On Thu, Oct 02, 2003 at 03:33:01PM -0400, George Georgalis wrote: >So the question again, is there some way to access local services via >internet dns names. In the past I just had a local dns server with the >domains mapped to the local static LAN ip addresses. I'm trying to avoid >that and use one set of dns records. (don't want a new physical dmz >either) > >The only way I see it as possible is through SNAT (ie 'reverse >masquerading') the local ip as it leaves the firewall for the server, >but then the source ip is lost in web logs.:-\ >
Bah, the only way is with dns. I just added these lines to my tinydns data: %lo:192.168.1 %lo:127 .domain.tld:192.168.1.50::::lo .38.37.36.35.in-addr.arpa:192.168.1.50::::lo =host.domain.tld:11.22.33.44 =domain.tld:35.36.37.38 +www.domain.tld:35.36.37.38 +*.domain.tld:192.168.1.21 and put '192.168.1.50' in the following files: dnscache/root/servers/38.37.36.35.in-addr.arpa dnscache/root/servers/domain.tld and all is perfect. my dns cache knows to use my local dns server for domain.tld or 35.75.10.35.in-addr.arpa (which only answers those domains for requests from the LAN and lo), host.domain.tld and www.domain.tld are hard coded to to their respective internet IPs and *.domain.tld resolves to the lan server. All a and ptr lookups work as they should; the reason I didn't want to do this in the first place is: if ip changes in the '=' lines, I'll need to change the main server _and_ this one. // George -- GEORGE GEORGALIS, System Admin/Architect cell: 646-331-2027 <IXOYE>< Security Services, Web, Mail, mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.domain.tld/george -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]