From owner-freebsd-questions@FreeBSD.ORG Sat Mar 29 21:47:52 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7B5237B401 for ; Sat, 29 Mar 2003 21:47:52 -0800 (PST) Received: from chen.org.nz (chen.org.nz [210.54.19.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id E201143F93 for ; Sat, 29 Mar 2003 21:47:51 -0800 (PST) (envelope-from jonc@chen.org.nz) Received: from grimoire.chen.org.nz (localhost [127.0.0.1]) by chen.org.nz (8.12.8/8.12.8) with ESMTP id h2U5lk4l095503; Sun, 30 Mar 2003 17:47:46 +1200 (NZST) (envelope-from jonc@grimoire.chen.org.nz) Received: (from jonc@localhost) by grimoire.chen.org.nz (8.12.8/8.12.8/Submit) id h2U5liFe095502; Sun, 30 Mar 2003 17:47:44 +1200 (NZST) (envelope-from jonc) Date: Sun, 30 Mar 2003 17:47:44 +1200 From: Jonathan Chen To: jdroflet@canada.com Message-ID: <20030330054744.GA95421@grimoire.chen.org.nz> References: <20030329151110.7162.h006.c009.wm@mail.canada.com.criticalpath.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030329151110.7162.h006.c009.wm@mail.canada.com.criticalpath.net> User-Agent: Mutt/1.4.1i cc: freebsd-questions@freebsd.org Subject: Re: IPFW NATD access www server by name from the LAN side ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Mar 2003 05:47:56 -0000 On Sat, Mar 29, 2003 at 03:11:09PM -0800, jdroflet@canada.com wrote: [...] > > > How can I redirect traffic to the WWW server from the LAN side ? > > > Thanks, Jay. > > > > This is in the howto I followed (but I don't remember how)... there's > > about 5 good ones that can be found via google. > > Basically, you need to add a rdr rule to natd, if I remember correctly. > Thanks, I've spent some time google(ing) but haven't hit anything, if > anyone has some links it would be most appreciated. The most common solution is to run an internal DNS (which everyone on the inside uses) which maps the name to the internal address. If you run an authoritative DNS for your domain, the DNS which serves outside queries need to be separate from the one that handles internal queries. Alternatively, you can use BIND9's views feature to do the same thing as these 2 DNS servers. Cheers. -- Jonathan Chen ---------------------------------------------------------------------- "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." -- RFC 1925