Great Circle Associates Firewalls
(February 1993)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: e-mail behind a firewall
From: gjkriger @ gjk . OCUnix . on . ca (George J. Kriger)
Date: Thu, 18 Feb 1993 07:23:49 -0500
To: Firewalls @ GreatCircle . COM
In-reply-to: <9302170900 . AA14416 @ mycroft . GreatCircle . COM>; from "Firewalls-Digest-Owner @ GreatCircle . COM" at Feb 17, 93 4:00 am

brent @
 GreatCircle .
 COM <Brent Chapman> wrote:
> Setting up multiple DNS servers is not difficult.  You set up the
> gateway machine to have a DNS server that only knows what you want the
> outside world to know.  You set up another DNS server on an internal
> machine that knows about all your hosts and forwards non-local queries
> to the gateway DNS server (via a "forwarders" line in the
> /etc/named.boot file).  You rig all DNS clients (via their
> /etc/resolv.conf files), PARTICULARLY including those on the gateway
> host, to talk to the internal server.  If a client (even on the
> gateway) asks a question about an internal machine, it gets the answer
> from the internal server.  If a client (internal or gateway) asks
> about an external machine, the internal server forwards the query to
> the gateway server, then forwards the response back to the client.  If
> somebody out on the Internet asks something, however, they can only
> get back what the gateway server knows (which isn't much).

-	Will this work if the gateway server is a dual homed host configured
not to forward packets (IPFORWARDING=-1) [I can't see why not, but I
thought I'd check].

-	I like the setup above, but suppose that I don't have the resources
to set up the internal DNS server immediately.  Can I set things up so
that internal hosts can get/send mail from/to the gateway, and still
not reveal the internal hosts when the gateway is queried from the
Internet ?

gjkriger @
 gjk .
 ocunix .
 on .
 ca (George J. Kriger)

Indexed By Date Previous: bug in Sun's itelnetd?
From: shj @ ultra . com (Steve Jay {Ultra Unix SW Mgr})
Next: Re: e-mail behind a firewall
From: lars @ spectrum . CMC . COM (Lars Poulsen)
Indexed By Thread Previous: Re: e-mail behind a firewall
From: Brent Chapman <brent @ GreatCircle . COM>
Next: Re: e-mail behind a firewall
From: lars @ spectrum . CMC . COM (Lars Poulsen)

Search Internet Search