Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 21 Apr 2000 16:09:29 -0400
From:      "Matthew B. Henniges" <matt@axl.net>
To:        "Joseph Scott" <joseph.scott@owp.csus.edu>
Cc:        <freebsd-stable@FreeBSD.ORG>
Subject:   RE: nat redirection
Message-ID:  <KBEAJDGMGMDNDPICHDNHIEONEFAA.matt@axl.net>
In-Reply-To: <38FCE69F.23AEC923@owp.csus.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
Split DNS worked great. Thanks guys!

Matthew B. Henniges
CoPresident
Axl.net Communications
http://www.axl.net
(203) 552-1714

-----Original Message-----
From: scottj@pebkac.owp.csus.edu [mailto:scottj@pebkac.owp.csus.edu]On
Behalf Of Joseph Scott
Sent: Tuesday, April 18, 2000 6:50 PM
To: Matthew B. Henniges
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: nat redirection



"Matthew B. Henniges" wrote:
> 
> So far, so good. Heres the problem:
> 
> there are various DNS entries that point to 216.66.11.90 and 91.
> If one of the clients on 10.0.1.* tries to browse/ftp to one of these, it
> can't connect because the natd redirection to those only listens on the
> outside nic.
> 
> What is the best way to solve this problem?
> 
> My thoughts were:
> 
> 1. using some ipfw fwd rules... This seems to me like it should work,
> thought I was unable to get it working.
> 
> or
> 
> 2. give different replies to the 10.0.1 network than I give to everybody
> else..
> 
> Anybody have any ideas?

	I'm far from an expert on such matters, but I've been faced with the
same thing multiple times.  After reading through various lists I
believe that your "option 2" in generally considered the correct way
to deal with it.  That's how I've got one of our networks dealing with
it.

	In case you are searching list archives or something I believe the
term you want is "split dns".  The idea is simply that you have an
internal dns server resolving to your private 10.x.x.x network and an
external dns resolving to your outside ips.

	The general feelings from people dealing with these issues seems to
be that split dns is also usually the easiest way to deal with this,
even though it does involve running another box and maintaining two
sets of dns records.

-- 
Joseph Scott
joseph.scott@owp.csus.edu
Office Of Water Programs - CSU Sacramento



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KBEAJDGMGMDNDPICHDNHIEONEFAA.matt>