From owner-freebsd-questions@FreeBSD.ORG Wed Jul 9 14:52:45 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD5BC37B419 for ; Wed, 9 Jul 2003 14:52:41 -0700 (PDT) Received: from smmcroute.smmc.qld.edu.au (dsl-210-15-201-90.QLD.netspace.net.au [210.15.201.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9980A43FAF for ; Wed, 9 Jul 2003 14:52:39 -0700 (PDT) (envelope-from keith@smmc.qld.edu.au) Received: (qmail 6344 invoked by uid 89); 9 Jul 2003 21:52:25 -0000 Received: from unknown (HELO smmc.qld.edu.au) (127.0.0.1) by 127.0.0.1 with SMTP; 9 Jul 2003 21:52:25 -0000 Received: from 203.220.88.53 (SquirrelMail authenticated user keith) by localhost.smmc.qld.edu.au with HTTP; Thu, 10 Jul 2003 07:52:25 +1000 (EST) Message-ID: <1376.203.220.88.53.1057787545.squirrel@localhost.smmc.qld.edu.au> Date: Thu, 10 Jul 2003 07:52:25 +1000 (EST) From: To: , In-Reply-To: <200307091343.00275.mwoodson@sricrm.com> References: <1324.203.220.88.53.1057782192.squirrel@localhost.smmc.qld.edu.au> <200307091343.00275.mwoodson@sricrm.com> X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.11) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit cc: keith@smmc.qld.edu.au Subject: Re: IPNAT... internal server what-to-do X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2003 21:52:45 -0000 Thanks Mark, The gateway is a dns server so I guess that is not a caching dns server. I have a 4.7 system squid proxy machine on the inside which is the gateway for the lan (then its gateway is the firewall) Can I install the caching dns on it maybe? Hints? Thanks again (yet again Freebsd questions people rock) Keith > On Wednesday 09 July 2003 01:23 pm, keith@smmc.qld.edu.au wrote: >> Hi all. >> On my 4.7 system, I have ipfilter and ipnat. >> I have several "live" ips aliased to my external ADSL interface. Some >> of these are mapped into private internal ips. So far so good. All >> works fine from outside. But if I want to reach one of the internal >> servers from inside...eg www.smmc.qld.edu.au...the client hangs >> looking. Here are some of my rules: >> ======8< snip============================= >> >> map fxp0 10.0.0.0/21 -> 0/32 # <---OK maps internal getting out fine! >> >> #www server >> rdr fxp0 210.15.203.195/32 port 80 -> 10.0.0.7 port 80 >> rdr dc0 210.15.203.195/32 port 80 -> 10.0.0.7 port 80 #<---No worky! >> >> ======8< snip============================= >> I can figure there is a problem with this but dont have a clue how to >> fix it I want to use fqdns inside not local ip addrs. It is more >> convenient for users. BTW the ip address works fine...just the rdr or >> lookup stuff is faulty > > There isn't really a way to do this currently. (that was with 3.4.16 as > I remember perhaps support has been added now) because ipnat redirects > from the _outside_ interface to the inside and you want the inside > reflected back inside. Not what it's meant to do. > > The easiest thing I can think of is to create a dummy dns entry on the > local machines or the caching dns server (if you have one) that points > to the 10.0.0.7 address. > > -Mark