Hi,
----- Original Message -----
From: MJ Ray
adrian.wells
wrote: server (Imail) uses a public address and will be behind the proxy. The helpful chap at RM said "you want reverse hosting on your squid box" - cant find anything about it.
I'm not 100% sure, but I think this isn't anything connected to squid. In retrospect I'm sure that your right regarding squid.
It sounds more like some sort of policy needs configuring on the router, assuming that you want the email server to be accessible from outside. Most likely this is done using iptables if the router uses GNU/Linux, but without knowing specifics it's hard to give useful advice. Yes the proxy box runs SuSE 7.2 while the fileservers run NT4. We want to keep our email hosted from the same server that it's on now, but we want to give everything 'inside' of the squid box a private address.
At the very least, the email server should not be left on the same network as the "private" systems. Putting the proxy "in series" with the router seems odd, but you may have your reasons. By 'in series' I mean that the squid box will sit between the router and the private network. We are using ARP on squid to limit users logging laptops onto the network. As some of them (so all of them!) know the address of the router, they can bypass our proxy. Having looked more closely we have 23 (.0 to .22) public addresses.
According to RM it seams that we need to set up a reverse look-up on the squid box so that the mailgate is contactable from outside (as it is now) and they will make adjustments in their DNS, That's as much as I can get out of them. maybe because they sell a similar system>
Normally, I would put the web proxy and mail server in one network, the private machines in another and configure the router accordingly. Agreed, but if we fiddle too much RM will not support the system, which is understandable.
I'm not sure whether running an SMTP gateway on the proxy is a good idea. Be aware of the increased security risk, but presumably it is monitored very closely already, so it might be the best bet. I don't think that running SMTP (as such) is the idea, I think that the idea is to fool the outside world that 10.10.1.2 is really 212.173.132.2 but I may have hold of the wrong end of the stick. At the moment our squid box has two NIC 212.173.132.5 & 6 the former will become 10.10.1.5 which will allow internet access on port 3128 after I change the w/s hosts files, the latter will connect to the router.
I've been trawling the net, but I don't think I understand the problem sufficiently to ask the right questions - It was all very simple until the mailserver entered the equation! :-) Kind regards Adrian