Gentoo Archives: gentoo-user

From: Daniel <danstemporaryaccount@×××××.ca>
To: "list: gentoo-user" <gentoo-user@l.g.o>
Subject: [gentoo-user] Split DNS is not enough
Date: Mon, 29 May 2006 20:51:48
1 A while back I ran into the old problem. Machines X and Y have
2 unrouteable IPs and all traffic is NAT'd through the firewall. Then
3 one day, Machine X does a lookup for and can't get to it
4 because it resolves to the external IP and the firewall won't route
5 things that way.
7 The solution I found was to create a local DNS server which resolves
8 things to the local IPs and I did just that: created a split-dns system
9 so that external queries returned external results and internal queries
10 returned internal ones.
12 But today I ran into an ugly problem. We have a authenticated proxy
13 behind our firewall in our remote NOC which works just fine to visit
14 other sites, but of course, not our own as the remote client does a DNS
15 lookup locally and gets the public IP, then asks the proxy to grab
16 it... see the above problem. Here's a diagram for what's going on:
18 Office LAN -> Office FW --INTERNET-> NOC FW -> NOC Proxy
19 -> NOC Webserver
21 So what do you do in this situation? Is there an iptables rule I can
22 impliment to route the traffic accordingly or am I S.O.L.?
24 --
25 Never let sentiment get in the way of your work
26 - Garek, Star Trek Deep Space Nine
27 --
28 gentoo-user@g.o mailing list