Find the answer to your Linux question:
Results 1 to 4 of 4
I have a firewall (RHat kernel 2.4.18-3 ) having 3 interfaces eth0 (internal ip 10.x.x.1) eth1 (dmz ip 192.168.x.1) eth2 (public ip say 202.141.98.22). my domain name is say abc.ac.in ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2006
    Posts
    2

    I cannot send mail originating from my firewall to the dmz network


    I have a firewall (RHat kernel 2.4.18-3 ) having 3 interfaces eth0 (internal ip 10.x.x.1) eth1 (dmz ip 192.168.x.1) eth2 (public ip say 202.141.98.22). my
    domain name is say abc.ac.in . I have a smtp server running sendmail in dmz network . For mail my DNS resolves to 202.141.98.22 which is DNATed to dmz SMTP server. I have requisite rules in my firewall to send the smtp trafic from eth0 and eth2. Everything works well . But when I send mail originating from the firewall to xyz@abc.ac.in (user on smtp server in dmz) it is not DNATed to the DMZ as the MX entry in the DNS point to 202.141.98.22 which is the firewall itself and maybe not reaching the nat tables. Can anyone help me to solve this

  2. #2
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,934
    You could try putting an entry in the /etc/hosts file on the firewall so that it (alone) thinks that abc.ac.in points to the dmz ip addres 192.168.x.1.

    I dont know if this would have any knock-on effects for other routing, however, so be sure to check it thoroughly.
    Linux user #126863 - see http://linuxcounter.net/

  3. #3
    Just Joined!
    Join Date
    Jun 2006
    Posts
    2
    Thanks Roxoff
    I tried this earlier but the MX entry in DNS point to my firewall .. It works if only I run a local DNS pointing to DMZ network and I think that may not be a nice way of solving it . is there any other way kindly help

  4. $spacer_open
    $spacer_close
  5. #4
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,934
    I thought a local DNS would be a good solution here, just a little complicated to set up and administrate. It would change the firewall's perspective about what the internet and the local lan look like, so it puts everything in your control. Just make sure that there is no way to access the DNS server from the outside (i.e. from the internet).
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •