Date: Tue, 22 Jun 1999 12:34:04 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Joe Konecny <jkonecn@green-mfg.com> Cc: FreeBSD List <freebsd-questions@FreeBSD.ORG> Subject: Re: Need help with internet setup. Message-ID: <Pine.BSF.4.10.9906221226290.99084-100000@resnet.uoregon.edu> In-Reply-To: <376F8F15.A098F3B9@green-mfg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Jun 1999, Joe Konecny wrote: > I have fbsd 3.1-release running ipfw and natd to supply > my Netware lan with internet connectivity. I am connected > to the net via ADSL. I have several static ip addresses > and can get more if I need them. Right now my provider > is doing dns, pop3 and web services. I have a domain > name registered. (green-mfg.com) I want to take over > dns and pop3 at my site. I am not sure how to set this > up as far as the network is concerned. > > 1. Can the dns and pop3 server run on the fbsd box given > that it IS the firewall? It seems to me that any services > running on that box won't have protection of the firewall. > I can run another fbsd box with pop3 and dns if that is what > it takes. Additionally I would like to run apache at some > time in the future. Yes, absolutely. I set up a box yesterday with exactly this configuration. Here's how to do it: 1) Since you're running behind natd, you don't need to have any more public names than you already have (www.green-mfg.com probably). Your ISP can continue to administer the public DNS space. However, you _do_ want name lookup for the internal fakeIP network. You'll need to set up DNS on the firewall for that, then point all of your LAN clients at the firewall for DNS. This way, the gateway will substitute it's zone file for the public one. This is somewhat confusing, I know, but it does work. (Hint: this is a good time to implement DHCP!) 2) You will want to talk to your ISP about hosting mail on your gateway. Generally they have to set things up to route the mail appropriately. Since you're on by DSL, they can just move the MX pointer on green-mfg.com to point to your gateway. (The gateway will have to have a static address, but it sounds like you have that covered.) POP3 will Just Work once you move the mail accounts over. You'll have to reeducate your users to move their POP3 and SMTP server over to the gateway too. 3) You can apply firewall rules to the gateway's services. I'm not sure why you would want to do this, but IPFW sees packets before anything else does. This is missing some pieces but it's certainly a start. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906221226290.99084-100000>