Re: [SOGo] Different Apache configuration for internal/external requests

Sun, 20 Jan 2013 01:57:33 -0800 

Am 20.01.2013 01:17, schrieb Holger A. Brinkhaus:

Hi all,

at the moment //etc/apache2/conf.d/SOGo.conf/ is configured for external
access (which works via DynDNS). This works fine but also means that
this is also used for my internal access. For this reason I am limited
to external bandwidth also for my internal accesses. Is there a
possibility to change this?

Best Regards
   Holger



Hi Holger,
what I suspect is happening in your case (at least it seemed to be like that in a setup here):
Internal access to Sogo: Packets sent to public IP address go to the DSL device, are forwarded to "the internet", go back - and such traverse the slow DSL line twice. A bit weird that the DSL device would not recognize its own external IP there... but I tracerouted it once.
You obviously have a server machine running locally, in the LAN. Is having a DNS server running on that feasible? What did the trick for us was using the Linux box as DNS-server for the LAN (be sure to configure the DHCP-server accordingly, or tell the DSL router to use that machine instead of the provider's DNS servers).
With the ISC BIND (well, there are others - I just know BIND best) you can allow recursive requests - that is a good idea for the local network. Don't necessarily set any forwarders there, the BIND can very 
well talk to the DNS root servers itself.

Also create a local "zone" for "myaccount.dyndns.org" with something like

myaccount.dyndns.org. 300 IN SOA .....
myaccount.dyndns.org. 300 IN NS myaccount.dyndns.org.
myaccount.dyndns.org. 300 IN A 192.168.55.5
myaccount.dyndns.org. 300 IN AAAA 2001:db8:fe24:2ff1::3705


This should make all DNS requests be answered normally except those
for the single DNS record of your dyndns name, for which your LAN clients are served the local IP address. The Apache will not need any special configuration as long as you don't have any IP-address based stuff in there but go through the FQDN in all cases.
You could still differentiate in Apache by the source IP address, if that is at all necessary. 

In my opinion this is not the most ideal solution, but far easier than
having a second FQDN, and also easier than f*ix*ing the routing tables.
DSL devices tend to be suckers when it comes to accessing their external
IP address from the internal LAN and forwarding ports to internal.

HTH
AMH
--
users@sogo.nu
https://inverse.ca/sogo/lists

Reply via email to