Sorry but Exchange is on the PDC box that is also the DHCP server.

We have a dynamic dial up {pipline router} so our IP address from the ISP is dynamic. After that I have set up all static on the open side and dhcp on the safe side of the box.

__Stephen Russell


>How do you have Exchange going out to get E mail. You may want to move Exchange off of this box.
>
>On the box connected to Internet only have Proxy. I talked to a company that got hacked into. A bunch of hackers were using their box as a jump off point to other places. After that Exchange was not running the same. Out of 160 Outlook clients about a third took 15 to 20 minutes to log on to exchange.
>
>Are you dynamic on your IP Address from your ISP to the Internet side of you P75.
>
>>I have the ISDN on demand, with a 2 min time out. We are dynamic in our IP address and I want Exchange to request email every 15 min or so.
>
>
>Is Novell routing IP across different sides of the network that it is attached to. ? If it is not you do not need IP loaded on Novell. IPX will cary to your Novell Box. With IP removed from Novell it is harder for someone running only IP to get to Novell. I have not been able to get the people smarter than I to commit never able.
>
>>#7 below confuses me. Yes I do have Novell in house and I thought that I needed to pass IP for HTTP services? currently the NT box is configured with IP and IPX
>
>Sounds like you are pretty protected. Windows NT System Magazine has done several reviews of Firewalls. Goto www.ntsystems.com and do a search on Firewall.
>
>>__Stephen Russell
>>
>>
>>>One of the problems with the word firewall is that people get the perception that you purchase one piece of software, install it and you are done. A firewall also includes practical ideas. Consider these steps.
>>>
>>>1). Purchase O'Reillies book - Building Firewalls.
>>>2). Setup your ISDN to dial on Demand. This will shut off your presence except when being used. During the times your company is not accessing the internet you have the best firewall possible, no connection. Dial on Demand only adds 7 - 8 seconds to a connect. If someone else or a process has already connected then the following user does not know the difference.
>>>
>>>3). Have the IP Address on the Internet side of you P75 issued to you dynamically upon connect from your ISP. No permenant IP Address on the Internet Side. Some ISP's charge 5.00 a month for a permenant IP. This may save you $ 60.00 a year.
>>>
>>>4). Purchase an Internal E Mail Post Office that goes out and gets E Mail instead of being up and running waiting for a SMTP to be sent. Set up your pickup schedule such that E Mail quits picking up in the evening and after everyone is done on the weekend. This aids in helping you be only connected to the internet when needed. I sell MDaemon.
>>>
>>>5). Setup a Proxy Server so that your internal PC's do not have valid IP's. If you have purchased fixed IP's for all your internal PC's this will further save you money. I sell Wingate. Wingate is not a firewall per se but gives you internal auditing and control for outbound traffic and proxies (Acts On Behalf Of) internal access to external internet. A step in firewalling.
>>>
>>>6). Setup what O'Reilly calls a bastion computer. P120 running NT, 32 Meg Ram, 1.2 IDE gig Hard Drive to host the above software. Do not plug this computer into your network hub. Seperate this out and connect to a second NIC on your pimary server box. Do not setup this box as part of your domain. Espiecally do not set this box as a BDC if you are running NT. Your User Access files will end up on this box and you do not want that. Change the Administrator name and Password on this box. Setup the bare minimum of services. Only what you need to host Wingate and MDaemon. Be very careful about service paks and hot fixes on this box but keep up with the latest security breach fixes.
>>>
>>>7). If you are running Novell in house do not turn on IP on that Box keep it communicaing Via IPX. Maybe consider only using Netbeui and or IPX on NT as well.
>>>
>>>8). Do not host WWW services for the internet inside of your P75 ISDN Modem. Outsource that to someone like myself or another ISP. This seperates your network form your Web Services. If they hack into your wwww stuff they are hacking into someone elses box not your network. S Paks and Hot fixes continually expose your network to problems with the more internet services you have turned on, on the box that is being accessed by the internet.
>>>
>>>Above should cost you no more than $ 1000.00, maybe less depending on what you already have, and offers very very good firewalling. If after this is up and running and you are still not comfortable purchase a firewall for a couple of thousand. Do not think that a Firewall piece of software by itself is the silver bullet answer.
>>>
>>>>yes a firewall that separates a pipline 75 (isdn router) and my network
>>>>I have 2 subnets 10.10 inside and 10.11 outside.
>>>>
>>>>\on the firewall box \i can see both sides.
>>>>
>>>>I have to go.
>>>>
>>>>__Stephen
>>>>
>>>>>Do you have a firewall in mind.
>>>>>
>>>>>What kind of connection do you have to the internet. Modem, ISDN (Perm or Dial on Demand)
>>>>>
>>>>>What kind of E Mail system you have internal.
>>>>>
>>>>>
>>>>>>I haven't been doing VFP for long myself. All my accounts were DOS and and FPW2.6. Those people are finally getting new machines. My day job has me converting an older SBT & TIW system to current needs and current versions.
>>>>>>
>>>>>>That's a hand full!
>>>>>>
>>>>>>Do you know much about setting up a Firewall on NT using Proxy2? I am having a fun time wiht this one. I think I have it set up but how do I open the ports and which ones should I open. I want to have http, and email for an exchange box.
>>>>>>
>>>>>>Thanks.
>>>>>>
>>>>>>__Stephen
>>>>>>
>>>>>>
>>>>>>
>>>>>>>No problem. These messages stack up pretty fast and sometimes only seeing messages, its hard to see where things were going until after the fact.
>>>>>>>