Ask Dr. Intranet

At our ISP, part of our network has a firewall with three Ethernet cards connected to separate networks: the internal network, the DMZ (demilitarized zone) and the outside network. The primary DNS server and mail server are in the DMZ. The secondary DNS server is connected to the outside network. We have a client who wants to set up Internet mail. We gave him a local IP address and put all the entries in our DNS server, but we can only ping the mail server on the inside network and can't do it on the outside.

Check whether your firewall is configured to handle ping packets. It may vary, depending on whether the client's mail server is connected to the inside interface of the firewall or to the DMZ interface. Use the "ns lookup" or "dig" command to find out what the outside Internet DNS server has recorded for your client's e-mail server host name. If your system lacks these commands, you can use a Web-based version at www.analogx. com/contents/dnsdig.htm to find where the outside DNS servers are sending your ping packets. The simplest approach to getting your client's mail traffic routed to the correct server inside your network may be to use a DNS MX (mail exchange resource) record to direct Internet mail bound for your client's mail server to your DMZ mail server. From there, your DMZ mail server should be able to route the client's mail to his mail server.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Mail Exchange

Show Comments