Great Circle Associates Firewalls
(October 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re[2]: Exchanging mail between to parts of domain with same
From: lresch @ nswc . navy . mil (Larry Resch)
Date: Thu, 24 Oct 1996 13:37:57 -0400
To: <kristiansen @ un . org>
Cc: firewalls @ greatcircle . com

     That is what we currently have, including the actual IP for the mail 
     relay outside our firewall.  We have been able to get mail to go to 
     the relay by modifying our sendmail.cf (?) -- we found a variable that 
     specifies an MX address in case of host resolution failure.  Our 
     problem right now is trying to get mail from inside the firewall to 
     others in our domain that is outside our firewall - the firewall 
     catches it, sees that they are not authorized to receive mail inside 
     the firewall and returns the message to the sender (us)....
     
     Firewall List -- please respond directly to me since I am not 
     subscribed to the list at this time.  Thanks.
     
 
+----------------------------------------------------+
|                    Larry Resch                     |
|               lresch @
 nswc .
 navy .
 mil                 |
|                                                    |
| My thoughts are mine alone, and do not necessarily |
|   reflect the thoughts of those for whom I work.   |
+----------------------------------------------------+



______________________________ Reply Separator _________________________________
Subject: Re: Exchanging mail between to parts of domain with same nam
Author:  <kristiansen @
 un .
 org> at Internet
Date:    10/24/96 10:54 AM


Larry,

I think you have to have an internal DNS that contains your correct IP setup, 
and then make your Gauntlet with your registrerd DNS domain resolve against this
DNS for entries that are not in the outside DNS.
     
     I am not 100% certain but I think this would be my approach.
     
     -Eivind.
     
     
______________________________ Reply Separator _________________________________
Subject: Exchanging mail between to parts of domain with same name
Author:  Bernard Adams at UNHQ8
Date:    10/22/96 8:28 AM
     
     
    The following messages is off yesterday's Firewall Digest.
     
    The description of trusted/untrusted networks in the same domain sounds 
    like us and this might be something we need to do in the future.
     
    Any thoughts on how it could be done?  Please include Larry Resch in 
    reply.
     
                                 Hog Farmer
                                 Tropical Hog Improvement Programme
                                 United Nations, New York
     
    ----------------------------------------------------------------------
     
Mon, 21 Oct 96 7:47:25 EDT
From: lresch @
 nswc .
 navy .
 mil
Subject: Guantlet Firewall
     
  I have a specific question about the use of the Guantlet
firewall.  We have the firewall protecting our internal 
network from the protected network of our organization and we 
are trying to pass mail through the firewall.  Our registered
domain name is the same as the organization (inside we are using 
unregistered/unroutable IPs ....) but we seem to run into the snag 
that if we use the registered domain for accepting/forwarding
mail from our internal gateway to the organizations mail relay, 
the mail gets bounced back to us by the firewall -- it seems that 
the firewall doesn't know that mail addressed to the organization
from the inside should be let out and that mail addressed to us/the 
organization from the outside should be let in....
  Does anyone know of a way to have the firewall pass mail from the
outside (ie forwarded by the mail relay) to our internal mail 
gateway and to pass mail from the inside to the mail relay 
independent of the address?  (Right now we are using a 
different domain name for our firewall so it can distinguish
the inside/outside mail -- but the mail relay does not recognize 
the name and drops the mail ....  grrrrr)
  Thanks for any assistance, sorry for any wasted bandwidth...
     
+----------------------------------------------------+ 
|                    Larry Resch                     | 
|               lresch @
 nswc .
 navy .
 mil                 | 
|                                                    | 
| My thoughts are mine alone, and do not necessarily | 
|   reflect the thoughts of those for whom I work.   | 
+----------------------------------------------------+
     

Indexed By Date Previous: guantlet and ms sequel server
From: kfrisco <kfrisco @ shrike . depaul . edu>
Next: Re: secure VPN software ?
From: Chris Carlson <carlson @ cycon . com>
Indexed By Thread Previous: guantlet and ms sequel server
From: kfrisco <kfrisco @ shrike . depaul . edu>
Next: Re: SSH and proxy firewalls
From: Ken Hardy <ken @ bridge . com>

Google
 
Search Internet Search www.greatcircle.com