RE: [leaf-user] Mail Server / DNS server behind Dachstien firewall

Tue, 09 Dec 2003 09:12:41 -0800 

OK, but it is my observation on this (approx. 2 year old) version of
Dachstein that if
I use *both*
INTERN_SERVERS="tcp_${EXTERN_IP}_domain_192.168.x.y_domain 
udp_${EXTERN_IP}_domain_192.168.x.y_domain"

*and*

INTERNAL_WWW_SERVER=192.168.x.y
INTERNAL_SMTP_SERVER=192.168.x.y
INTERNAL_IMAP_SERVER=192.168.x.y

that the INTERN_<blah>_SERVER stmts prevail, and whatever port
forwarding that is intended by the INTERN_SERVERS stmt is lost.
Of course, I could put all the port forwarding on the INTERN_SERVERS
stmt. 
Also, it was my typo on the EXTERN_TCP_PORT stmts, they are numbered
0,1,2.

Thanks very much Charles!! I will give it a whirl.
Rick.

P.S. --- The other alternative I thought of was using tinydns, but I am
not sure that this is available on a floppy boot.  I could see if I can
build a custom 1668KB boot floppy that it would fit on, but not sure if
that will work...




-----Original Message-----
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 09, 2003 10:26 AM
To: Tibbs, Richard
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Mail Server / DNS server behind Dachstien
firewall


Tibbs, Richard wrote:
> My question is this:
> 
> Are there other "legal" forms of the INTERN_<blah>_SERVER statements 
> that accomplish port forwarding? I am thinking I need a statement 
> like:
> 
> INTERN_DNS_SERVER <internal IP of WIN2003 box> to obtain appropriate 
> port forwarding for tcp/udp port 53.

No...you need to use the INTERN_SERVERS variable, along with opening the

appropriate ports.

> I have tried using the generic form of port forwarding via lrcfg of 
> network.conf, e.g.
 >
> INTERN_SERVERS "quoted list of stuff" in conjunction with the above 
> mentioned statements, but it doesn't seem to work -- even with the 
> stock EXTERN_IP variable in place.
> 
> My basic config is
> 
> CONFIGDNS=YES
> eth0_IPADDR = <static ip> 
> eth0_MASKLEN=26 
> EXTERN_DHCP=NO 
> EXTERN_TCP_PORT0 "0/0 www" 
> EXTERN_TCP_PORT0 "0/0 smtp" 
> EXTERN_TCP_PORT0 "0/0 imap" 

This is an indexed list...you need to increment the index, like so:

EXTERN_TCP_PORT0 "0/0 www"
EXTERN_TCP_PORT1 "0/0 smtp"
EXTERN_TCP_PORT2 "0/0 imap"

> INTERNAL_WWW_SERVER=192.168.x.y
> INTERNAL_SMTP_SERVER=192.168.x.y
> INTERNAL_IMAP_SERVER=192.168.x.y
> 
> and according to weblet I have port forwarding active for all three 
> services.

In addition to the above, to port-forward DNS, you'll also need the 
following:

EXTERN_UDP_PORT0 "0/0 domain"
EXTERN_UDP_PORT3 "0/0 domain"

INTERN_SERVERS="tcp_${EXTERN_IP}_domain_192.168.x.y_domain 
udp_${EXTERN_IP}_domain_192.168.x.y_domain"

Replacing 192.168.x.y with your actual internal IP, of course.

-- 
Charles Steinkuehler
[EMAIL PROTECTED]




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to