Re: iptables problem getting url's hosted inside

To: hanasaki <hanasaki@hanaden.com>, debian-firewall@lists.debian.org
Subject: Re: iptables problem getting url's hosted inside
From: Mike Mestnik <cheako911@yahoo.com>
Date: Tue, 18 May 2004 16:56:55 -0700 (PDT)
Message-id: <[🔎] 20040518235655.37892.qmail@web11906.mail.yahoo.com>
In-reply-to: <[🔎] 20040518172808.GE28783@trot.local>

--- George Georgalis <george@galis.org> wrote:
> On Tue, May 18, 2004 at 07:00:15AM -0500, hanasaki wrote:
> >external internet - firewall - internal web server
> >
> >internet traffic on port 80 is passed to the internal web server
> >external internet based browsers can hit the server
> >inernal based browsers cannot
> >
> >What iptables runs are needed to let the internal browsers hit the 
> >internal server with the external IP
> >
> >now external users can hit the server with www.domain.com
> >internal users get connection refused
> >
> >internal and external users get the same IP from "host www.domain.com"
> 
> forget it. even if you get the fw to properly route LAN clients to
> LAN hosts, the host will reply via the LAN switch directly to the
> client, which will not accept it because it's waiting for a response
> from the internet IP.
> 
This is where resources of both your network and componets becomes realy
apparent.  You end up using everything twice, four times even.

> And, doing a LAN to LAN masq is much more difficult that it appears.
> 
There are many intrequet problems.  Like not having enuff ports for all
the snats or security if you start making special cases where you don't
snat.

> You need dns for the LAN which maps to the LAN server IP, not the
> internet IP. I've spent a lot of time figuring out how not to have
> "conditional locational" dns, it was wasted. Just focus on having
> two sets of dns records. :)
> 
This is the easiest to setup, even for the 'for dumyies series'.

> // George
> 
> 
> -- 
> George Georgalis, Architect and administrator, Linux services. IXOYE
> http://galis.org/george/  cell:646-331-2027  mailto:george@galis.org
> Key fingerprint = 5415 2738 61CF 6AE1 E9A7  9EF0 0186 503B 9831 1631
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 



	
		
__________________________________
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
http://promo.yahoo.com/sbc/

Reply to:

References:
- Re: iptables problem getting url's hosted inside
  - From: George Georgalis <george@galis.org>

Prev by Date: Re: iptables problem getting url's hosted inside
Next by Date: RE: iptables problem getting url's hosted inside
Previous by thread: Re: iptables problem getting url's hosted inside
Next by thread: Re: iptables problem getting url's hosted inside
Index(es):
- Date
- Thread