OT: Setting up a forwarding mail domain in DMZ without pinhole.
Sanjay Arora
skpobox at hotpop.com
Sun Aug 22 17:02:17 UTC 2004
On Sun, 2004-08-22 at 21:08, Gary Allen Vollink wrote:
> I've been following this thread through the archives, and while a
> great deal of your requirement is that you don't want to create a
> pin-hole. It occurs to me the that you (or someone else following
> this thread, looking for a similar solution) may not know that it's
> possible to open directed pin-holes - an opening on a firewall that is
> only accessible from a single IP address. This in conjunction with a
> non-standard SMTP port set-up (say port 2525), and you've got full
> function SMTP without the need to set up a laborious batch-transfer.
>
> For details on how to set up a directed pin-hole, look at the Fedora
> (and RedHat 9) NTP time sync. Under Core 2 : /etc/rc.d/init.d/ntpd
> start reading at line 67.
Thanks a lot Gary...I will start reading it up. It could be the thing I
am looking for. But for argument Sake:
- What are the risks associated with Directed Pinholing?
- I assume as IPs can be spoofed but in that case cannot be routed back
to the hacker, unless he has gotten root access on the DMZ server and
has setup a reverse proxy of some sort? Especially, as the DMZ
mailserver is in private address space 192.168.x.x and the firewall is
port forwarding the smtp & http packets.
People, please comment on this option.
Thanks again. Gary....this could solve another problem area regarding
setting up RDBMS in Green for Web-server in DMZ.
Sanjay.
More information about the fedora-list
mailing list