I can't give you an exact answer, but I can suggest that you run some kind of IDS or packet monitor for a couple of days/weeks, and monitor traffic at each interface. 'snort' would be my number one pick if you don't already have an IDS. Generally, snort isn't used as a packet monitor , but it has awesome logging features.
hope this helps thx, -robt Michael Steiner wrote: > > Hello to all! > > What I want to do: > Hiding a M$-Exchange-server behind a Debian-based firewall running > ipchains (with masqerading) and squid and ???. Here is my special > problem. > > What is the configuration: > Through an old little Cisco 1003 router the connection to internet is > done. > Then I run a Debian-Box with 2 interfaces. One for the DMZ and one for > internal net. In the internal net users are served by exchanger-server. > > What I tried: > Using sendmail as MTA to do the transfer between the DMZ and internal > net. > It was driving me creazy with all his antirelaying stuff. This can be a > problem of just not understanding the matters. > I've running in an other environment sendmail with virtual users and > masquerading of domains, serving several users through IMPA-server, but > as an endpoint in the transfer-chain. So some very basic understanding I > have how to handle sendmail. > > What do I need: > > 1. > I don't know what software I should run on the firewall to catch all > incoming smtp-traffic and deliver it to the internal net -> > Exchange-server and vice versa. The exchange server understands only > smtp. > > 2. > In which way should it be done ? > Installing an MTA (which one?)on the Debian-box or to transfer all > traffic directly to the internal net by forwarding(how to do this ?). > > Please can you give me some hints in which direction I should > investigate ? > I'm shure some of you have solved this problem already. > > Best regards > Michael > > -- > Michael Steiner, Minorgasse 35, A-1140 Vienna, Austria > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
