> Well, your problem is you're using exchange... > > You can fairly easily put a firewall between the exchange box and the > internet, because all the involved protocols are standards > based and well > documented. > > Microsoft networking, however, (including high-port traffic > you mention, > above) gets very upset if all parties are not in the same > broadcast domain > (MS Motto: What's a router?!?). This makes life with > subnetted networks > and routers tricky at best, and frequently downright > impossible (at least > without paying big $$$ for lots of MS server licenses). > > Unless someone with exchange experience chimes in (I've > stayed as far away > from exchange as I can), you'll probably need to ask your > question on a more > MS centric list and/or search google/MSDN for information on putting a > firewall between your exchange server and clients.
I've located such information. However, I need to know where I can punch holes between the DMZ and the LAN. Do I do that in the /etc/network config file? > > NOTE: If you're moving the exchange box to the DMZ mainly because of > concerns that it might get hacked, an alternative would be > to install an > SMTP server in the DMZ that simply forwards mail to the > exchange box sitting > on the internal LAN, shielding it from the 'raw' internet in > the process. I've thought about doing that. I installed a smtp proxy in the DMZ but I found I could not forward smtp packets from the DMZ to the LAN using Dachstein. I may be missing something here but I cannot find documentation on the 'Net where I can open ports between the DMZ and the LAN. ~Doug ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
