As we understand it that a computer to communicate with other computers in a TCP / IP, then each computer must have a unique IP address, should not be the same. In order for users on your internal network can communicate with the outside world by using your internal mail-server, then you must make your network IP design very well so that users on the Internet out there also can reach your mail server is located on the internal network with a safe way.
Some of our new air-experiment by creating an Exchange server for example, in addition to master technically how to install Exchange server (eg 2003), there are several steps that sometimes do not know what to diapain to the Exchange server can send a message out to the internet, and The most important is how to create users on the Internet can send an email to our server in a secure manner. Internal IP Network designEg do you already has an Exchange server on your network, you should be able to make the Exchange server can be accessed by all users within the internal network and also users of the Internet can send an email to your internal server in a secure manner. With limited public IP address that you have, then you should plan the use of public IP addresses this well. The following figure shows the network diagram in outline how the public and private IP address in place.In the design of your internal network, private IP address should be used. As described earlier in the design of an IP address, you should use a private IP as in the following table. Design complexity of the IP with "0" and: 1: not discussed again here.Suppose you use a private class C IP address 192.168.10.0/23 to serve as many as 500's hosts. Then you use a subnet mask of 255.255.254.0 (see how to calculate subnet mask). Assuming, of course you do not like in a VLAN network segmentation. In the diagram above picture, you also create an Exchange server with the IP address 192.168.10.251/23 and also Web-server with the IP address 192.168.10.250/23. We know that private IP addresses can not be in route to the Internet, so how do your users access to the outside world and also how users on the Internet reaches your mail-server in the Internal network. How the Internet user can send an email to email_anda@domain-anda.com?Register Your DomainExchange server you can only be accessed by internal users on your network and can not be accessed by Internet users. The first step is you have to register www.domain-anda.com on the Internet through your ISP. You have to buy a public IP address is listed as needed as needed.With the domain is registered on the internet, and you already have several public IP, then the next step is to register your exchange MX records on the DNS server at your ISP by using one public IP address (eg 65.134.10.13) you have. Here is discussed how the Exchange installation and configuration, but still related to the MX record, you also have to create a MX record on your internal DNS to point to the internal server IP Exchange (192.168.10.251/23).The same way you can do for your web-server. Now how the internet user can successfully send an email to your Exchange servers and internal users can also receive the message? Using NATWe need a way to translate private IP addresses into registered IP address by using a method called Network Address Translation (NAT). by NAT, the internet user by using a private IP to send data packets to the internet and vice versa internet user can send packets to the internal network (eg the Exchange Server).You can use this method in the configure NAT on the firewall / router.Assuming you are using a Cisco router, the configuration access-list (eg access-list 101), you must open port 25 (smtp) to allow users on the Internet can reach exchange server via public IP (65.134.10.13) is listed on the DNS server in ISP (our exchange MX records).access-list 101 permit tcp any host 65.134.10.13 eq smtpaccess-list 101 permit tcp any host 65.134.10.13 eq smtpSorry here is not to discuss details of how to use the access-lists in Cisco routers.And to translate exchange your IP address (192.168.10.251) to the public IP address (65.134.10.13), you should use static NAT method. Static NAT is commonly used in order to make the traffic inbound from the Internet into the internal network to the server such as Exchange.Router (config) # ip nat inside source static 192.168.10.251 65.134.10.13Router (config) # ip nat inside source static 192.168.10.250 65.134.10.12Router (config) # interface FastEthernet 0 / 0Router (config-if) # ip address 192.168.10.254 255.255.254.0Router (config-if) # ip nat insideRouter (config-if) # exitThis is an example of a NAT configuration on your router. See also article access-list - the basic configuration of Cisco routers access lists.With this configuration, the router can pass traffic inbound email messages to the Exchange server. Of course you also must have made your Exchange configuration is also the recipient address and so on are certainly not addressed in this article.Make sure also that your ISP is also open port 25. Usually in a WAN connection through an ISP service both frame relay and leased line PPP, all ports are open to you. So you should provide a powerful filter to your firewall / router with a good and strong. However, if the DSL or Cable Internet connection, not infrequently port 25 is closed.Resources in the DMZUsually to provide extra protection to the internal network / private, you can put the Exchange server or Web server on the perimeter or DMZ. With a DMZ, you do not allow inbound traffic from the Internet into a private network but only up to the DMZ network. Of course, the configuration of routers and firewalls must be designed to support this DMZ configuration. See the previous article to know the network DMZ.ConclusionSo that public resources can be accessed from the Internet, the steps that need to be done is to register the domain-anda.com to the Internet and also hosting the MX record (for your Exchange) with a public IP address on your ISP's DNS. The next step is to translate private IP addresses to public IP addresses with NAT method.
taken from various sources
Tidak ada komentar:
Posting Komentar