Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: DungaBee on July 18, 2008, 04:50:00 PM
-
Hi All. I have a quick question. My SME is used for a local file server at my office. We are connected to our corporate WAN using a separate firewall via IPSec VPN. My config is:
- DHCP is given out by firewall and lists SME as primary DNS and firewall as secondary in case SME was down.
- SME has ourdomain.com set up as its domain
- I have our corporate active directory server set up as the Corporate DNS server. The server is on the other end of the VPN tunnel.
- I have the domain settings in SME set up to use the corporate DNS settings for the domain
What I want to happen is that:
- For all DNS requets for ourdomain.com the request would go to the corporate AD server via the tunnel so we get the local IP for all resources on the WAN.
- But, I DO NOT want all DNS requests to go out via the tunnel since that creates added traffic in the tunnel. So, if someone hits www.google.com, I want SME to resolve that itself, presumably via the ISP DNS servers or the local firewall which has the ISP servers entered in to it.
Is my config correct or do I need to do added config to make it work like that?
Thanks much.
-
how is your VPN done what sort of hardware is SME in server gateway mode is just server only mode
so with you AD windows server do you use mapped network drives or is it just a web port whole do you use special vpn client software like cisco use could you give a rough lay out of you network in the office
-
The network looks something like this:
Corporate HQ ---IPSec VPN---Snapgear FW---Local LAN---SME (Server Only Mode)
There is no VPN software in use. The Snapgear at my office connects to the Cisco FW @ the corp office to form a persistent VPN.
My main concern is not having all DNS queries go through the tunnel and create unnecessary traffic in the tunnel and @ the corp office.
We do access shares on the AD and other corp servers via the VPN so we need to always get the private IP of our servers on the LAN/WAN.
-
if you dont have a corporate webpage though the vpn in the web browers on the local pc just put the the sqiud ip address say you sme server was 192.168.0.5 you would put in 192.168.0.5 port is 3128 then tick use the same proxy server for all protocols then that should bypass the vpn and use sme for all web stuff
hope that helps
-
I think you misunderstand my issue/question.
I want only DNS requests for resources on our domain to go through the tunnel. If people are requesting non domain DNS resolution for web, ftp, etc traffic, that should be handled on our side of the tunnel and not sent through the tunnel for the AD server to give us the answer on how to find www.google.com.
Does that make sense?
-
what i said are there any web sites accessed on the local AD network if not then use squid it should not use the vpn tunnel and only the sme server
when you talk about DNS requests is that only shared files also do you use exchange as well on the windows AD server
as i said if there is not web page access on the windows server then squid should do the trick but if there is some one else here on the forums will need to help out here as i am not sure how to do what you want but if it is just a domain controler that has no web sites squid should do the trick and direct all web triffic though the SME server ftp and https as well
do you use IIS on the windows server at all like hosting web sites on it or just a AD domain server to share files and such