Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 10 Jul 2003 07:52:25 +1000 (EST)
From:      <keith@smmc.qld.edu.au>
To:        <mwoodson@sricrm.com>, <freebsd-questions@freebsd.org>
Cc:        keith@smmc.qld.edu.au
Subject:   Re: IPNAT... internal server what-to-do
Message-ID:  <1376.203.220.88.53.1057787545.squirrel@localhost.smmc.qld.edu.au>
In-Reply-To: <200307091343.00275.mwoodson@sricrm.com>
References:  <1324.203.220.88.53.1057782192.squirrel@localhost.smmc.qld.edu.au> <200307091343.00275.mwoodson@sricrm.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks Mark,
The gateway is a dns server so I guess that is not a caching dns server.
I have a 4.7 system squid proxy machine on the inside which is the gateway
for the lan (then its gateway is the firewall)
Can I install the caching dns on it maybe?
Hints?
Thanks again (yet again Freebsd questions people rock)
Keith

> On Wednesday 09 July 2003 01:23 pm, keith@smmc.qld.edu.au wrote:
>> Hi all.
>> On my 4.7 system, I have ipfilter and ipnat.
>> I have several "live" ips aliased to my external ADSL interface. Some
>> of these are mapped into private internal ips. So far so good. All
>> works fine from outside. But if I want to reach one of the internal
>> servers from inside...eg www.smmc.qld.edu.au...the client  hangs
>> looking. Here are some of my rules:
>> ======8< snip=============================
>>
>> map fxp0 10.0.0.0/21 -> 0/32  # <---OK maps internal getting out fine!
>>
>> #www server
>> rdr fxp0 210.15.203.195/32 port 80 -> 10.0.0.7 port 80
>> rdr dc0  210.15.203.195/32 port 80 -> 10.0.0.7 port 80 #<---No worky!
>>
>> ======8< snip=============================
>> I can figure there is a problem with this but dont have a clue how to
>> fix it I want to use fqdns inside not local ip addrs. It is more
>> convenient for users. BTW the ip address works fine...just the rdr or
>> lookup stuff is faulty
>
> There isn't really a way to do this currently.  (that was with 3.4.16 as
> I  remember perhaps support has been added now) because ipnat redirects
> from the  _outside_ interface to the inside and you want the inside
> reflected back  inside.  Not what it's meant to do.
>
> The easiest thing I can think of is to create a dummy dns entry on the
> local  machines or the caching dns server (if you have one) that points
> to the  10.0.0.7 address.
>
> -Mark

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1376.203.220.88.53.1057787545.squirrel>