Re: web server in DMZ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Just create SNAT to that webserver so that whenever they try to go to the external address it get mangled and visible via its internal IP. Or you could play with advance routing wihch is a pain in this case.

Jason Opperisano wrote: 
On Tue, 2004-09-28 at 10:44, hamals@xxxxxxxxxxx wrote:

well I think this is a very good solution, but I can't understand the following:

hosts in my LAN go in internet with a snat using x.x.x.50 ip address, and everythings is working; my web server is accessible from outside, then why my inside hosts can't access to him (with x.x.x.50 IP)? my hosts should see my web server like any web server on the net....right?
what is wrong in this concept? 


routing.  there's nothing "wrong" with the concept; it's just that when
you want to alter how normal routing works, you need to understand it in
order to break it.

-j


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux