Re: Port forwarding - problem resolved
Wow, it sounds like you had a heck of a time, didn't you. Strange
forwarding routes that sound like they are directly dependent on how
you referenced your machine addresses from your web pages/servers.
Our setup is similar. We have one application server that runs Citrix
Metaframe over tcp port 1494. To access it from the internet, I use
portforwarding on the firewall server. To access it from the
Intranet, clients connect to the private IP address of the
server directly. In fact, we have two separate DNS servers running
two separate name spaces. Our external DNS only resolves
Internet-visible names. Our internal DNS only resolves
Intranet-visible names. So, our overall scheme looks like this...
(Internet)------[ISDN] x.x.x.1
___|___
_|_ _|_ x.x.x.3
x.x.x.2 | | | |
| 1 | | 2 |
|___| |___| 192.168.1.10
_______|_____
_|_ _|_ |
192.168.1.1 | | | | (To Workstations)--->
| 3 | | 4 |
|___| |___|
192.168.1.2
# Service(s)
--- ---------------------
1 DNS, Web Server, Mail Server (soon to be, anyway) {Independent
firewall setup}
2 Firewall, Portforwarding, Masquerading
3 DNS, DHCP, Web Server, Cache Server, Mail Server (current
setup)
4 Application Server
5 SQL Server, WINS, File Server (not shown)
Once I move email and web services outside the intranet firewall, I'll
have less demand for the port forwarding, though I'll still use it for
the application server. Should I want to have a central firewall for
the Internet accessible servers, I would place an old 486 between the
ISDN router and servers 1 & 2, then migrate the IP addressing scheme
so that the Internet accessible servers have a class C network and the
Intranet would have a class B network.
Anyway, possibilities...
^chewie
http://nerp.net/~chewie <<--- Check it out! I'm selling my truck!
Reply to: