>From what I'm seeing, my solution goes as follows: 1. Assumption: You have only one Public IP to route. (If so, how could you have different MX records for each domain??). 2. DNAT port 80 to the new server and let port 25 DNAT to the MS Exchange server.
3. On the exchange server route all mails for the new domain to the internal IP using SMTP forward/Smarthost facility. Mohan >I don't remember the details of your setup from your prior postings, and >you tell us too little here to get good advice. I make some very basic >comments below. > >I am assuming that the Dach router is NAT'ing a single IP address, either >with or without a separate DMZ. If you have multiple, routable IP addresses >available, then the routing problem is trivial, so I ignore that possibility. > >At 03:47 PM 6/5/2003 -0700, Chris Low wrote: >>This list was a great help when I was trying to get a Dachstein firewall >>up and running a few months ago. Now I've got another question I'm hoping >>can be solved here. >> >>We're thinking of ways to run a second email server for a different >>division in our company in addition to our main Exchange 2K server. This >>second server would only host email for people in the field who need >>webmail service, nothing else so we want to keep it separate from the main >>server. > >"host email" is too vague to tell me what traffic has to go to this server. >Please be more descriptive. > >>1) Can Dachstein be set up to take in traffic for both and then route it >>correctly? > >With only one IP address available, any particular port can only be >forwarded to one host. So if this second server needs to run any services >that duplicate what the first server already does, they will have to run >(at least to the world outside the router) on non-standard ports. This is >not undoable, especially if the server needs to be accessible only to your >field staff, but the details will depend on exactly what services the >second mail server needs to offer. > >>2) What are some options to set this up? >> >>3) what else do I need to think about? > >Can't really answer these until I better understand the requirements. > >>FYI here's our setup: >>ISP takes care of MX records then routes the email to us. > >This is unclear. Your MX record seems to indicate that mail addresses to >[EMAIL PROTECTED] actually gets directed to the server >staffofhope.org (12.168.32.52), with mail.staffofhope.org a phony backup to >it (phony because it resolves to the same IP address). > >>T-1 line hits a router provided by them then sends port 25 traffic to the >>Dac firewall. >>The Dac firewall is set to port forward it on to our Exchange server. > >Probably what will need to happen is that all incoming mail will still need >to go to a single mail server, which for now I'll assume will continue to >be the Exchange server. That server will forward incoming mail for your >field workers to the new server. There they will get it however you set up >(Web interface, I gather). > >If they need to be able to **send** mail fro the field through your site >... well, the second server can probably be set up to handle that ... >either run an SMTP server on a non-standard port (but authentication will >still be tricky), or have them access the server over a VPN tunnel, or ... >well, I'm not sure what the other possibilities are offhand. > >>The second email server doesn't need to run Exchange so please make >>reccommendations on that as well. > >Unless it will be a Linux server, I doubt you can get much advice here. >Even on Linux, we're not a bunch of e-mail experts ... I imagine we all run >one of the standard SMTP servers (sendmail or exim, mostly). > >>If you need any more info to help just ask. > >See above. > > > > >------------------------------------------------------- >This SF.net email is sponsored by: Etnus, makers of TotalView, The best >thread debugger on the planet. Designed with thread debugging features >you've never dreamed of, try TotalView 6 free at www.etnus.com. >------------------------------------------------------------------------ >leaf-user mailing list: [EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
