Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: AW: [suse-security] Network setup (howto configure iptables) ...
- From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 Nov 2001 16:48:08 +0200
- Message-id: <3BF132A8.F10F8426@xxxxxxxxxxxxxxxxxxxxxx>
Hi
Good question. Firstly it's a file server too. Secondly, the bulk of the mail is
internal, so to minimize traffic across the firewall / router. And lastly
because it's the domain controller for the internal network (also DHCP).
Ray
Peer Stefan wrote:
> just asking, but why is the mail-server located within the internal network?
>
> -----Ursprüngliche Nachricht-----
> Von: Ray Leach [mailto:raymondl@xxxxxxxxxxxxxxxxxxxxxx]
> Gesendet: Dienstag, 13. November 2001 14:34
> An: security
> Betreff: [suse-security] Network setup (howto configure iptables) ...
>
> Hi
>
> Help please !
>
> I'm trying to setup my network as follows:
>
> +----------------+
> | Internet |
> +-------+--------+
> |
> +-------+--------+
> | | DMZ +----------------+
> | Firewall +-----+ 192.168.1.0/24 |
> | | +----------------+
> +-------+--------+
> |
> +-------+--------+
> | 10.0.0.0/24 | <- Internal network
> +-------+--------+
> |
> +-------+--------+
> | LAN Users |
> +----------------+
>
> Here's the situation:
>
> In the DMZ there are web servers that need to be browsed from the
> internet for ftp, http, tomcat (21,80,8080)
> In the Internal Network there is a mail server with a private ip of
> 10.0.0.3 that needs to accept pop3 and smtp from the internet and send
> smtp to the internet.
> The internal network must be able to browse, ftp via a transparent proxy
> on the firewall.
> The internal network must be able to browse, ftp to the DMZ.
> The DMZ needs to send smtp to the mail server on the internal network.
>
> Can someone tell me what rules I should define to set all this up. I
> have tried several things and I haven't ironed out all the crinkles yet.
> I haven't managed to get the mail part working.
>
> Ray
>
> --
> ----------------------------------------------------------------------
> Raymond Leach
> Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007
> eMail:raymondl@xxxxxxxxxxxxxxxxxxxxxx
> www:http://www.knowledgefactory.co.za
> "No matter where you go, there you are ..."
> ----------------------------------------------------------------------
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
--
----------------------------------------------------------------------
Raymond Leach
Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007
eMail:raymondl@xxxxxxxxxxxxxxxxxxxxxx
www:http://www.knowledgefactory.co.za
"No matter where you go, there you are ..."
----------------------------------------------------------------------
Good question. Firstly it's a file server too. Secondly, the bulk of the mail is
internal, so to minimize traffic across the firewall / router. And lastly
because it's the domain controller for the internal network (also DHCP).
Ray
Peer Stefan wrote:
> just asking, but why is the mail-server located within the internal network?
>
> -----Ursprüngliche Nachricht-----
> Von: Ray Leach [mailto:raymondl@xxxxxxxxxxxxxxxxxxxxxx]
> Gesendet: Dienstag, 13. November 2001 14:34
> An: security
> Betreff: [suse-security] Network setup (howto configure iptables) ...
>
> Hi
>
> Help please !
>
> I'm trying to setup my network as follows:
>
> +----------------+
> | Internet |
> +-------+--------+
> |
> +-------+--------+
> | | DMZ +----------------+
> | Firewall +-----+ 192.168.1.0/24 |
> | | +----------------+
> +-------+--------+
> |
> +-------+--------+
> | 10.0.0.0/24 | <- Internal network
> +-------+--------+
> |
> +-------+--------+
> | LAN Users |
> +----------------+
>
> Here's the situation:
>
> In the DMZ there are web servers that need to be browsed from the
> internet for ftp, http, tomcat (21,80,8080)
> In the Internal Network there is a mail server with a private ip of
> 10.0.0.3 that needs to accept pop3 and smtp from the internet and send
> smtp to the internet.
> The internal network must be able to browse, ftp via a transparent proxy
> on the firewall.
> The internal network must be able to browse, ftp to the DMZ.
> The DMZ needs to send smtp to the mail server on the internal network.
>
> Can someone tell me what rules I should define to set all this up. I
> have tried several things and I haven't ironed out all the crinkles yet.
> I haven't managed to get the mail part working.
>
> Ray
>
> --
> ----------------------------------------------------------------------
> Raymond Leach
> Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007
> eMail:raymondl@xxxxxxxxxxxxxxxxxxxxxx
> www:http://www.knowledgefactory.co.za
> "No matter where you go, there you are ..."
> ----------------------------------------------------------------------
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
--
----------------------------------------------------------------------
Raymond Leach
Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007
eMail:raymondl@xxxxxxxxxxxxxxxxxxxxxx
www:http://www.knowledgefactory.co.za
"No matter where you go, there you are ..."
----------------------------------------------------------------------
| < Previous | Next > |