Quote:
Originally Posted by DGSO NAT isn't an option, unfortunately. We have certain restrictions set by the state as we are a law enforcement agency. |
??? I'm having trouble understanding the reason for this? If anything, I would imagine policy with law enforcement would not allow you to place the mail store, MTA,
and web front end into the DMZ? And yes, disabling security features required during the install will open it up more than you want. IPtables may help you out, but I just hate devoting system resources to an unnecessary task when I have a perfectly good ASA or other firewall waiting to do the job (more efficiently)! I'd be curious to understand the reason for the move to the DMZ in the first place.
EDIT: Sorry, I know that doesn't help with your question, but it's hard to recommend a solution without completely understanding the problem. :-)