Given the following configuration:
OUTSIDE <---> BASTION <------+-----------(LAN)-------+----------
| |
MAIL HOST OTHER HOSTS
Firewall is set up with split DNS (bastion advertises only its own name/address;
internal DNS maps LAN hosts; resolv.conf on bastion points to internal, which
thinks the bastion is a root server and also uses FORWARDERS to the bastion DNS
for resolving external names).
What I want:
1. All mail coming in to the domain goes to mail host (this almost
works--sendmail complains about local configuration error, which sendmail books
say nothing about).
2. All mail going OUT needs to go through the BASTION host since internal
machines don't have connectivity to the Internet except via bastion proxies..
The original plan was for everything to go to the MAIL HOST and then to the
BASTION host, but I'd settle for getting all outgoing mail to the BASTION
host at this point.
Please reply to me directly, as I know this is a FAQ; I've read through my
4000+ firewalls posting archive but haven't found anything specific enough to be
useful; For reference I'm running BSDI BSD/386 UNIX v1.1.
Andy
|
|
