On Sun, 2004-08-22 at 21:08, Gary Allen Vollink wrote: > I've been following this thread through the archives, and while a > great deal of your requirement is that you don't want to create a > pin-hole. It occurs to me the that you (or someone else following > this thread, looking for a similar solution) may not know that it's > possible to open directed pin-holes - an opening on a firewall that is > only accessible from a single IP address. This in conjunction with a > non-standard SMTP port set-up (say port 2525), and you've got full > function SMTP without the need to set up a laborious batch-transfer. > > For details on how to set up a directed pin-hole, look at the Fedora > (and RedHat 9) NTP time sync. Under Core 2 : /etc/rc.d/init.d/ntpd > start reading at line 67. Thanks a lot Gary...I will start reading it up. It could be the thing I am looking for. But for argument Sake: - What are the risks associated with Directed Pinholing? - I assume as IPs can be spoofed but in that case cannot be routed back to the hacker, unless he has gotten root access on the DMZ server and has setup a reverse proxy of some sort? Especially, as the DMZ mailserver is in private address space 192.168.x.x and the firewall is port forwarding the smtp & http packets. People, please comment on this option. Thanks again. Gary....this could solve another problem area regarding setting up RDBMS in Green for Web-server in DMZ. Sanjay.
