From owner-freebsd-stable Tue Apr 18 15:52:53 2000 Delivered-To: freebsd-stable@freebsd.org Received: from pebkac.owp.csus.edu (pebkac.owp.csus.edu [130.86.232.245]) by hub.freebsd.org (Postfix) with ESMTP id 24BF037B6EE for ; Tue, 18 Apr 2000 15:52:50 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Received: from owp.csus.edu (mail.owp.csus.edu [130.86.232.247]) by pebkac.owp.csus.edu (8.9.3/8.9.3) with ESMTP id PAA75093; Tue, 18 Apr 2000 15:52:41 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Message-ID: <38FCE69F.23AEC923@owp.csus.edu> Date: Tue, 18 Apr 2000 15:50:07 -0700 From: Joseph Scott X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en,pdf MIME-Version: 1.0 To: "Matthew B. Henniges" Cc: freebsd-stable@FreeBSD.ORG Subject: Re: nat redirection References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Matthew B. Henniges" wrote: > > So far, so good. Heres the problem: > > there are various DNS entries that point to 216.66.11.90 and 91. > If one of the clients on 10.0.1.* tries to browse/ftp to one of these, it > can't connect because the natd redirection to those only listens on the > outside nic. > > What is the best way to solve this problem? > > My thoughts were: > > 1. using some ipfw fwd rules... This seems to me like it should work, > thought I was unable to get it working. > > or > > 2. give different replies to the 10.0.1 network than I give to everybody > else.. > > Anybody have any ideas? I'm far from an expert on such matters, but I've been faced with the same thing multiple times. After reading through various lists I believe that your "option 2" in generally considered the correct way to deal with it. That's how I've got one of our networks dealing with it. In case you are searching list archives or something I believe the term you want is "split dns". The idea is simply that you have an internal dns server resolving to your private 10.x.x.x network and an external dns resolving to your outside ips. The general feelings from people dealing with these issues seems to be that split dns is also usually the easiest way to deal with this, even though it does involve running another box and maintaining two sets of dns records. -- Joseph Scott joseph.scott@owp.csus.edu Office Of Water Programs - CSU Sacramento To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message