On Mon, 23 Aug 2004 18:09:16 -0400, Travis Fraser <travis@xxxxxxxxxxxxx> wrote: > On Mon, 2004-08-23 at 17:29, Mike Burger wrote: > > On Mon, 23 Aug 2004, Rodolfo Alcázar wrote: > > > > > From: "Mike Burger" <mburger@xxxxxxxxxxxxxxxxx> > > > > > > > On Mon, 23 Aug 2004, Rodolfo Alcázar wrote: > > > > > > > > > > Errr, this is a classic case for a split DNS setup, you need to setup > > > > > > DNS to point to it's DMZ interface on/within the firewall, or just add > > > > > > it in the hosts file, don't try to connect to the external interface > > > > > > and use the NAT, it don't work that way. I could be wrong. > > > > > > > > > > > > Yang > > > > > > > > > > Thanks, Yang. I didn´t heard about split DNS setup. I will try it. Best > > > > > regards. > > > > > > > > In the meantime, you can use something like this (I used this until split > > > > DNS came into play on my network): > > > > > > > > $IPTABLES -t nat -A PREROUTING -i internal-interface -d > > > your.external.ip.address -j DNAT --to your.internal.destination.IP > > > > $IPTABLES -t nat -A POSTROUTING -o internal-interface -d -s > > > your.internal.netowrk/netmask -j SNAT --to firewall's.internal.ip.address > > > > -- > > > > Mike Burger > > > > http://www.bubbanfriends.org > > > > > > Thx, mike. This is the solution I was expecting for, but I think the split > > > DNS is my right answer. I will do the same as you, use this rules in the > > > meantime. Best regards. > > > > Happy to help. > > > > If you need an example of a split DNS config, let me know. I'm using it, > > now, in lieu of the routing routing option. > > -- > > Mike Burger > > Hi Mike, > > I would like to see the split-DNS config. This thread is very timely for > me as I am setting up the exact arrangement in my network. > > Thanks, > Travis Fraser > hi, A simple split dns configuration really is just using your internal DNS as the primary and some external public DNS as the secondary in the DNS name resolving order. #/etc/resolv.conf domain mydomain.com nameserver xxx.xxx.xxx.xxx (my internal dns with private LAN info only) nameserver xxx.xxx.xxx.xxx (some external public DNS for public name resolution) the catch is you setup the internal DNS zone recrods using the internal IP of servers so you do not resolve them with external IPs they might be NATed with on the public DNS server. DO NOT allow any external hosts to query the same DNS server for your domain! and for anything else, you can either setup the same server for forwarding or failover to the configured secondary public server to do the name resolution. Yang