[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall ruleset...

On Thu, Oct 02, 2003 at 03:33:01PM -0400, George Georgalis wrote:
>So the question again, is there some way to access local services via
>internet dns names. In the past I just had a local dns server with the
>domains mapped to the local static LAN ip addresses. I'm trying to avoid
>that and use one set of dns records. (don't want a new physical dmz
>The only way I see it as possible is through SNAT (ie 'reverse
>masquerading') the local ip as it leaves the firewall for the server,
>but then the source ip is lost in web logs.:-\

Bah, the only way is with dns. I just added these lines to my tinydns


and put '' in the following files:


and all is perfect. my dns cache knows to use my local dns server for
domain.tld or (which only answers those domains
for requests from the LAN and lo), host.domain.tld and www.domain.tld
are hard coded to to their respective internet IPs and *.domain.tld
resolves to the lan server. All a and ptr lookups work as they should;
the reason I didn't want to do this in the first place is: if ip changes
in the '=' lines, I'll need to change the main server _and_ this one.

// George

GEORGE GEORGALIS, System Admin/Architect    cell: 646-331-2027    <IXOYE><
Security Services, Web, Mail,            mailto:george@domain.tld 
Multimedia, DB, DNS and Metrics.       http://www.domain.tld/george 

Reply to: