Re: iptables problem getting url's hosted inside
The below is the approach I ended up using. George and I are thinking
alike. Hope thats a good thing!
host www.domain.com resolves to the internal hostname
when run internally.
I think this is also what email@example.com Mike Mestnik was
suggesting. Its a simple elegant solution that had already been in
place in the past. My goal was to not need to have changes in servers
need custom changes in internal dns.
George Georgalis wrote:
On Tue, May 18, 2004 at 07:00:15AM -0500, hanasaki wrote:
external internet - firewall - internal web server
internet traffic on port 80 is passed to the internal web server
external internet based browsers can hit the server
inernal based browsers cannot
What iptables runs are needed to let the internal browsers hit the
internal server with the external IP
now external users can hit the server with www.domain.com
internal users get connection refused
internal and external users get the same IP from "host www.domain.com"
forget it. even if you get the fw to properly route LAN clients to
LAN hosts, the host will reply via the LAN switch directly to the
client, which will not accept it because it's waiting for a response
from the internet IP.
And, doing a LAN to LAN masq is much more difficult that it appears.
You need dns for the LAN which maps to the LAN server IP, not the
internet IP. I've spent a lot of time figuring out how not to have
"conditional locational" dns, it was wasted. Just focus on having
two sets of dns records. :)