Re: iptables problem getting url's hosted inside
--- George Georgalis <email@example.com> wrote:
> On Tue, May 18, 2004 at 07:00:15AM -0500, hanasaki wrote:
> >external internet - firewall - internal web server
> >internet traffic on port 80 is passed to the internal web server
> >external internet based browsers can hit the server
> >inernal based browsers cannot
> >What iptables runs are needed to let the internal browsers hit the
> >internal server with the external IP
> >now external users can hit the server with www.domain.com
> >internal users get connection refused
> >internal and external users get the same IP from "host www.domain.com"
> forget it. even if you get the fw to properly route LAN clients to
> LAN hosts, the host will reply via the LAN switch directly to the
> client, which will not accept it because it's waiting for a response
> from the internet IP.
This is where resources of both your network and componets becomes realy
apparent. You end up using everything twice, four times even.
> And, doing a LAN to LAN masq is much more difficult that it appears.
There are many intrequet problems. Like not having enuff ports for all
the snats or security if you start making special cases where you don't
> You need dns for the LAN which maps to the LAN server IP, not the
> internet IP. I've spent a lot of time figuring out how not to have
> "conditional locational" dns, it was wasted. Just focus on having
> two sets of dns records. :)
This is the easiest to setup, even for the 'for dumyies series'.
> // George
> George Georgalis, Architect and administrator, Linux services. IXOYE
> http://galis.org/george/ cell:646-331-2027 mailto:firstname.lastname@example.org
> Key fingerprint = 5415 2738 61CF 6AE1 E9A7 9EF0 0186 503B 9831 1631
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.