[pmfirewall] ipforwarding internal-itnernal

Date view	Thread view	Subject view	Author view

From: alaxa@usa.net
Date: Wed May 16 2001 - 15:49:20 PDT

Next message: Hector Riquelme L.: "Re: [[pmfirewall] ipforwarding internal-itnernal]"
Previous message: John Breen: "Re: [pmfirewall] $OUTERIF"

sorry for my delay and thanks for your quick answers..
I didn't spoke about details because I don't like reading very long posts so I
can imagine if you are reading my one if it is long :^)

so my network is so configured:

  the internet
        |-------> eth0 __.-----------.
                 62.x.y.z |linux-fwall|----eth1
                           '-----------' 192.168.1.1
                                           |
                                           |
                     internal PC network --| .-----------------.
                                           '-----| Win2k WWW 'n DNS|
                                                 | 192.168.1.100 |
                                                 '-----------------'
I hope the draw is clever enough..
so the web and the DNS is internal. The DNS serves other domain that we
hosts and some outer PC client like the linux box (which is a virtual domain
mail too)
The Web server is for some domains we host..many of them point to 62.x.y.z IP
(eth0 on linux) and then are porforwarded to the WEB server
Now, all is working: the internet can see my DNS and WWW, and the internal
clients can browse the internet trhough IP MASQUERADE.
So I used Ipchains+MAsquerading+Ipmasqadm

Now the trouble is that if I own www.foo.com no internal PC client can
connect to that site (we host and make maintance to web sites so my request of
browsing to site I own is correct :^) because they are resolved as 62.x.y.z
instead of 192.168.1.100
I know that ipmasqadm cant port forward this request because it's generated
from the internal..
..and now i'm looking for a nice solution :^)
I found these:
1) put the web server external to the firewall :^)
2) modify the hosts file in each client putting an entry like
    192.168.1.100 www.foo.com
  but doing so we can only set a www and not a domain
3) use the linux's DNS for resolving those guest domain internally as
    192.168.1.100 -but this is trivial also because it should be done
    by "windows-ed minds" :^)

any ideas?

thanks again
alaxa

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe pmfirewall"
* in the message body to majordomo@pointman.org. Please direct other
* questions, comments, or problems to pmfirewall-owner@pointman.org.
*
* Need answers fast? Check the list archive located at:
* http://www.pointman.org/PMFirewall/list-archive/
*

Next message: Hector Riquelme L.: "Re: [[pmfirewall] ipforwarding internal-itnernal]"
Previous message: John Breen: "Re: [pmfirewall] $OUTERIF"

Date view	Thread view	Subject view	Author view

This archive was generated by hypermail 2b29 : Sun Jun 10 2001 - 02:41:37 PDT