> > Just port-forward the service from the public IP of the firewall (the near > > end IP of the T1 link). The reverse masqerade rules will do the right > > thing, and everything should work fine. There are also hooks in place to do > > this already, so no custom forwarding and static-NAT rules, making the > > system easier to maintain. The public IP of the server system will fall > > outside the DMZ range, but unless your customer has their own IP range > > (unlikely, since you mentioned it's a /26), they're using 'borrowed' IP's > > from the ISP anyway...might as well make effective use of ALL the IP's > > you've been given, and save yourself some trouble in the process... > > If DNS can be setup -- on the customer's side -- to point > server.customer.com to and address in ISP.com's domain, then this > appears straightforward. > > Is this what you're suggesting?
Yes. Remember, you typically have full control over forward lookups in yourdomain.com. So I could (for instance) point lrp.steinkuehler.net to www.whitehouse.gov, if I really wanted to. Your DNS server just translates arbitrary names in the domain you lease from the IANA to IP addresses...you control what IP addresses you want to map to various names. That being said, you may or may not be able to create a reverse DNS entry, although this shouldn't be too much of a problem. Your ISP 'owns' the IP range you're using (likely the range for both the point-point T1 and the /26 subnet they route to you). You'll have to talk to their DNS guru if you want reverse lookups of your IP's to say something other than their default (typically something like <ip>.city.bigisp.com). In general, as long as your ISP is actually running a valid reverse DNS for your IP range (lots of things will time out & cause delays if your IP doesn't reverse resolve), you probably don't need to worry about the reverse lookups... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
