Sorry for the delay in replying, been out of the office.
I think I am a bit confused here. You don't want to open the firewall for
POP3 message retrieval, but isn't there already a hole for the head office
to get their mail from the server on the DMZ ?
If you want the remote sites to pick up their mail from "inside" you're
going to have to open a hole in your firewall to allow the traffic from
the remote sites. A couple of alternatives to opening a hole are:
- some sendmail aliasing for moving mail from the DMZ to
an internal ( inside the firewall ) mail server for the remotes to
access
- internal mail server with all mail proxied through the firewall
- routing remote mail access traffic out the remote sites 'Net connection
and then allow the traffic into your DMZ
Needless to say, these are probably not all the alternatives, and
certainly at least one of them is pretty ugly.
Anyways, after reading through your original message again, I still think
that the "best" way to do this, given the info you supplied, is to set up
a combination of static and default routes. You might consider augmenting
this set up with a mail proxy ( I *think* the TIS fwtk has a pop3 proxy )
for *all* "internal" access to the email server on the DMZ.
Just, my .02 cents worth.
> Not really - I thought of the default route, but each remote
> would have its own Internet connection, but still need to access the
> "Internet" (public addresses) of the email server(s) from within
> inside! (I don't want to open the firewall at the main site for POP3
> message retrieval from the Internet) ... does it make sense ?!?
> And, also, if possible - any real life hardware experience with
> ISDN dial-on-demand + firewall + NAT or proxy on a "cheapo"
> implementation ...
> Thanks again,
> Calin
>
===================================================================
Larry Chin {[EMAIL PROTECTED]} Technical Specialist - ISC
Sprint Canada 2550 Victoria Park Avenue
Phone: 416.496.1644 ext. 4693 Suite 200, North York, Ontario
Fax: 416.498.3507 M2J 5E6
===================================================================
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
