INE 2810 Mission 5

Version 1.0

Mission outlines

  1. Set up internal DNS servers for your internal network
  2. Set up mail servers in your internal network for the sale and marketing departments in your branch office
  3. Set up mail relay for the above mail servers in your DMZ
  4. Set up a web transparent proxy server for your clients in your internal network
  5. Adjust your firewall so as to support the above web transparent proxy service and cut IP masquerade for your internal network that you have set in the previous mission
Task 1 :  Set up internal DNS servers for your internal network
  1. Set up a master and slave DNS server to support the host resolving for your internal network.
    2. In this DNS servers, your may set forwarders to forward queries that are not in your internal network domain to your external DNS servers in DMZ.

  2. Set up two MX record for your sale and marketing departments.
    3. Their domain are "sale.XX.YY.ine.cuhk.edu.hk" and "mkt.XX.YY.ine.cuhk.edu.hk" respectively, where XX is your branch office code (such as hk, bj, sh, and cd), YY is your enterprise name (such as alpha, bravo, charlie, and delta). The mail servers of these two domain should be the two hosts in your private network

  3. Once you have setup your internal DNS servers, you may consider if your hosts in DMZ also need to use these internal DNS servers for resolving


Task 2:  Set up mail servers in your internal network for the sale and marketing department

  1. Set up two mail servers in your internal network so as to send and recieved mails of the domain "sale.XX.YY.ine.cuhk.edu.hk" and "mkt.XX.YY.ine.cuhk.edu.hk" respectively, where XX is your branch office code (such as hk, bj, sh, and cd), YY is your enterprise name (such as alpha, bravo, charlie, and delta).

  2. To define the SMART_HOST in your sendmail mail mc file so that all the outgoing mail from these mail servers will go to a mail relay host in your DMZ

 

Task 3: Set up mail relay in your DMZ

  1. Choose one of your hosts in DMZ as the mail relay for your internal mail servers

  2. Configure the /etc/mail/access file so that this mail relay server can relay inbound (receving mail) and outbound (sending out mail) mails for the internal mail servers in your internal network

  3. Create user accounts for your sale and marketing department in your two internal mail servers respectively. Use these accounts to test the inbound and outbound mails of your internal mail servers.


 

Task 4: Set up a web transparent proxy server for your clients in your internal network

  1. Choose one of your hosts in DMZ as a web transparent proxy server

  2. Configure the /etc/squid/squid.conf to enable httpd_accel so as to support the reverse proxy

  3. Start the squid proxy deamon by /etc/rc.d/init.d/squid start.

  4. Check the log files in /var/log/squid to see any error encountered. If yes , fix the problem and restart the squid deamon again by /etc/rc.d/init.d/squid restart.

  5. Configure your firewall so that it support transparent proxy. E.G. /sbin/iptables -t nat -A PREROUTING -p TCP -s 172.18.10.0/24 --dport 80 -j DNAT --to 10.32.64.1:8080

  6. At any host in your internal network, Use lynx (text based browser) to surf any web site outside ine.cuhk.edu.hk network and to see if the transparent proxy work


 

Task 5: Adjust your firewall to cut IP masquerade for your internal network

Adjust your filter rule in your firewall so as to cut the IP masquerade for your internal network that you have set in the previous mission. As you have already set the mail relay and proxy server in DMZ, your hosts in internal network no need to access outside hosts through IP masquerade.


 
 

References