Re: firewall ruleset...
On Thu, Oct 02, 2003 at 03:33:01PM -0400, George Georgalis wrote:
>So the question again, is there some way to access local services via
>internet dns names. In the past I just had a local dns server with the
>domains mapped to the local static LAN ip addresses. I'm trying to avoid
>that and use one set of dns records. (don't want a new physical dmz
>either)
>
>The only way I see it as possible is through SNAT (ie 'reverse
>masquerading') the local ip as it leaves the firewall for the server,
>but then the source ip is lost in web logs.:-\
>
Bah, the only way is with dns. I just added these lines to my tinydns
data:
%lo:192.168.1
%lo:127
.domain.tld:192.168.1.50::::lo
.38.37.36.35.in-addr.arpa:192.168.1.50::::lo
=host.domain.tld:11.22.33.44
=domain.tld:35.36.37.38
+www.domain.tld:35.36.37.38
+*.domain.tld:192.168.1.21
and put '192.168.1.50' in the following files:
dnscache/root/servers/38.37.36.35.in-addr.arpa
dnscache/root/servers/domain.tld
and all is perfect. my dns cache knows to use my local dns server for
domain.tld or 35.75.10.35.in-addr.arpa (which only answers those domains
for requests from the LAN and lo), host.domain.tld and www.domain.tld
are hard coded to to their respective internet IPs and *.domain.tld
resolves to the lan server. All a and ptr lookups work as they should;
the reason I didn't want to do this in the first place is: if ip changes
in the '=' lines, I'll need to change the main server _and_ this one.
// George
--
GEORGE GEORGALIS, System Admin/Architect cell: 646-331-2027 <IXOYE><
Security Services, Web, Mail, mailto:george@domain.tld
Multimedia, DB, DNS and Metrics. http://www.domain.tld/george
Reply to: