Hello,
Martijn Lievaart a écrit :
There are several ways you can make this work.
1) When packets from $local_lan arrive destined for the webserver, not
only DNAT them, but SNAT them as well to an ip of the firewall. The
disadvantage is that the webserverlogs will not acurately report the
source address for these connections. This is probably what the linksys
did.
Hint : using NETMAP to do the source NAT, you can do a 1:1 mapping so
you can retrieve the original source address.
[...]
6) Probably lots of other solutions I didn't think about.
If you access the server by name instead of by IP address :
7) Put the private address and the name in the /etc/hosts file of your
workstations. Quick and dirty, does not scale.
8) Set up a "split DNS" server so the internal requests receive the
private address and the external request receive the public address.
