ISDN DoD LAN router, MS Exchange Server, Linux?

ISDN DoD LAN router, MS Exchange Server, Linux?

Post by Joe » Mon, 10 Jul 2000 04:00:00



Has anyone tried this before?

I have a client with a small NT4.0/Exchange Server network which
currently dials up once an hour via an ISDN card in the server to an
SMTP server at their ISP.

They are considering using other internet services, and I think a Linux
firewall/NAT/web proxy would be the way to go. Nobody seems to have much
good to say about the MS products.

On the other hand, while I've dabbled with Linux, I'm not a Linux guru,
and don't really have the spare time to become one. I've just spent
fif* to twenty hours on a new Debian installation at home, and can
now use my network card and can play Windows wavs on my AWE32. I
haven't yet managed Linux wavs or MIDI. The thought of switching the
ISDN card to a non-Red-Hat Linux box and making it work is not a
pleasant one.

I do have a 3Com ISDN Dial-on-Demand LAN router laying around, and this
would seem to offer the most straightforward solution. If I can get
email working, I can sort out web access at a later date. I presume I
need to run a Linux mail server, send mail to the DoD router using cron
to keep the bills down, but somehow persuade Exchange Server to talk to
the Linux mail server by ethernet rather than over a ppp link.

I can't find anything in my ES literature on using another local SMTP
server for outside mail (that's what ES is, after all). Configuration of
the ES mail delivery and collection seems to assume either a dial-up ppp
link, or permanent connection using a DNS server. What I actually need
is for non-local mail to be sent to the Linux mail server to hold for
scheduled delivery.

I can see no point in asking on the MS groups about Linux, but does
anyone here have any experience of routing ES via Linux?
--
Joe

 
 
 

1. Firewalling a Local Area Network with routers, MS Exchange, MS Proxy and LINUX.........

Dear all,

I wonder if someone could offer some advice?

Let take a second to explain the network topology we have here - briefly:

Single subnet LAN - comprising NT network with the odd bit of Novell kit.

Our comms machine runs MS Exchange 5.5 and Proxy 2.0 (it also has RRAS for
VPNs but this doesn't work because of the router listed below).

This comms machine is multihomed (I believe this is the term for 2 network
cards) The internal network as above and the external network connects to a
CISCO 760 series ISDN router. This machine is the BDC - the seperate PDC is
also the internal DNS server.

Currently, all internet access works fine via the router. This is using port
address translation to hide all internal IP addresses and present as one.
Exchange happily fires off through the link too - and when connected - our
SMTP feed pushes into the Exchange server. We have 'firewalling' set up on
the router and with MS Proxy.

There are two issues I want to raise.....

1. One problem we have is that MS Exchange brings up the ISDN link every
time an externally destined email is sent - and I don't believe it is
possible to get Exchange to hold the outbound mail and fire it off at
predetermined intervals. This is costing us a fortune.....  We send large
amounts of externally bound email - all quite small - but with the ISDN line
being brought up very often, you can guess what the bill is like (5-10 sends
per hour). When we used modems, this could be achieved because Exchange used
RAS connections which could be limited to 'batch' dial-outs. This no longer
is true for the router setup.

2. We have an ISDN modem which I daresay we could use instead of the router
to give us limited dial-out but then we become reliant upon MS Proxy
firewalling as we loose the router. Is MS Proxy secure enough? (Seriously
please Linux boys and girls :-) )  And will Linux provide the internal IP
address 'hiding' - presenting one address to the outside world? Should we
drop a linux box in between the MS-Proxy/Exchange and the ISDN? Is this hard
to administer/setup as a dedicated firewall.

We want to set up a system with http. ftp etc initialed dialout (MS Proxy)
but not by email (MS Exchange) which we can fire off every couple of hours
or so (We have a batch file which can do this in reverse in order to recieve
our mail).

We need it to be secure (!) or should I say as secure as possible... and it
would be cool if we could get VPN too (MS RRAS flavor) via the ISDN modem as
the router will not handle the encapsulation properly.

Oh and finally, the funds available are very limited, so a big
UNIX/commercial solution is probably prohibitively costly.

All ideas welcome.

Ta everyone

S

2. vnc differences between 7.1 and 7.3

3. Linux Firewalls, MS Proxy Server and MS Exchange Server

4. Problem installing RedHat 4.0 on Thinkpad 760ED

5. caching-dns and isdn-dod-router

6. Window manager freezes machine in Caldera 1.3

7. HELP: MS Exchange getting mail from Qmail and dialup ISDN.

8. Posix Thread Compatibility

9. Linux and MS Exchange Server

10. HELP: Linux replacement for MS Exchange server? $

11. Forwarding Linux mail to MS SMTP/Exchange server

12. Linux client to MS exchange server