Topic: Firewall and Microsoft Exchange

[John Sadie]

Question 1
========

I have installed an e-smith server as a proxy and firewall server connected to an ADSL line. The Internet Explorer works fine with e-smith as an proxy on port 3128.

But I cannot get Microsoft Exchange to work via the e-smith proxy.

I suspect I have to open port 25. Is this right, and how do I do this ?

Question 2
========

Also, I would like the e-smith server to be a firewall. My internal lan uses 10.0.0.X range on this side of the e-smith server, and 192.168.1.x on the internet side. I am able to successfully ping the adsl router on 192.168.1.254 from the 10.0.0.x side. This - to my mind - means that the e-smith server is not a good firewall. Am I correct. ?

Remark:
======

1. Although Linux software is usually free, I do appreciate that support is definately not. (I am a support person myself.) To pay the yearly subscription support fee is not justifiable for me, but I would be happy to pay something per incident, even if it is a referral to another question that another user has asked, that would answer my question.

2. e-smith is a fantastic product, and works EXACTLY like such a server should:

a) fast, easy, server setup in text mode.
b) all further maintenance from anywhere via a web browser, fron ONE statup screen.

This is - again - EXACTLY how a server should work.

3. To connect the above two points - I am happy now to deploy e-smith Linux  - specifically - in business scenarios, but would occasionally like some help.

I suggest a $10 /per question fee. This may sound low - but read on !.

After a month or two, the support people at e-smith could have built up a database with nearly all the answers. A user could then merely be pointed to a specific answer document reference for the $10 dollars.

A password could be e-mailed to this user, which will allow him to lookup his answer for his $10, and only his answer, and maybe an extra answer every 10 questions.

This way everybody can get affordable support, and the e-smith company will make lots of money - deservedly so!

[Charlie Brady]

John Sadie wrote:

> But I cannot get Microsoft Exchange to work via the e-smith
> proxy.
>
> I suspect I have to open port 25. Is this right, and how do I
> do this ?

You don't say what specific problems you have with Microsoft Exchange, and I don't know how the proxy might have anything to do with it, but your mention of port 25 suggests that you might want to use the delegated mail server feature. Read about it in the User Guide.

> Question 2 ========
>
> Also, I would like the e-smith server to be a firewall. My
> internal lan uses 10.0.0.X range on this side of the e-smith
> server, and 192.168.1.x on the internet side. I am able to
> successfully ping the adsl router on 192.168.1.254 from the
> 10.0.0.x side. This - to my mind - means that the e-smith
> server is not a good firewall. Am I correct. ?

No. In this case the fact that you can ping does not mean that the server is configured as a router - to forward packets, that is. The ICMP packets which ping uses are masqueraded by the server, rather than forwarded. The server still blocks inbound connections, and the pinging of internal hosts from the Internet side.

Your configuration with private network addresses on the internet side is unusual. I don't know how your network is reachable from the internet - it must be by some NAT feaure of your ADSL router. I don't know whether that will cause you problems in the future.

Regards

Charlie

[Luke Drumm]

Hi,

Just a small question (or two) regarding the 'individual incident' support issue, mainly directed at the happy e-smith people, but anyone else looking for a dollar may be interested.

Has this idea been discussed seriously at e-smith? While off the cuff contra deals with individual techs may be okay as a stop gap alternative, it's not exactly the most ideal situation.

Maybe something akin to what some ISPs offer such as a '$xx.xx for x days/hours of support per year with $xx.xx per hour after that' kind of deal?

Or to take it too a slightly higher level:

Imagine a web site, similar to Sun's Java bug parade, where people can submit (and maybe vote) for bugs to fixed. E-smith (, or individuals?,) can then submit a quote for fixing this bug (before the next release). The people who voted for the fix can then agree or disagree with the quote and opt in or out of paying for the fix.

The people who opted in for the fix, get it. The people who didn't, don't. If the fix finally gets included in the normal E-smith distribution, good-o, otherwise it goes down as a 'normal' bit of tech support and possibly up for bids again later down the track.

There's some issues surrounding the ownership of intellectual property of a 'fix' but I'm sure it's nothing that can't be ironed out as we go.

Basically, it becomes almost a like trading site where groups of people agree and pay for quicker software releases, technical support etc. The aim here would not be to 'auction' E-smith out of their rightfully deserved dollars. Mearly to effeciently organise the person/people on the recieving end of the fix.

Hmmm... come to think of it, I wouldn't mind trying to put together a site like this myself (as soon as my bandwidth permits it). First Dibs on the patent!

Luke

[John Sadie]

My Microsoft exchange server now works happily behind my e-smith server.

1. I used the delegated mail server feature in e-smith
2. Then configured the ADSL router to forward all incoming traffic to the internal lan basic IP address (x.x.x.0) network to the IP address of the network card in the e-smith server that is connected to the adsl router.
3. Then a clever unix friend of mine - Dick Vlaanderen - configured e-smith using the ipchains command, to forward all the Exchange traffic from the internet to my Exchange server on port 25, and to block all other ports, through the e-smith server.



I will send through the exact commands next time.