Re: OT: Setting up a forwarding mail domain in DMZ without pinhole.

From: Sanjay Arora (skpobox_at_hotpop.com)
Date: 08/22/04

  • Next message: Barry Yu: "xine stops playing this web radio" 
    To: Fedora Core Mailing List <fedora-list@redhat.com>
Date: 22 Aug 2004 22:32:17 +0530

    On Sun, 2004-08-22 at 21:08, Gary Allen Vollink wrote:

    > I've been following this thread through the archives, and while a
    > great deal of your requirement is that you don't want to create a
    > pin-hole. It occurs to me the that you (or someone else following
    > this thread, looking for a similar solution) may not know that it's
    > possible to open directed pin-holes - an opening on a firewall that is
    > only accessible from a single IP address. This in conjunction with a
    > non-standard SMTP port set-up (say port 2525), and you've got full
    > function SMTP without the need to set up a laborious batch-transfer.
    >
    > For details on how to set up a directed pin-hole, look at the Fedora
    > (and RedHat 9) NTP time sync. Under Core 2 : /etc/rc.d/init.d/ntpd
    > start reading at line 67.

    Thanks a lot Gary...I will start reading it up. It could be the thing I
    am looking for. But for argument Sake:

    - What are the risks associated with Directed Pinholing?
    - I assume as IPs can be spoofed but in that case cannot be routed back
    to the hacker, unless he has gotten root access on the DMZ server and
    has setup a reverse proxy of some sort? Especially, as the DMZ
    mailserver is in private address space 192.168.x.x and the firewall is
    port forwarding the smtp & http packets.

    People, please comment on this option.

    Thanks again. Gary....this could solve another problem area regarding
    setting up RDBMS in Green for Web-server in DMZ.

    Sanjay. 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Barry Yu: "xine stops playing this web radio"