Accessing internal servers thru firewall

Accessing internal servers thru firewall

Post by Thierr » Sun, 31 Dec 1899 09:00:00



my whole network (DNS, Mail, Web, FTP servers) is composed with private IP
addresses : 10.1.1.0
I've setup a firewall between the Internet and my network.

The mail server is running multiple domain (using vpop) so I've binded an IP
address for each domain.
I've done the same thing for the FTP server.

Everything is working perfectly locally.

Can I keep my private addresses or do I need official IP addresses for each
server and each virtual email domain ?

Thanks,
Thierry.

 
 
 

Accessing internal servers thru firewall

Post by Robert Marshal » Sun, 31 Dec 1899 09:00:00


Hmmm. I guess this depends on whether or not you intend these servers to
be available for internal use only, or for anyone on the Internet to
connect to.

If you only have one physical box for each protocol (that is, no more
than one e-mail server, no more than one ftp server, although mail and
ftp can be the same box), you can get by with one public Internet
address and portforwarding rules. If you have so many domains to serve
or so much traffic that you require a second e-mail server, or a seconf
ftp server, you will have to set up a DMZ on a registered subnet.

Internet
   |
   |
firewall ---- DMZ
   |
   |
private
network

The firewall would route (but not IP Masq) the traffic for the DMZ, and
would IPMasq the traffic for the private network.


> my whole network (DNS, Mail, Web, FTP servers) is composed with private IP
> addresses : 10.1.1.0
> I've setup a firewall between the Internet and my network.

> The mail server is running multiple domain (using vpop) so I've binded an IP
> address for each domain.
> I've done the same thing for the FTP server.

> Everything is working perfectly locally.

> Can I keep my private addresses or do I need official IP addresses for each
> server and each virtual email domain ?

> Thanks,
> Thierry.


 
 
 

Accessing internal servers thru firewall

Post by FunkyGee » Sun, 31 Dec 1899 09:00:00


 There _is_ a way around the web and ftp part of your problem keeping the
addresses you've got, but if you've based your mail server on multiple
domains by IP, then you'll need official IP addresses, at least for each
domain on the mail server. If you're going to the trouble of getting some
official IP's for your mail server domains, you may as well get some for
your FTP and web server too.
    If you've got private addresses, then DNS won't work properly in the
Internet wide scheme of things, because your machines won't have valid DNS
resolvable hostnames. Say your firewall machine is also your DNS server. Any
request coming externally to it for host.yourdomain.tld (assuming
yourdomain.tld is pointing to the fixed official IP of your firewall / DNS
server) will result in a return address of (say) 10.1.1.3, which won't be
routeable throught the Internet anyway.
If your DNS server is _inside_ your firewall, then it will have a private
address, and therefore will be inaccessable from the Internet.

In short, you need official IP's - ask your ISP if they can assign you a
range.


Quote:> my whole network (DNS, Mail, Web, FTP servers) is composed with private IP
> addresses : 10.1.1.0
> I've setup a firewall between the Internet and my network.

> The mail server is running multiple domain (using vpop) so I've binded an
IP
> address for each domain.
> I've done the same thing for the FTP server.

> Everything is working perfectly locally.

> Can I keep my private addresses or do I need official IP addresses for
each
> server and each virtual email domain ?

> Thanks,
> Thierry.

 
 
 

1. forwarding ftp to internal server thru firewall

Hi folks,

i have the following problem. I have a ftp-server on a privat network.
Now i want my linux router/firewall to forward all ftp request  to my
internal server. I use SuSE 7.0, Kernel 2.2.16 and the SuSE firwall
script.
I tried the following in firewall.rc.config:
FW_FORWARD_MASQ_TCP="192.168.1.2,192.168.1.42,21"

192.168.1.2 ist the device connected to the internet
192.168.1.42 ist the pc running my ftp server.
But this doenst work. Any suggestions what i should do to make it
work?

Thx in advance

alex

2. for loop

3. Cannot access server behind firewall from internal LAN

4. Setings for Diamond Stealth 64 and NEC XP17 monitor

5. WWW access thru "firewall"

6. Server Gopher

7. Passing Thru Requests to Internal Servers

8. Installation on laptop

9. Help on firewall ruleset for routing X (Exceed) thru the Linux firewall

10. redhat server won't route thru firewall

11. Help on firewall ruleset for routing X (Exceed) thru the Linux firewall

12. Accessing clients internal to firewall

13. How to browse internt thru' LAN's MS proxy server (also serving as firewall)