David Brodbeck wrote:
Frank Coons wrote:
Does Exim allows LDAP queries across a DMZ or do both machines need to
be either inside or outside the DMZ for it to work?
Exim (and anything else) shouldnt care if one machine is in the DMZ.
They dont both need to be in the DMZ to work. However, DMZ is a one way
setup. Machines in the DMZ can not access anything behind or in front
of the firewall, but machines behind the firewall should be able to
contact the machine in the DMZ. It really depends on the setup of the
firewall device.
I've never tried it, but it's just a TCP connection. As far as I know
it should work, as long as the firewall is not blocking the connection.
I use the same method, but my Perl script will not send LDAP queries
back and forth across a DMZ even if I have opened up every port.
Back and forth may not work for reasons explained above. However if the
internal (behind the firewall) machine opens a connection to the DMZ
machine, data should be able to flow back and forth over that
connection. However the DMZ machine will not be able to open a
connection to anything else.
Are you sure the LDAP server doesn't have some kind of restriction set
on what IP addresses are allowed to connect?
-Jim
