RE: Access to Internal server via public address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Can I ask why you want to access the internal server using the external
IP address?

To get around this for myself I setup a internal only DNS server inside
my network to resolve names to internal IP addresses.  This is separate
from my externally facing DNS server that is resolving my external IP
address to the DNS names.  This way all I need to do is access my
internal server via the DNS name instead of the IP address.

 

                                        
Chris Hoeschen 
Distributed System Analysts         
PrimeVest Financial Services                     
Phone: (320) 656-4035 
Fax: (320) 656-4088 
E-Mail: chris.hoeschen@xxxxxxxxxxxxx


"Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former."
  -- Albert Einstein 

Hippopotomonstrosesquippedaliophobia is the fear of long words 



-----Original Message-----
From: Antony Stone [mailto:Antony@xxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, December 10, 2003 2:26 PM
To: netfilter
Subject: Re: Access to Internal server via public address


On Wednesday 10 December 2003 8:16 pm, William Stearns wrote:

> Good afternoon, Vernon,
>
> On 10 Dec 2003, Vernon A. Fort wrote:
> > Anyone,
> >
> >   The Problem:  I have an alias public address DNAT'ed to and 
> > internal address - normal and working
> >
> >   What i need is to access this server using the PUBLIC address from

> > an internal workstation.

> 	If the client box and the internal server in question are on the
same 
> cable, you essentially can't do this direcdtly (but read on).
>
> 	Picture this as a triangle; the internal machines on the bottom,

> (client left, server right) and the firewall at the top.  The packets 
> physically all travel over the same Ethernet segment shared by all 
> three machines, I'm just demonstrating who's talking to whom.

Excellent answer, Bill.

I think this explains a common situation (and a common FAQ) in more
detail, 
and with more information, than I've seen before.   Hopefully it is
clear to 
a network non-expert as well (I don't use the term newbie here, because
once 
you've got DNAT working at all, you've clearly gone beyond that
stage...)

Your reply is (IMHO) worthy of a FAQ entry in itself.

Antony

-- 
What is this talk of "software release"?
Our software evolves and matures until it is capable of escape, leaving
a 
bloody trail of designers and quality assurance people in its wake.

                                                     Please reply to the
list;
                                                           please don't
CC me.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux