1 |
A while back I ran into the old problem. Machines X and Y have |
2 |
unrouteable IPs and all traffic is NAT'd through the firewall. Then |
3 |
one day, Machine X does a lookup for mysite.com and can't get to it |
4 |
because it resolves to the external IP and the firewall won't route |
5 |
things that way. |
6 |
|
7 |
The solution I found was to create a local DNS server which resolves |
8 |
things to the local IPs and I did just that: created a split-dns system |
9 |
so that external queries returned external results and internal queries |
10 |
returned internal ones. |
11 |
|
12 |
But today I ran into an ugly problem. We have a authenticated proxy |
13 |
behind our firewall in our remote NOC which works just fine to visit |
14 |
other sites, but of course, not our own as the remote client does a DNS |
15 |
lookup locally and gets the public IP, then asks the proxy to grab |
16 |
it... see the above problem. Here's a diagram for what's going on: |
17 |
|
18 |
Office LAN -> Office FW --INTERNET-> NOC FW -> NOC Proxy |
19 |
-> NOC Webserver |
20 |
|
21 |
So what do you do in this situation? Is there an iptables rule I can |
22 |
impliment to route the traffic accordingly or am I S.O.L.? |
23 |
|
24 |
-- |
25 |
Never let sentiment get in the way of your work |
26 |
- Garek, Star Trek Deep Space Nine |
27 |
-- |
28 |
gentoo-user@g.o mailing list |