|
Machines in the outside world, can view my websites
fine, but whenever I try to go to one of them from a machine on my internal
network behind the firewall, neither the domain name nor the IP will
resolve. I also have the same problem with my mail server and have to use
the internal address of the mail server. I am going to guess that the best
solution to this is to run some kind of local DNS server on the inside of the
firewall which resolves all my sites internally, but since I don't have a server
at my disposal for it, is there some way around this? I had the
POSTROUTING MASQ line on and that did allow the internal machines to resolve,
but it also hid the originating address for any outside machine, thus creating a
security disaster.
-michael
*nat
:PREROUTING ACCEPT [241:88600] :POSTROUTING ACCEPT [0:9862] :OUTPUT ACCEPT [68:4275] -A PREROUTING -d 10.10.10.252 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.77.2 -A PREROUTING -d 10.10.10.252 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.77.2 -A PREROUTING -d 10.10.10.251 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.77.2 -A PREROUTING -d 10.10.10.250 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.77.2 -A PREROUTING -d 10.10.10.250 -p tcp -m tcp --dport 22 -j DNAT --to-destination 192.168.77.2 -A POSTROUTING -o eth0 -j SNAT --to-source 10.10.10.254 #-A POSTROUTING -o eth1 -j MASQUERADE COMMIT *mangle
:PREROUTING ACCEPT [18365:3221456] :INPUT ACCEPT [10886:760348] :FORWARD ACCEPT [7269:2438049] :OUTPUT ACCEPT [8009:752540] :POSTROUTING ACCEPT [15177:3182145] COMMIT *filter :INPUT ACCEPT [0:229546] :FORWARD ACCEPT [363:1553786] :OUTPUT ACCEPT [2:619341] -A INPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT -A INPUT -p tcp -j ACCEPT -A INPUT -p esp -j ACCEPT -A INPUT -p ah -j ACCEPT -A INPUT -i lo -j ACCEPT -A FORWARD -i eth1 -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 110 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 25 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 80 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth1 -p tcp -m tcp --dport 22 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT -A OUTPUT -p tcp -j ACCEPT -A OUTPUT -p esp -j ACCEPT -A OUTPUT -p ah -j ACCEPT -A OUTPUT -o lo -j ACCEPT COMMIT |
- Re: Internal machines can't resolve external addresses Michael Hudin
- Re: Internal machines can't resolve external address... Matthew Hellman
- RE: Internal machines can't resolve external add... Glover George
- Re: Internal machines can't resolve external... Ramin Alidousti
- Re: Internal machines can't resolve external... Antony Stone
- RE: Internal machines can't resolve exte... Glover George
- Re: Internal machines can't resolve... Ramin Alidousti
- Re: Internal machines can't res... Antony Stone
- Re: Internal machines can't... Ramin Alidousti
- RE: Internal machines can't... Glover George
- Re: Internal machines can't resolve external... George Georgalis
