INE 2810 Mission 5
Version 1.0
Mission outlines
-
Set up internal DNS servers for your internal network
-
Set up mail servers in your internal network for the sale and marketing
departments in your branch office
-
Set up mail relay for the above mail servers in your DMZ
-
Set up a web transparent proxy server for your clients in your internal
network
-
Adjust your firewall so as to support the above web transparent proxy service
and cut IP masquerade for your internal network that you have set in the previous mission
Task 1 : Set up internal DNS servers for your internal network
-
Set up a master and slave DNS server to support the host resolving for
your internal network.
In this DNS servers, your may set forwarders to forward queries that
are not in your internal network domain to your external DNS servers in
DMZ.
-
Set up two MX record for your sale and marketing departments.
Their domain are "sale.XX.YY.ine.cuhk.edu.hk" and "mkt.XX.YY.ine.cuhk.edu.hk"
respectively, where XX is your branch office code (such as hk, bj, sh,
and cd), YY is your enterprise name (such as alpha, bravo, charlie, and
delta). The mail servers of these two domain should be the two hosts in
your private network
-
Once you have setup your internal DNS servers, you may consider if
your hosts in DMZ also need to use these internal DNS servers for resolving
Task 2: Set up mail servers in your internal network for
the sale and marketing department
-
Set up two mail servers in your internal network so as to send and recieved
mails of the domain "sale.XX.YY.ine.cuhk.edu.hk" and "mkt.XX.YY.ine.cuhk.edu.hk"
respectively, where XX is your branch office code (such as hk, bj, sh,
and cd), YY is your enterprise name (such as alpha, bravo, charlie, and
delta).
- To define the SMART_HOST in your sendmail mail mc file so that all
the outgoing mail from these mail servers will go to a mail relay host
in your DMZ
Task 3: Set up mail relay in your DMZ
-
Choose one of your hosts in DMZ as the mail relay for your internal mail
servers
- Configure the /etc/mail/access file so that this mail relay server can
relay inbound (receving mail) and outbound (sending out mail) mails for
the internal mail servers in your internal network
- Create user accounts for your sale and marketing department in your
two internal mail servers respectively. Use these accounts to test the
inbound and outbound mails of your internal mail servers.
Task 4: Set up a web transparent proxy server for your clients
in your internal network
- Choose one of your hosts in DMZ as a web transparent proxy server
- Configure the /etc/squid/squid.conf to enable httpd_accel so as to
support the reverse proxy
- Start the squid proxy deamon by /etc/rc.d/init.d/squid start.
- Check the log files in /var/log/squid to see any error encountered. If yes
, fix the problem and restart the squid deamon again by
/etc/rc.d/init.d/squid restart.
- Configure your firewall so that it support transparent proxy. E.G.
/sbin/iptables -t nat -A PREROUTING -p TCP -s 172.18.10.0/24 --dport 80 -j DNAT --to 10.32.64.1:8080
- At any host in your internal network, Use lynx (text based browser) to
surf any web site outside ine.cuhk.edu.hk network and to see if the transparent proxy work
Task 5: Adjust your firewall to cut IP masquerade for your internal network
Adjust your filter rule in your firewall so as to cut the IP
masquerade for your internal network that you have set in the
previous mission. As you have already set the mail relay and proxy
server in DMZ, your hosts in internal network no need to access
outside hosts through IP masquerade.
References