RE: DNS and Routers

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 11 Feb 2003 13:40:47 -0600

Hi Mark,

You can create Port Rules to make specific types of communiations
"sticky" to a particular link. So, you could use it to pull your SMTP
messages from your mail server. I'll do a few article on RainWall and
RainConnect in the next month. Its got a lot of very cool features that
I think many people would chomp down on if they realized what it could
do, and how much money it could save them.

Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 
 


-----Original Message-----
From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx] 
Sent: Tuesday, February 11, 2003 1:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: DNS and Routers


http://www.ISAserver.org


Hi Tom,
I just returned from work and guess what they'll be needing a dedicated
IP
anyway... So we will just drop another ISA box into their network so
they
can use whatever functionality with mails and VPN and so on, and use the
other ISA as a ebproxy for their low-cost DSL flat rate concurrently.

From the theoretical point of view: the only way of doing what I asked
for
would be using RainConnect or the like? And to mis-use the
load-balancing to
redirect traffic based on what? Hm... If it's not too much of an effort,
could you shortly brief me??

Who's Enron?? :)

Thanks,
Mark


> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> Sent: Tuesday, February 11, 2003 1:17 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS and Routers
>
>
> http://www.ISAserver.org
>
>
> Hi Mark,
>
> What you want to do is very easy. But its starting to feel
> like you're trying to fit a square peg into a round hole :-)
> You have two ISPs, one that provides mission critical
> services to your company and another that provides general
> Internet access. If you want to keep the two services, move
> the UU Internet connection external to the ISA Server along
> with the other connection. Then use something like
> RainConnect to allow you to use both of them for load
> balancing and fault tolerance.
>
> However, what I would do is whack the generic DSL account and
> upgrade my UU connection, or vice versa and then host my own
> mail services (depending on the reliability of the links; if
> they go down on the regular basis, you might want to continue
> having the ISP queue your mail for you). Or, have someone
> like John T.'s service host your SMTP servers (your
> non-preferred MX records point to his SMTP servers), which
> will queue mail for you when the link is down, and relay the
> mail to your servers when the link comes back up.
>
> Hey, maybe I just figured out how to make some money on the
> bandwidth I'm not using?  I wonder if Enron thought of this first? ;-)
>
> Tom
>
> Thomas W Shinder
> www.isaserver.org/shinder
> ISA Server and Beyond: http://tinyurl.com/1jq1
> Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
>
>
> -----Original Message-----
> From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> Sent: Tuesday, February 11, 2003 2:06 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: DNS and Routers
>
>
> http://www.ISAserver.org
>
>
> Hi Tom,
>
> I'm not really certain why we discuss this, but anyway....
> Yes I know a couple of reasons: one being the DSL-ISP does
> not support ETRN or other delivery mechnisms with this sort
> of connection, secondly all outgoing mails would get
> stamped/modified by the smtp-relay which is ok for private
> users but imho not for a corporate customer. Another thing
> would be changing the DSL contract. Then we would have a
> fixed IP address. With a domain KK to the provider we would
> also have backup Mxing. Only the costs would triple.
>
>
> But all this doesn't really answer my question, does it?? :-) Mark
>
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> > Sent: Tuesday, February 11, 2003 2:58 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: DNS and Routers
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Hi Mark,
> >
> > Do you know if there's a reason why you can't use your DSL
> connection
> > to download your mail?
> >
> > Thanks!
> > Tom
> >
> > Thomas W Shinder
> > www.isaserver.org/shinder
> > ISA Server and Beyond: http://tinyurl.com/1jq1
> > Configuring ISA Server: http://tinyurl.com/1llp
> >
> >
> > -----Original Message-----
> > From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> > Sent: Sunday, February 09, 2003 3:48 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: DNS and Routers
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Hi Tom,
> >
> > The UUNET router initiates a dial up connection to UUNET
> (internet).
> > As soon as it goes online, UUNET delivers waiting mails to the
> > exchange server. The exchange server is indeed hosting its own mail
> > domain. Outgoing mail, like I already said, is delivered to
> the UUNET
> > smarthost. I'm not too shure about the setup at UUNET, but I will
> > check on this on Tuesday.
> >
> > The reason why we cannot use the other internet connection is that
> > there is no such functiontionality available at the ISP.
> >
> > But I agree the best thing to do would probably be siwtching to a
> > provider that provides the functionality - it's only a matter of
> > cost...
> >
> > Mark
> >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
> > > Sent: Sunday, February 09, 2003 10:09 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: DNS and Routers
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > Hi Mark,
> > >
> > > What is the purpose of this UU router? Do you need it? Why
> > not use the
> > > DSL line for all Internet related activity? Does this
> > router connect
> > > to the Internet or is it a point to point link with a partner or
> > > remote office?
> > >
> > > Is the Exchange Server hosting its own mail? Or are the
> > users using a
> > > dial up connection to pull mail from their own servers and
> > store it in
> > > the Exchange Store? Or, are you using TRN/ERTN to pull mail
> > from the
> > > ISP?
> > >
> > > Thanks!
> > > Tom
> > >
> > > Thomas W Shinder
> > > www.isaserver.org/shinder
> > > ISA Server and Beyond: http://tinyurl.com/1jq1
> > > Configuring ISA Server: http://tinyurl.com/1llp
> > >
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Mark Hippenstiel [mailto:m.hippenstiel@xxxxxxxxxxxx]
> > > Sent: Sunday, February 09, 2003 3:26 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: DNS and Routers
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > Hi Tom,
> > >
> > > Thanks a lot for your help, but unfortunately I must say,
> > that I knew
> > > all of this already. It's a shame really... Ok, let's start
> > all over
> > > again, where's the reset button...
> > >
> > > You got the ISA part right down there. What went amiss was
> > the UUNET
> > > router. This router is with it's current setup a
> potential security
> > > risk *AND* forces the customer to use some weird network
> > settings on
> > > the DC (=Exchange). I will try to explain again:
> > >
> > > >From the external point of view there are two entry
> points into the
> > > network,
> > > both at routers that manage dod connections. The
> difference between
> > > them
> > > is:
> > > one is connected to the external NIC of the ISA box (DSL),
> > the other
> > > one is directly connected to the network (ISDN I think).
> Let's call
> > > them DSL and UU.
> > >
> > > This setup is not desirable, so one task would be to but
> > both routers
> > > onto a network that is connected to the external ISA interface.
> > >
> > > Now this is not the real problem. Let's talk about mail delivery.
> > >
> > > I'm sure you agree that an SMTP server with a variable IP
> > address is
> > > not a good idea. Many SMTP hosts reject such connections.
> Moreover,
> > > you'd be having problems with incoming mails, because to my
> > knowlegde
> > > there is no reliable way to have an MX point to the obtained IP
> > > address - even dyndns has it's drawbacks such as cached
> > entries and so
> > > forth....
> > >
> > > That's why I don't intend to change the customers setup in this
> > > respect. So here comes the UU router. This router
> connects to UUNET
> > > regularly (it's being pinged by the DC). UUNET detects the
> > connection
> > > and starts delivering mails to the DC. Any outgoing mail
> is sent to
> > > something like mail.uu.net. Here's the second important
> point: for
> > > authentication reasons (smarthosting,
> > > relaying) the connection to mail.uu.net has to come from
> an internal
> > > address to the UUNET network (no big deal). That's the reason why
> > > the DC has the UU router as a default gateway. Right now
> this works
> > > more or less, but as I said the setup is a bit spooky.
> > >
> > > Now, if we move the UU router to the external segment of
> > the ISA box,
> > > there's going to be the problem of telling ISA how to
> > handle this. To
> > > keep this in mind: the goal is to make the setup more transpaent,
> > > eliminate the security problem and also to resolve the DNS
> > and routing
> > > problems within the network.
> > >
> > > For my better understandng, let's imagine that both the DSL
> > and the UU
> > > router were connected to the external interface. We would
> > then have a
> > > subnet like 10.1.1.0 or whatever, which would not be
> > contained in the
> > > LAT, right? The default gateway on the external NIC would
> > point to the
> > > "primary" router (this would be DSL). Now, back to mails:
> opening a
> > > connection to UUNET is not a problem, we can ping from the
> > ISA box to
> > > the UU router, thus initiating delivery. Surely we would need to
> > > publish the exchange and check with UUNET what to
> reconfigure at the
> > > UU router and so forth. Not a real problem there.
> > >
> > > Outgoing mails would be bit more tricky: the current
> > setting (def. gw.
> > > on the DC pointing to UU) would have to be changed. So
> the DC would
> > > just be a Secure NAT client. When we try to deliver the
> > mails, we will
> > > connect to mail.uu.net. The default route on the ISA box
> > would direct
> > > all traffic to the DSL router and the connection will
> fail (because
> > > the request to mail.uu.net will then not come from within UUNET
> > > network). So we would have to implement a route or
> > something else that
> > > automagically directs the traffic to mail.uu.net to the UU router.
> > >
> > > I've setup a few ISA boxes but I'm not really familiar with
> > the SMTP
> > > functionality, and I'm also not a geek when it comes to
> routing and
> > > manually adding routes... So the question is: is that possible?
> > >
> > > I think that changing the mail setup may be another
> > approach but this
> > > would involve a number of other problems (domain, delivery
> > mechanism
> > > and so on... Btw features that are not available at the DSL
> > > connection's ISP, I'm
> > > afraid)
> > >
> > > Alright, sorry for producing such a lenghty mail. And thanks for
> > > listenig, as always :) Mark
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > > Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT
> > > > Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> Discussion List
> > > as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to
> > > $subst('Email.Unsub')
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > > Security Resource Site: http://www.windowsecurity.com/
> > Windows 2000/NT
> > > > Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> Discussion List
> > > as: mark@xxxxxxxxxxxx To unsubscribe send a blank email to
> > > $subst('Email.Unsub')
> > >
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT
> > > Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> > blank email to $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Exchange Server Resource Site: http://www.msexchange.org/ Windows
> > Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT
> > > Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> > to $subst('Email.Unsub')
> >
>
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a
> blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site:
> http://www.windowsecurity.com/ Windows 2000/NT > Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: mark@xxxxxxxxxxxx To unsubscribe send a blank email
> to $subst('Email.Unsub')
>



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers
• » RE: DNS and Routers

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---