External Resolved IPs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have a problem here, that maybe I can solve using DNS, but this can be
very bad and ugly
for me to maintain.

I have a internal network that uses a external DNS to solve addresses. I
also have some
servers in this internal network that can be accessed from outside via
aliases on NAT/FW
redirecting some ports to internal servers.

My problem is that, when I try to connect to a internal server, using the
external and real
IP, I cannot because my FW/NAT appears to be confused or misconfigured.

For example:

Internal Network: 172.16.48.0/24

My IP: 172.16.48.10
Server Internal IP: 172.16.48.20
* Both are on the same network

Server External IP: 200.180.180.20 (IP alias on FW/NAT machine, that
redirects to 172.16.48.20)
DNS name of Server: server.domain.com, points to 200.180.180.20

When I try to connect into server.domain.com from internal machines, DNS
resolves the external
IP and the connection to the real IP does not complete, since the packet
goes "out" of my network
and must "enter" again.

Here is a sample on how my iptables script is configured:

====================================================================

# server
iptables -t nat -A POSTROUTING -s 172.16.48.20 -j SNAT --to-source
200.180.180.20
iptables -t nat -A PREROUTING -s 0/0 -d 200.180.180.20 -j
DNAT --to-destination 172.16.48.20

# NAT for the rest of the world
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.48.0/24 -j SNAT --to-source
200.180.180.22

=====================================================================

I don't know how to better explain my problem... I hope someone understood
that...

Any idea on this ?

Thanks...

Herbert



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux