Re: [fw-wiz] Accessing a internal server from DMZ

From: Kevin Sheldrake (kev_at_electriccat.co.uk)
Date: 08/20/04

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Dumb newbie question"
    To: "jao silva" <gustavo_caeiro@yahoo.com.br>, firewall-wizards@honor.icsalabs.com
    Date: Fri, 20 Aug 2004 16:42:15 +0100
    
    

    Hello

    The Qmail in the DMZ must communicate with the internal LAN, mustn't it?
    How else do your internal users get their email?

    The following suggestions are based on the information you provided;
    without a statement of all your information requirements it's hard to
    provide an accurate answer. ;)

    Your LDAP server would probably be best in the internal LAN, mainly
    because I expect this to be where the primary clients will sit. What
    protocol(s) will Qmail require to communicate with the LDAP server?
    X.500? Microsoftisms?

    If your firewall is secure, and your servers are patched and properly
    configured then you should be fine having the Qmail communicating with the
    LDAP server; I'm assuming it already communicates with internal email
    servers or clients.

    If this all sounds mad then provide some more info and I'll have another
    go.

    Kev

    > Hello,
    >
    > I want to setup a authentication server using LDAP
    > that will be used both by Samba and by Qmail.
    >
    > However, Qmail is on the DMZ and Samba obviously is on
    > the internal LAN.
    >
    > Ideally, a DMZ should not be accepted to communicate
    > with an internal LAN.
    >
    > What should I do in this case?
    >
    > Regards,
    > gustavo
    >
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Tired of spam? Yahoo! Mail has the best spam protection around
    > http://mail.yahoo.com
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >
    >
    >
    >

    -- 
    Kevin Sheldrake MEng MIEE CEng CISSP
    Electric Cat (Bournemouth) Ltd
    -- 
    Outgoing mail is certified Virus Free.
    Checked by AVG Anti-Virus (http://www.grisoft.com).
    Version: 7.0.262 / Virus Database: 264.6.4 - Release Date: 19/08/2004
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Devdas Bhagat: "Re: [fw-wiz] Dumb newbie question"