masq  

Re: [masq] Interesting Loop back....

Ovidiu Motz
Sun, 14 Feb 1999 07:38:30 -0500


On Sun, 14 Feb 1999, Marc Cassuto wrote:
 
> Now my firewall is well configured 
> (altouhgt it couldn't be perfectly secured),
> I get a new interesting feature :
> Look at this :
> 
> 
>  +---------+     +----------+     +------------------+
>  | outside |-----| firewall |--+--| internal network |
>  +---------+     +----------+  |  |    192.168.0.x   |
>                                |  +------------------+
>                                |
>                                |  +------------------+
>                                +--|    Web Server    |
>                                   |    192.168.0.3   |
>                                   +------------------+
> 
> - The firewall (Linux 2.0.34) has got a real IP address:
> 123.456.789.1
> - Port 25 of Firewall is redirect to port 25 of Web server.
> - All Web access allowed.
> - The website is accessible from outside via
> http://my.web.com
> 
> The Feature :
> from my network 192.168.0.x,
> the WS is not accessible trough http://my.web.com
> It can only be seen via its internal Ip address 192.168.0.3
> 
> Has someone got an idea ???

Yes, I bet you use an external DNS server. Well, this DNS server will
report as IP address of my.web.com, 123.456.789.1 (numbers are fake, of
course). When you try to access http://my.web.com, you will actually
trying to access 123.456.789.1:80, which is BLOCKED by your firewall.
Probably your firewall won't let you send packets coming from your
internal network and having as destination the external interface of your
masq box. That's good (as a firewall). The simplest solution is to define
an entry in the /etc/hosts file (or c:\windows\hosts for W95 machines)
like this:
        192.168.0.3     my.web.com
for each machine in your local network. A more elaborated solution (if you
A LOT of machines in your local network) is to run a local DNS server on
your linux box.

Regards,

Ovi

 -------------------------------------------------------------- 
| Ovidiu Motz                   | email: [EMAIL PROTECTED] | 
| UNIX Network Administrator    | http://www.library.utt.ro    | 
| UPT Library, Timisoara        | phone +40 56 134675/ext. 15  |
 --------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]