-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At some point hitherto, Rich C hath spake thusly: > > not NAT the client). Since the IP address is internal, the server > > sends the traffic to it directly, rather than back through the router. > > The client is expecting a reply from www.myhost.com, but the return > > traffic appears to come from 192.168.x.x instead of www.myhost.com, so > > the IP stack throws it out. > > > > Yes that makes sense.
Sure, but the *real* question is whether or not it's what's really going on! ;-) You might want to look at the traffic with a sniffer to be sure. > Thanks. The way we get around it here is to have a "DNS" entry in > the local hosts file for each machine: This will certainly do it, but I personally don't like maintaining config files on individual hosts when alternatives exist to allow one to make a change in one place, i.e. the DNS. An exception is when there is a mechanism in place to maintain master copies of such files, and distribute them automagically to all the hosts on the network. However, this can be accomplished quite nicely with BIND by running multiple instances of it, one for internal hosts and another for external hosts. You can even run these multiple instances on the same physical machine, by binding the several instances to different addresses, if need be. This isn't workable for every situation, but it should work nicely for multi-homed servers or servers that use IP aliasing. :) > This overrides the external reference for that host and uses the > internal IP address. Therefore, all references to > www.myhost.com/directory are resolved properly. Note that not all services will regard /etc/nsswitch.conf when resolving hosts. Sendmail is a notable exception... IIRC by default on Linux systems, it doesn't use /etc/hosts at all, and IIRC by default it also doesn't care about the nsswitch.conf file. I was given a rationale for this once, but I can't remember what it was. There is a way to make it use nsswitch.conf, via configuration option. But, as I recall, it must be set explicitly on Linux, where on other Unix-like systems it is used by default. - -- Derek Martin [EMAIL PROTECTED] - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8qgiYdjdlQoHP510RAuB1AJ4jwfeBQ8OYB8ncpYpxurReVT89HwCeNhv+ k4KLxugKobQqJwUjmc2YjUs= =Op7U -----END PGP SIGNATURE----- ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
