> What you proposed is kind of the thing I had in mind. Instead of all the > forwarding rules I use "echo 1 > /proc/sys/net/ipv4/ip_forward". Is the > additional checking you propose worth it? Even with the approach I proposed you still have to turn on ip_forward. If you're going to use multiple IP Addresses, somebody has to listen on all those addresses and the firewall is the right box to do it - that is its job. So then you set up appropriate DNAT, SNAT, and FORWARDing rules so the application servers only see traffic they are supposed to see. There are probably other ways to do it, but this is the way I use and it works well. Re: Postfix - I spent lots of time inside this book: Postfix, Richard Blum, Sams Publishing, 2001. I'll bet there's a newer edition out by now. - Greg -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Aleksander Sent: Tuesday, January 03, 2006 1:16 AM To: lartc@xxxxxxxxxxxxxxx Subject: Re: Fwd: Several IP's, one mail and http server Greg Scott wrote: >I wish! I've run across places that seem to check that the reverse DNS >matches the forward DNS name. I've seen it with Comcast and I gotta believe there are others doing it. It is a pain for me because I have to consume a precious IP Address for each email domain I host here. It may be possible that the big hosters know about each other and make special arrangements with each other to which little ol' me is not privvy. If anyone out there has any connections with the Comcast DNS people, I'd love to talk to you about this and other issues - but we're straying off the original topic. > >- Greg > > My mailservers will have their own reverse. ATM they don't and work fine too. It's not an issue. Sorry to hear you have to mess with that. What you proposed is kind of the thing I had in mind. Instead of all the forwarding rules I use "echo 1 > /proc/sys/net/ipv4/ip_forward". Is the additional checking you propose worth it? So the question, if I have to create virtual interfaces on the internal box should be answered "YES, that's the only way"? Have you had experience setting up postfix to work on several interfaces? I have an idea, how to make apache work, quite familiar with virtual hosts, but not postfix. It's not really a topic for this list though. Thanks, Alex Note: I seem to be missing the the first email of Greg, the one Robert quoted. No idea why, there's even no spam filtering at my end. Found it in the archives anyway. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
