> I've setup a network with my own domain. Currently I have only one static > ip. So I am using openbsd and ipnat/ipf to act as a firewall/masq for the > rest of the network. The firewall passes on requests with a destination port > of 25(sendmail) to the internal mailserver that has a fake ip of > 192.168.1.5. ssh connections are beeing passed to 192.168.1.5 and so on. If > you telnet to anyone of these ports that the firewall allows and passes on > in you can see that the firewall is doing its job and get a connection. > > Now, I have three namservers setup. One namserver resolves for the real ip > and the domain schism.org so the outside world can hit www.schism.org, > ftp.schism.org, etc. The other two are internal namservers, one primary one > secondary. They resolve ips for machines internally. I had to do it this way > because if i used the other www.schism.org would resolve to real ip/ip > outside firewall interface rather than to 192.168.1.5. So you wouldnt be > able to connect to www.schism.org internally. Actually you could but I have > many services running internally that the firewall denies for good reason, > and wouldnt be passed back in by the firewall. Whereas if its resolved > within the network its never processed by the firewall. This is the only way > I have figured to do this other than have some third party resolve > schism.org for me, which I do not want. > > Here is the problem. When I try and sendmail to say > [EMAIL PROTECTED], the mail is passed through the firewall and I can > see that it made it to the mailserver through tailing /var/log/maillog. But > the connection is then deferred by agares.schism.org which is my internal > primary nameserver. So what I think is this: > > mail.schism.org resolves to real ip of outside world with primary real > nameserver. The ip of course is resolved to the only one I have with dhcp > the ip of firewall. firewall then passes it along to 192.168.1.5, > astauroth.schism.org (mailserver) sees that it was passes to it but has the > domain name mail.schism.org and requests a lookup from > agares.schism.org(internal nameserver). agares should then respond > mail.schism.org is an alias for astauroth.schism.org and the mail should be > processed by the mailserver. but it doesnt. Below is the message I got back > after sending the mail. And similiar to /var/log/maillog. > > I hope this made sense, i've written it out rather quickly. Does anyone know > what the problem is? > > > ----- Original Message ----- > From: Mail Delivery Subsystem <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, June 20, 2000 10:55 AM > Subject: Warning: could not send message for past 4 hours > > > > ********************************************** > > ** THIS IS A WARNING MESSAGE ONLY ** > > ** YOU DO NOT NEED TO RESEND YOUR MESSAGE ** > > ********************************************** > > > > The original message was received at Tue, 20 Jun 2000 06:35:54 -0500 (CDT) > > from manchaca.ece.utexas.edu [128.83.59.38] > > > > ----- The following addresses had transient non-fatal errors ----- > > <[EMAIL PROTECTED]> > > > > ----- Transcript of session follows ----- > > <[EMAIL PROTECTED]>... Deferred: Connection refused by > agares.schism.org. > > Warning: message still undelivered after 4 hours > > Will keep trying until message is 5 days old > > > --------------------------------------------------------------------------- Send administrative requests to [EMAIL PROTECTED]
