D Garside wrote:
I have configured sendmail so that we have internal email and we can access the net via our firewall box (smoothwall) and router. We are able to send surf and emails out into the world (route: network (192.168.1.x) -> firewall -> router -> ISP (Demon)).
That's good.
My problem is that the outside world cannot see us. I have assigned the two
What do you mean exactly? The outside world can get back to you, otherwise you wouldn't be able to get anything useful through the firewall, as TCP traffic is two-way communication.
IP addresses given to me by the ISP to the router and outward facing port of my firewall but although I can travel out (therefore the connection is working) nothing can see me. My ISP thinks that the problem is a DNS issue.
Things should be able to see you, as I've just mentioned above. From a remote machine, see if you can ping the IP address of the firewall.
I (foolishly?) used my BECTA registered address myschool.LEA.sch.uk which Demon (ISP) know me by. However they argue that because LEA.sch.uk is not registered with anyone no-one has domain authority to forward stuff to me - there is a gap between sch.uk and myschool.LEA.sch.uk.
Err... Even is LEA.sch.uk itself doesn't exist in DNS records, that doesn't mean that myschool.LEA.sch.uk can't. For example, if I have the domain foo.com, then I can create a DNS entry that resolves baz.bar.foo.com. However, I do not need an entry for bar.foo.com. Does that make any sense? :) Is myschool.LEA.sch.uk pointing to the IP address of your firewall?
Does this sound reasonable? I wonder if I haven't made a complete hash (pun intended) of my sendmail, DNS etc setup, but I am O'Reillyed out and would welcome advice from a fresh angle. (I half suspect I have gaping security holes the size of Micro$ofts ethical defecit!)
Could you explain a bit further what exactly is wrong, please? Could it be that the firewall is blocking ports that you actually want to allow access to? If you want to check for potential security holes, then one of the most useful tools that I've found is nmap. It's a port scanner; install it on a machine, and simply run "nmap <host.to.scan>". Hopefully there's been some slightly useful content in this message :-) Dan