-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Talkington wrote:
>Dave Wreski wrote: > >>> Now, however, the systems behind the firewall can't access the sites >>> on the server...ie, workstation at 192.168.0.3 can't access any of the >>> sites hosted on 192.168.0.1, because the DNS entries for those sites >>> point them back outside the firewall...it would seem that, while the >>> outside world can get through the firewall to get the sites, with no >>> problem, the machines behind the firewall can't go outside the >>> firewall and then back in. >> >>Sounds like you'll need to create a separate domain to refer to your web >>server by the internal hosts, if I understand your problem correctly. > >Interesting puzzle. That was my thought, too, Dave, but I'm having >trouble seeing why there should be a routing problem as it is. The >hop will be all the way out (at least) to his ISP's router, but I'm >not sure I see why this is causing a problem, except for the obvious >performance hit. The NAT setup will just cause the router to think >that his client is trying to connect back to port 80 on itself, which >it should happily do. Duh. No, I'm loopy. The packet never leaves the network, because his gateway thinks it's a local destination. I see now that the problem is that the ruleset for forwarding back to the DNAT'ted server only works for connections hitting the external interface. What the OP needs, then, is some iptables tweaking to properly forward requests from the private net, and then it should work fine without DNS hassles. Yes? Or do I need still more coffee? - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - -- http://setiathome.ssl.berkeley.edu/pale_blue_dot.html -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPEiKrr9BpdPKTBGtEQI1MQCfX96f9cUJnGJ9+BYcouNVvqpxkRcAn1e9 MN4rlQv5OriXkU0ZJUi4sOdO =6MwF -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
