?
Solved

Smoothwall and Win2000 (advanced) server - Mail and FTP

Posted on 2003-03-18
7
Medium Priority
?
353 Views
Last Modified: 2012-06-27
My network configuration is as follows:
WIN2000 Advanced Server installed as PDC
WIN2000 Pro Clients which connect to the server
Smoothwall 1.0 (not configured to use DNS since this is assigned to the WIN2000 server) in the same network for internet security (only GREEN and RED NIC installed, no DMZ).

When using this configuration, going to the internet for browsing seems to be no problem. However, FTP and e-mail exchange are impossible. Why? or How to configure?

Someone proposed me to configure the Win2000 server as a normal DC, so that it would forward to the Smoothwall.
Is the following method possible?
* backup the AD
* reinstall the WIN2000 from scratch
* restore the AD

Would restoring the AD not put the system back as a PDC?

I have little margin for experimenting as this is in a school environment with limited means.

Greetings,
Yves
0
Comment
Question by:kangooman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8169717
Yves: it's difficult to understand because we do not have all the info.

which role plays here the win2000 server? is it the mail server (MTA)? is it the ftp server?

are you talking about access from lan to internet to an external mail server? in this case, outgoing mails go thru, but you cannot read them using pop3, or pop3 is working and smtp is not?

please try to explain where the problem is, and maybe yourself will find the problem.

Regards
0
 

Author Comment

by:kangooman
ID: 8170228
Ok, here I go:

The win2K server's main purpose is to act as a file server and beside that to "control" the clients' security, that is to enforce system policies and user policies. The main problem here is, as I was told in response to a similar question, that the server is configured as the PDC. Second task of the server is DHCP. Due to the policy question, all my clients are required to have it as their gateway, because otherwise the policies are not applied.

The Smoothwall's role was to replace another win2K server that was merely used as a router to the Internet (with capital I). As an extra, I embraced the smoothwall's firewall capabilities. So, in fact I expected it to work merely as a router. But, as it turns out, the Smoothwall blocks traffic over all but the port 80 for internet access.

I read about a solution where the win2K should not be the PDC, just a regular DC, which in turn forwards DHCP requests to the Smoothwall (is this making any sense at all?). This would allow the clients to access other ports, including port 25 and 110 for SMTP and POP3.

So, in fact, that is the problem. The smoothwall is routing my intranet to the Internet, but is unable to forward requests on other ports.

Is this more understandable?
0
 

Author Comment

by:kangooman
ID: 8170237
Sorry if my sentences don't always make sence. My native language is Dutch.
0
 
LVL 19

Accepted Solution

by:
Gabriel Orozco earned 200 total points
ID: 8170493
yeap. this is very understandable.

now, the facts:

1) You do not need the PDC to be the default gateway. no windows policy controls traffic via tcp/ip, so you can safely edit your dhcpd settings in the win2000 server and point the default gateway to the smoothwall.

2) As per this question, you do not need to change any PDC to BDC or DC. This does not apply here.

3) You need to read better the documentation of your smootwall. you need to let any user from inside to access outside, and block all outside traffic. this is normally very easy to do, but I do not use smoothwall. I can help you with the plain linux rules, but not menues or something. This is why I recommend you to re-read the manual and look for configuration examples.

4) No problem... I'm a Spanish speaker myself :P

Regards
0
 

Expert Comment

by:CleanupPing
ID: 9077638
kangooman:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question