Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Jean on June 19, 2003, 05:48:57 AM

Title: gateway mode on single nic
Post by: Jean on June 19, 2003, 05:48:57 AM

Is there a problem with configuring sme5.5 in gateway mode using a single nic?  The scenario is:

There are 2 subnets in 2 locations.

Location A has server A which is the main email server.  Server A is behind a firewall and accepts SMTP connections only from server B.

Location B has server B which forwards all emails to server A.  Server B is not behind a firewall, connecting directly to a router.

In order to give server B some protection, I am thinking of configuring it as a gateway server, then allow only SSH & SMTP.  Trouble is, it's a single nic PC and sme config wants to assign 2 addresses to the same nic.  If the 2 addresses consist one routable and one non-routable, is this server not protected since only SSH & SMTP will come in thru the routable address and nothing thru the non-routable address since it isn't routable to begin with?

It's kind of difficult to explain why I need to do this, but it has to do with the way our subnets are laid out in different buildings.  I ran several searches on this forum, but came up empty.

Any and all input appreciated,
Jean

Title: Re: gateway mode on single nic
Post by: Jon Blakely on June 19, 2003, 01:24:03 PM

At the price of NIC's these days I would just install a second NIC and not use it.

Jon

Title: Re: gateway mode on single nic
Post by: Jean on June 19, 2003, 08:51:01 PM

Duh...  Guess it takes someone else's perspective to cut thru the convoluted thinking.  Off, to rummage for another nic...

Jean

Title: Re: gateway mode on single nic
Post by: ryan on June 20, 2003, 10:03:51 AM

Consider setting up an IPCop server as a firewall/router and portforward your email ports to SME.  Run SME as server only on the lan.

ryan

Title: Re: gateway mode on single nic
Post by: Jean on June 20, 2003, 11:06:27 PM

Any particular reason why you like IPCop?  Unless IPCop is really nice, I don't want to customize this particular sme box.

Jean

Title: Re: gateway mode on single nic
Post by: ryan on June 20, 2003, 11:19:29 PM

Jean,

Yes, I like IPCop for the default services it offers out of the box.  IPSEC VPN that is easy to setup and configure, port forwarding is easy to use, and it's firewall has DMZ capability for more flexibility.  I just found that SME addons such as IPSEC VPN and Port Forwarding often have problems with the latest SME release.  Keeping SME stock is saving me a lot of time and frustration.  I still use several SME servers, but they reside behind IPCop or on the DMZ.  

IPCop is only a router, no users, no email, no file and printer sharing, etc...but it does its default functions well right out of the box.  Plus, it runs on older hardware without problems and the download is tiny compared to SME.  

ryan

Title: Re: gateway mode on single nic
Post by: Jean on June 20, 2003, 11:31:02 PM

Okay.  I'll give it a look.  In this instance, I need a single box solution.  But, for the future, IPCop could come in handy.  Thanks for the suggestion.

Jean