Re: LAN setup

[Jason Majors <jason@kwiqsilver.org>]

> I've got my LAN set up and running, and so far so good.  I'm using a
> gateway/router/firewall (hadrian) to stop unwanted traffic and allow
> internet access and LAN access to everybody else.  Then I have
> gashuffer, my main workstation, and a Win box that my girlfriend uses,
> and an occasional laptop.  Now, the question is this:
> Without running BIND on hadrian (or elsewhere on the LAN) is there a
> way to allow, e.g.:
Sounds a lot like my network...
> 
> ssh steve@hadrian (ssh steve@192.168.0.1 works fine now)
I assume you mean access hadrian from gashuffer. If so, just add lines
like:
192.168.1.1    mystique.kwiqsilver.org   mystique
192.168.1.2    sabertooth.kwiqsilver.org sabertooth
192.168.1.3    magneto.kwiqsilver.org    magneto
to /etc/hosts on each machine. (Use your own domain name of course :).

> 
> or an exim .forward like
> # Exim filter
> # --------------
> #Forward all mail to gashuffer
> 
> if      $h_From:  matches "whatever@whatever"
> then
>         deliver steve@gashuffer
> 	finish
> endif
Once exim is able to resolve gashuffer to an IP (after the /etc/hosts fix
above), this should work. But if you're sending mail to an account at a
specific machine in your network, it should just go straight there.
> 
> I ask because BIND seems more trouble than it's worth, security-wise,
> and it's a small LAN that's well served by my ISP's nameservers.
> Right now I can't even mail to steve@192.168.0.2 (gashuffer's LAN
> address) although I'm not sure exim like's those sorts of addresses.
> Any pointers to good docs or suggestions welcome.
I'd suspect exim is set up incorrectly then. Run eximconfig and set up all
your boxes as type 1 (Internet Site). That's how mine is setup. But I have
fetchmail running on my mail server pull mail from the other boxes, so I
only have one mail account to check. But I then mount the /home dir from
that server on all the workstations, so I can check that one account from
any box.