On Wed, Jun 12, 2002 at 10:07:55AM -0500, Glover George wrote: > Yes I've come across this problem MANY MANY times before, and would > appreciate it if someone could explain exactly why this doesn't work. > For instance. I have 3 machines, a firewall/nat (linux), a linux > webserver and a windows machine behind it. Now I am serving a website > that is on the webserver behind the firewall, and it's dns stuff is > somewhere out on the internet. On my windows machine it resolves to the > public interface of the firewall. Why doesn't packets destined for that > machine realize that they must be sent to the webserver instead of out > on the public interface? I know it's because the DNAT rule is on the > prerouting of the external nic, but why doesn't simply putting a DNAT > rule on the internal work as well?
Think logically. It's very obvious why it doesn't work. http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html Ramin > > The only way for me to get this working is to run bind 9 and set up two > different views, to resolve different ip addresses whether you're on the > internet, or in my internal network. But this is a hack, and everytime > I add someones website, I have to make changes to both views on the DNS > server to get it to work, for every host in that new domain. It seems > like there should be an easier way, as I'm sure a LOT of people on this > list come across the same problem before. > > May not be possible with the current nat framework, but was just > wondering if someone could elaborate on it. As always, thanks in > advance. > > Glover George > Systems/Networks Administrator > Gulf Sales & Supply, Inc. > [EMAIL PROTECTED] > (228)-762-0268
