[oclug] Port Forwarding problem to Exchange Server solved

[Strosberg, Bill]

Pete:

I may be wrong here, but you should be able to set up an ipchains rule to
REJECT the ident request rather than DENY it.  Not offering the service (ie.
blocking it) will result in a DENY, and the server at Bell Nexxia may
require a response to it's inquiry - regardless of whether it returns a
positive result or a REJECT.  Setting a REJECT rule will generally fix this
type of problem, and better yet it will not require you to run the identd
and opening another potential security hole.

It's worth a quick try and may be exactly what the doctor ordered.

--
Bill Strosberg

> Well, I managed to fix my port-forwarding problem with my 
> Exchange Server
> not getting mail from Bell Nexxia. Turns out Nexxia requires 
> the ident port
> open to the server getting the mail. If it's closed (as it should be),
> nothing will come through. I now have SMTP and ident ports 
> forwarded to the
> Exchange Server and mail comes through fine from Nexxia.
> 
> So how does one fix this problem and remain secure?