[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables problem getting url's hosted inside

The below is the approach I ended up using. George and I are thinking alike. Hope thats a good thing!

host www.domain.com resolves to the internal hostname
	when run internally.

I think this is also what cheako911@yahoo.com Mike Mestnik was suggesting. Its a simple elegant solution that had already been in place in the past. My goal was to not need to have changes in servers need custom changes in internal dns.

thanks all,

George Georgalis wrote:
On Tue, May 18, 2004 at 07:00:15AM -0500, hanasaki wrote:

external internet - firewall - internal web server

internet traffic on port 80 is passed to the internal web server
external internet based browsers can hit the server
inernal based browsers cannot

What iptables runs are needed to let the internal browsers hit the internal server with the external IP

now external users can hit the server with www.domain.com
internal users get connection refused

internal and external users get the same IP from "host www.domain.com"

forget it. even if you get the fw to properly route LAN clients to
LAN hosts, the host will reply via the LAN switch directly to the
client, which will not accept it because it's waiting for a response
from the internet IP.

And, doing a LAN to LAN masq is much more difficult that it appears.

You need dns for the LAN which maps to the LAN server IP, not the
internet IP. I've spent a lot of time figuring out how not to have
"conditional locational" dns, it was wasted. Just focus on having
two sets of dns records. :)

// George

Reply to: