Re: [cobalt-users] Mail Exchange in DMZ

["Colin J. Raven" <cjraven@xxxxxxxxxxx>]

On Sun, 8 Apr 2001, Jeff Jensen wrote:

> To answer Colins questions:
> 
> a) The DNS is hosted by a 3rd party.
> b) The two Raqs are two seperate domains, they don't have anything to do
> with one another.
> 
> I just tried from another machine in the DMZ (NT box) to look up the main
> site on each of the RAQs in a browser. I can see the correct external IP is
> resolved but the browser also times out after a while.  So it's not just a
> mail problem. So I think it's a firewall problem.

Jeff, *please* (please!) bottom-post from now on? You're likely to run
into some noise if you don't. Advice only.

A few basic steps:
1. Can you ping each box from outside the firewall? 

2. Can you (again from the outside) ssh/telnet to the boxen (which ports
are blocked is where I'm going here) specifically, can you;
telnet to ports 80 (http) 25, 110 and any other ports which you believe to
be open?? and to *either* or *both* boxen????

3. Can you do any/all of the above from inside your firewall as well?

4. Are "A" and "MX" records set up properly for each machine at your DNS
provider?

5. Do you have access to your firewall ruleset(s)...if yes, don't post
'em, but see if you can figure out what the firewall vendor put in there.

You may have done some/all of these, but from bitter experience I've found
that if you stare at a problem for a long time it often becomes more, not
less complex.

I'm no firewall guru, but the last one I set up taught me a lot
of basic steps towards solving problems like this one...or at least a
decent start point.

Regards,
-Colin
--
Colin J. Raven
Linux Registered User #82296
Sun Apr  8 13:34:01 EDT 2001
  1:34pm  up 39 days, 17:05,  5 users,  load average: 1.09, 0.98, 0.01