[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] newbie question
 Date:  Wed, 31 Aug 2005 22:27:09 +0200 
What I do is running my own DNS with an agreement with another company
to be a secondary for there domain and vice versa. With this solutions
we don't need to have 2 different nets & uplinks while still providing
our own DNS.

J.

-----Oorspronkelijk bericht-----
Van: Chris Buechler [mailto:cbuechler at gmail dot com] 
Verzonden: woensdag 31 augustus 2005 22:21
CC: m0n0wall at lists dot m0n0 dot ch
Onderwerp: Re: [m0n0wall] newbie question

On 8/31/05, Chris Marcellin <canus at teksavvy dot com> wrote:
>
> 205.x.137.117 : static ip address for the wan link
> 205.x.140.116 /30, my subnet
> what i would like to do is this:
> have a DNS which is using a public domain name example.com, web and
mail
> server and clients
> after doing some research on monowall's maillist, i think i have come
to the
> conclusion that the best solution is a dmz which will have the DNS,
mail and
> web servers, and the lan hosting my clients

Overall I'd agree with this, but unless you really, really want to for
some reason, I'd avoid using your own DNS servers.  You typically get
free and solid DNS with domain name registration (and if not, transfer
to a registrar that does offer this).  Not to mention they'll give you
a primary and secondary, and if they do things right they'll be on
separate /24 networks, at a minimum, and maybe in two different
physical locations.  Unless you run a serious NOC yourself, I wouldn't
consider hosting your own DNS.



> if you agree on the dmz, should i use 1:1 nat for my servers, and i
guess
> that i would have to also do port forwarding for 80, 25, 110, 443, 53,
22
> right? or firewall rules, or both 

If you have more than two servers to open ports to, you may want to
use Server NAT instead of 1:1.  Still need appropriate firewall rules
in either case.  NAT allows the public to private translation, and
after that is applied, the firewall rules dictate what traffic can or
cannot pass.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch