Port 53 has to be opened as TCP for zone transfers, and UDP for DNS lookups.
On Tue, 3 Dec 2002, Brent Canipe wrote: > Hey Thanks Steve, > define(`confDOMAIN_NAME', `home.canipe.org')dnl > This worked like a champ.. > > Thanks again, > > Since you had the answer for this one, and you are running basicly the same setup as >I am. > > DNS > right now I simply have Bind (named) bound to port 53 in named.conf > but that didn't work out entirly and I wound up forwading all request to another DNS >server. > insted of haveing master for any zones... > > I would like to be able to use this for master zones, etc insted of simply forwaring >request to an outside. > do you know of any good solution for this? > > Brent > P.S yeah i know this should be another subject. > > *********** REPLY SEPARATOR *********** > > On 12/3/02 at 3:54 PM Cowles, Steve wrote: > > >> -----Original Message----- > >> From: Brent Canipe > >> Sent: Tuesday, December 03, 2002 2:50 PM > >> Subject: Sendmail and firewall problem. > >> > >> > >> Hey Guys, > >> I know I'm not the only one that has run into this. > >> But right off hand I don't know how to fix it. > >> > >> I have a NAT filewall with a public IP address. > >> Behind the firewall is my mail server which has a > >> private ip address 192.168.80.30. The firewall is > >> set to pass trafic for certain ports to 192.168.80.30 > >> > >> That part all works fine.. > >> > >> The problem is my outbound e-mail. > >> since the mail is being reported as from a server with a > >> private address (192.168.80.30) it gets rejected by > >> other servers around the net because the address is > >> non resolvable. > >> > >> Is there a way to tell sendmail to report a differant > >> address? like my firwalls address? > > > >You can always configure sendmail to bind to another ip address (see the > >DAEMON_OPTIONS in your redhat supplied .mc file), but since your behind a > >NAT'd firewall I think your only option would then be to implement a proxy > >arp solution (versus NAT). > > > >You can also change the FQDN that sendmail announces itself as during the > >EHLO handshake by changing the $j macro definition in your .mc file. i.e. > >Change it to match the FQDN of your firewall's public IP. EX: > > > >define(`confDOMAIN_NAME', `mail.mydomain.com')dnl > > > >FWIW: I have an identical network design as yours. e.g. My sendmail server > >is NAT'd behind a linux based firewall. I have NOT experienced the > >reporting > >problem you describe by remote MTA's. Yes, the first hop e-mail header > >contains a 192.168.x.x address (look at the header of this e-mail), but my > >public IP address of my firewall is reported during the EHLO handshake with > >the remote MTA. So far (over 4 years) I have not had an MTA reject an > >e-mail > >from my server. > > > >Are you sure this is not a DNS problem (like reverse lookup)? > > > >Steve Cowles > > > > > > > >-- > >redhat-list mailing list > >unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > >https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list