HI All,
We have a linux Firewall in front of a Exchange Server (Win2k Server) (which
is also the WebFTP server - with IIS) which work fine!
We have a DNS Server which act also as a Proxy server (MS-Proxy v2.0 on
WindowsNT 4.0) with address forwarding (for Web and FTP) to our
Exchange/Web/FTP serveur.
The firewall use NAT as well as ipmask. It has 2 network cards (one
internal, one external). We're using Mandrake7.2.
We did many tests... but everytime we put the Firewall in front of the DNS
server, we cannot access our Web sites from the inside, neither from the
outside world! Of course, we're doing port forwarding, NAT, etc.
Even when we eliminate all the rules, it still doesn't work! (So the
Firewall seems to configured correctly... at least for most of the things!)
We can access our web site by typing the normal IP address but not when
typing the URL.
Our internal network use 192.168.x.x, subnet 255.255.0.0.
Our (more or less) "DMZ" uses 192.168.3.x, subnet 255.255.255.0. (Since we
only have one firewall with 2 networks cards, it is not a real DMZ. However,
the DMZ is on a different switch than the internal network.
Both Servers (Exchange & DNS) have 2 NIC (one internal, one external).
Should we use a different address for our DMZ, such as 192.1.0.x, with
subnet 255.255.255.0 (instead of 192.168.3.x)?
Does it matter? Will it make a difference?
Do we have to modify our internal DNS (which runs on Windows 2000 Server)
for our internal network?
Do we have to wait a day or two for the change to take effect???
(Personnally, I don't think so, since no address have - officially -
changed!)
Is there a problem to put a DNS behind a firewall with NAT, port and address
forwarding or is it impossible?
(See below for the diagram of our setup!)
Thankx
Clement
-------------------------------------------------------
Clement Charest
-------------------------------------------------------
|_ _|
|_ EXTERN INTERNET _|
|________________|
|
|
eth1|
------------------------
| eth1 205.140.10.66 |
| eth1:0 205.140.10.67 |
| SubNet255.255.255.224 |
| |
| FIREWALL LINUX |
------------------------
| eth0
| 192.168.3.1
| SubNet255.255.255.0
|--------------|
|192.168.3.66| |192.168.3.67|
-------- -------
| DNS | | MAIL|
----| PROXY| | WWW |-------
| | | | FTP | |
| -------- ------- |
| 192.168.0.10 192.168.0.12 |
| SubNet 255.255.0.0 |
| |
___________________________________
| |
| INTERNAL NETWORK (USER) |
| SubNet 255.255.0.0 |
____________________________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
