| 1 |
A while back I ran into the old problem. Machines X and Y have |
| 2 |
unrouteable IPs and all traffic is NAT'd through the firewall. Then |
| 3 |
one day, Machine X does a lookup for mysite.com and can't get to it |
| 4 |
because it resolves to the external IP and the firewall won't route |
| 5 |
things that way. |
| 6 |
|
| 7 |
The solution I found was to create a local DNS server which resolves |
| 8 |
things to the local IPs and I did just that: created a split-dns system |
| 9 |
so that external queries returned external results and internal queries |
| 10 |
returned internal ones. |
| 11 |
|
| 12 |
But today I ran into an ugly problem. We have a authenticated proxy |
| 13 |
behind our firewall in our remote NOC which works just fine to visit |
| 14 |
other sites, but of course, not our own as the remote client does a DNS |
| 15 |
lookup locally and gets the public IP, then asks the proxy to grab |
| 16 |
it... see the above problem. Here's a diagram for what's going on: |
| 17 |
|
| 18 |
Office LAN -> Office FW --INTERNET-> NOC FW -> NOC Proxy |
| 19 |
-> NOC Webserver |
| 20 |
|
| 21 |
So what do you do in this situation? Is there an iptables rule I can |
| 22 |
impliment to route the traffic accordingly or am I S.O.L.? |
| 23 |
|
| 24 |
-- |
| 25 |
Never let sentiment get in the way of your work |
| 26 |
- Garek, Star Trek Deep Space Nine |
| 27 |
-- |
| 28 |
gentoo-user@g.o mailing list |
Archives