My personal advice is to keep the box internal behind a firewall. This is not a necessity, however. Your goal is to have it accessible inside and out and if NIS+ and all this other stuff is on it, keeping it inside is a good thing. You can port forward back to it. Or, if you wish to build a separate machine for mail, you could let it stay outside and running firewall rules on it and only open mail ports. This would involve a separate box, however. If your mail server is going to have both an internal IP and an external IP, then you will need 2 nics to do it right. That assumes that your not going to use the router to forward ports, however. What you are wanting to do is not difficult. It just takes some preparation. Many on this list I'm sure, myself for example, are doing this very thing. I basically only use 1 external IP, though I've been given 4 from my ISP. I let forwarding do everything from my router. This makes things much simpler. None of my equipment requires 2 nics to do this.
<<JAV>> On Wed, 2003-03-05 at 03:30, Daniel Tan wrote: > do i need to have a router if my mail server itself is having the public ip? > this is my 1st time trying to configure a system to have a public ip so > might need some help on this. > do i need 2 network cards?? 1 for internal ip and the other for external ip > currently my mail server is filtering internal email address to be stored in > the server itself but external email addresses to be sent out to our isp > immediately upon receipt > i might need to reconfigure certain things there.. > is there anyone with this kind of experience before? > i am considering using my own dns...can i dump everything in to this server > (dns,sendmail....)? > ----- Original Message ----- > From: "nate" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, March 05, 2003 12:49 PM > Subject: Re: Help in managing own mail server > > > Daniel Tan said: > > > What are the things (concerns) that i should do to port the server over to > > my office? > > 1) From what i know, need to get public IP (which will then be opened up > > to everyone - insecure) > > only need 1 public ip. IDEALLY the mail server should have it's own > public IP but it's not required. you can port forward in from your > router provided the router has a public IP, very few ISPs put their > customers behind NAT at the ISP level ..though some ISPs don't allow > their customers access to their own routers.... > > > 2) Will need to learn how to install and configure firewall...blah > > blah.... > > if smtp is all your using, there probably won't be much for a firewall > depending on your setup ...the most basic setup can just put the > mail server behind a NAT box ..though of course this isn't the most > secure situation. > > > 3) Resolving of domain name think will still be at ISP except > > that i need to point to their nameserver (i suppose) > > yep, if your ISP is hosting your DNS then just have them point the > MX to you. It may be good to have them act as a backup MX incase your > connection is down. That way mail will still be accepted for your > domain(s), and will be re-delivered to you once your connection > comes back up. If your connection is reliable you probably don't > need this(I've run my email w/o a secondary MX for 5 years w/o any > problems, longest outage was about 3 days due to premature disconnection > by my telco) > > > 4) Any of concerns that i should know of...please let me know...gimme some > > input so i can let my manager consider the switch...thanks...need this > > a.s.a.p > > nothing specific. running a basic mail server is fairly simple. > > > > > red hat currently using sendmail and bind > > be sure your sendmail has that new patch ..and consider moving to > postfix/exim for better long term security. or qmail if that's your > thing(trying to avoid flamewar). If you have the time to stay on top > of patches(I do, seems more often people don't seem to though) sendmail > is probably fine. > > nate > > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
