LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 12-13-2008, 01:36 PM   #1
numba1
LQ Newbie
 
Registered: Aug 2006
Posts: 6

Rep: Reputation: 1
Mail server using VMware: SMTP gateway in the DMZ and maili servers on the LAN


I'm looking for help both from Linuxquestions and VMware forums since I'm not sure which place would be best to look. I'm setting up a Sendmail server on top of FreeBSD and have read that it's a good security practice to place the SMTP gateway in the DMZ and the mail servers in the LAN. I would like to know if anyone has any experience doing this with VMs, one in the DMZ and one on the LAN.

As for possible security issues, I know that it could be possible to compromise the DMZ VM and possibly get to the LAN VM but, I think the risk is low as VM security is still decently high. Would I be better to use 2 separate boxes?

Thanks in advance
 
Old 12-13-2008, 02:58 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
if you mean you have two seperate network connections into a single VMware server instance with a vSwitch for each nice, one for LAN and one for DMZ then in theory your fine, but it's pretty ugly to be using different security zones on a single platform. Your DMZ systems would be much more likely to be physical machines and not VM's for various security reasons. If you are looking for better security then I would often put low level security zone separation before best practises of SMTP traffic.

depending on your security architecture, many linux / bsd based firewall distro's, e.g. smoothwall, pfsense, ipcop, astaro can provide the SMTP gateway functionality within a security device, which might be a simpler way to get what you're alluding to.

Last edited by acid_kewpie; 12-13-2008 at 03:00 PM.
 
  


Reply

Tags
dmz, machine, sendmail, virtual, vmware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing web server in dmz to access AS400 in LAN sunethj Linux - Networking 0 01-09-2007 11:06 PM
Unable to send mail to some mail servers due smtp greetings malformed atotomex Linux - Networking 6 12-20-2005 04:38 PM
DHCP Server for internal LAN and DMz NVETHIS Linux - Networking 1 07-11-2003 10:16 AM
gateway(NAT),firewall,server,DMZ andjules Linux - Networking 1 11-22-2002 05:55 PM
gateway(NAT),firewall,server,DMZ andjules Linux - Newbie 2 11-22-2002 08:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 03:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration