW: [suse-security] Network setup (howto configure iptables) ...
Ray,
Good question. Firstly it's a file server too. Secondly, the bulk of the mail is internal, so to minimize traffic across the firewall / router. And lastly because it's the domain controller for the internal network (also DHCP).
Put a mail relay (i.e. SMTP proxy) and a POP3 proxy into the DMZ. I wouldn't want such an important machine with as much sensitive data (user accounts) to receive packets directly from the Internet.. HTH Tobias
That is the plan in the near future, but for now they want it up ASAP since we are about to change ISPs. Ray "Reckhard, Tobias" wrote:
Ray,
Good question. Firstly it's a file server too. Secondly, the bulk of the mail is internal, so to minimize traffic across the firewall / router. And lastly because it's the domain controller for the internal network (also DHCP).
Put a mail relay (i.e. SMTP proxy) and a POP3 proxy into the DMZ. I wouldn't want such an important machine with as much sensitive data (user accounts) to receive packets directly from the Internet..
HTH Tobias
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ---------------------------------------------------------------------- Raymond Leach Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007 eMail:raymondl@knowledgefactory.co.za www:http://www.knowledgefactory.co.za "No matter where you go, there you are ..." ----------------------------------------------------------------------
participants (2)
-
Ray Leach -
Reckhard, Tobias