Re: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Tom Eastep
--On Tuesday, February 25, 2003 12:11:12 PM -0600 Troy Aden [EMAIL PROTECTED] wrote: My set up is as follows: Internet eth0 -192.139.*.* - ISP's DNS resolves to http://eros.myisp.com Eth0 eth1 =(LOC zone)- 192.168.1.26 LOC windows box Eth0 --- eth2 =(DMZ zone)- 192.168.2.26 DMZ

Re: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Brad Fritz
Troy, On Tue, 25 Feb 2003 12:11:12 CST Troy Aden wrote: My set up is as follows: Internet eth0 -192.139.*.* - ISP's DNS resolves to http://eros.myisp.com Eth0 eth1 =(LOC zone)- 192.168.1.26 LOC windows box Eth0 --- eth2 =(DMZ zone)- 192.168.2.26 DMZ Linux server I have my

Re: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Ray Olszewski
At 12:11 PM 2/25/2003 -0600, Troy Aden wrote: My set up is as follows: Internet eth0 -192.139.*.* - ISP's DNS resolves to http://eros.myisp.com Eth0 eth1 =(LOC zone)- 192.168.1.26 LOC windows box Eth0 --- eth2 =(DMZ zone)- 192.168.2.26 DMZ Linux server I have my rule set set up so that

Re: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Tom Eastep
--On Tuesday, February 25, 2003 01:45:58 PM -0500 Brad Fritz [EMAIL PROTECTED] wrote: The recommended approach, e.g. per Shorewall FAQ #2 [1], is to setup a DNS server that answers requests from the LAN and is (locally) authoritative for the domain eros.myisp.com . Brad -- that is my

Re: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Tom Eastep
--On Tuesday, February 25, 2003 10:56:32 AM -0800 Tom Eastep [EMAIL PROTECTED] wrote: Brad -- that is my recommendation for a local server. For a server in the DMZ, it is a lot easier to just construct a second DNAT rule as described in the three-interface QuickStart guide. Although I suppose

RE: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Troy Aden
:Re: [leaf-user] DMZ question Bering 1.1 At 12:11 PM 2/25/2003 -0600, Troy Aden wrote: My set up is as follows: Internet eth0 -192.139.*.* - ISP's DNS resolves to http://eros.myisp.com Eth0 eth1 =(LOC zone)- 192.168.1.26 LOC windows box Eth0 --- eth2 =(DMZ zone)- 192.168.2.26 DMZ Linux

RE: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Tom Eastep
--On Tuesday, February 25, 2003 01:09:30 PM -0600 Troy Aden [EMAIL PROTECTED] wrote: I am sorry. I was unclear. The real address is http://eros.vcomrf.com You will get a password prompt. Then the procedure described in the three-interface guide DOES apply here. -Tom -- Tom

Re: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Brad Fritz
Tom, On Tue, 25 Feb 2003 11:06:23 PST Tom wrote: --On Tuesday, February 25, 2003 10:56:32 AM -0800 Tom Eastep [EMAIL PROTECTED] wrote: Brad -- that is my recommendation for a local server. For a server in the DMZ, it is a lot easier to just construct a second DNAT rule as described

RE: [leaf-user] DMZ question Bering 1.1

2003-02-25 Thread Bihari, Steve
Troy, The easiest way to accomplish this is to setup an internal DNS and resolve eros.myisp.com to its internal IP 192.168.2.26 This DNS would then have a forwarder pointing to your external DNS for names it cannot resolve locally. Or, if this is your only requirement, I'd just add an entry in