Michelle Konzack wrote:
Am 2006-01-29 12:45:09, schrieb hanasaki:
The goal is to have an internal webserver:
- DONE - running on a high numbered port
- DONE - firewall forwards 80->7777 on webserver
- DONE - external hits on www.blah.com
served by the httpserver
- ???? - internal/intranet also can hit
the webserver as www.blah.com
The problem is that www.blah.com resolves to the external internet IP
and then gets routed out of the firewall which does not come back in and
This is a problem with DNS-Loop-Back. Please search google for it.
The solution is, to add an entry for the Webserver to your /etc/hosts.
Greetings
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant
If everything is on the same LAN using the same firewall you can do like
this to route the packets correctly:
Note I placed commonly known ip's in here -- not ours -- just so you
have something to ref.
# NAT into individual hosts; firewalled by FORWARD rules defined in this
configuration earlier (not included in this snippet).
# Prerouting -d is the public IP of the webserver --to-dest IP is the
private IP address of said server.
-A PREROUTING -d 128.101.101.101 -j DNAT --to-dest 192.168.2.2
# Fix up NAT from internal hosts
# postrouting -s is LAN subnet, -d is LAN IP of web server --to-source
is IP of gateway (firewall)
-A POSTROUTING -s 192.168.2.0/24 -d 192.168.2.2/32 -p tcp -m tcp --dport
80 -j SNAT --to-source 192.168.2.254
Hope this helps!
Matt
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
