Setting Up Virtual Mail and WWW Domains

  

Figure 4.53: The Virtual Domain Setup Screen

The Virtual Domain Setup Screen lets you configure the firewall to accept mail for domains other than the primary domain, as well as to support public servers for common services for domains other than the primary domain.

For email virtual domains, the following fields are relevant:

Mail Server

The fully-qualified name of the host (if any) to which mail for the domain should be delivered. You can also set up POP3 users for virtual domains as an alternative or additional way of handling virtual domain mail.

Convert to Primary Domain

If set to YES, mail recipient addresses of the form user@virtualdomain will be changed to have the form user@primarydomain, before the mail is delivered. That is, the user name will remain unchanged, and the domain name will be changed to the firewall's primary domain. This change occurs only in the envelope recipient address, not in the message headers.

For other virtual domains, the following field is most important:

External Aliased IP Address

In order to distinguish between different public servers, each needs a unique registered Internet IP address. The external interface of the firewall will be `aliased' to each of these addresses. All the addresses should fall in the external network (as specified by the external netmask) or there will be problems routing to these addresses.

Once an alias address is specified, the addresses and ports of the relay servers need to be configured, using the following fields:

WWW Server IP Address

This field is used to specify the IP address of the actual WWW server for the virtual domain, which may be internal or in the DMZ.

WWW Server Port

This field is used to specify the port that the real server is running on. Usually this will be port 80. If you run several servers on a single host (using a single IP address), then they must use different ports.

The other virtual domain services (HTTPS, FTP, NNTP and POP3) are configured similarly.

You can set up a virtual domain just for mail, or just for a server, so you do not need to complete all the fields. If the firewall is acting as an external name server, it will automatically serve records for the virtual domain (a mail-exchanger record pointing to the firewall itself, and/or address or CNAME records for service.virtualdomain pointing to the IP alias address, where service can be any of www, https, ftp, news or pop3). If the firewall is not running an external DNS server, whoever is providing your external DNS service will need to provide the records for the virtual domains.

The firewall will apply any recipient and size restrictions to mail messages addressed to users in virtual mail domains, and then forward them to the specified servers or POP3 maildrops, rewriting the recipient addresses in the envelope if this has been enabled, or leaving them intact if not.

Virtual domain services other than mail will not work if your external interface is a point-to-point interface (SLIP or PPP), as these interfaces cannot have IP aliases assigned to them.