Karsten Jeppesen <kars...@jeppesens.com> wrote: > Your browser accesses my webserver. OK
> Amongst the things happening there is a serverside script or whatever > who will supply java or javascripts running on your browser with data on > where to find additional data on my server. OK > Unfortunately the server > side script will resolve the server name finding 192.168.0.25 which it > happily will supply to the java or javascript running on your browser > which now makes the java or javascript running on your browser try to > retrieve data from 192.168.0.25 Oops ! > Successful or not - I have a hard time believing that you can access my > server that way. You are correct to question that - because clients accessing it from outside will not be able to ! However, an *INTERNAL* client should be able to access the server by it's internal address if the internal address is what you return. If you fix the broken script and return the (virtual) host name then it'll work fine - clients from outside will get the host name, resolve it and get the public IP; clients from inside will get the hostname, resolve it and get the internal IP. I specifically mentioned virtual hostname since many of my servers run multiple virtual hostnames as far as the webserver is concerned - if you access them by IP then you won't get the right site (you'll get the default site, which in many cases has a redirect to our main site by name). > So thats why split dns doesn't hold the answer to all questions in this > universe. Yes, you can always find ways to break things. If your server side script is returning an IP address, then it's been written by an idiot lacking in basic network awareness - OR it's been written properly and configured badly. In general, embedding IP addresses in stuff like this is "not a good idea". If you only ever use the host name, you can renumber the network, move stuff around, and as long as you keep the DNS in sync then everything keeps working. When you embed IP addresses, you then have to find all the instances where it's stored and fix them all - this quickly becomes a "non trivial" task. I've been involved in several network renumbers over the years (and suspect a couple more just over the horizon) - trust me on this, you don't want to make it harder than it needs to be ! The fact that the router is also broken is another matter, I've lost count of the number of "interesting" ways the vendors have come up with for making life more complicated than it needs to be. ------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
