On 2/23/11 8:56 AM, Paolo Andretta wrote: > On Wed, 23 Feb 2011, Tom Eastep wrote: > >>> I have a server in my DMZ. >>> I configured it with a DNAT rule and added the IP to the >>> /etc/shorewall/masq so it is acccessible from the Internet and it is see >>> with its public IP. No problem on this. >>> If I try to connect to www.mydomain.com from the server itself, it doesn't >>> work. >>> I have IP_FORWARDING=On in shorewall.conf >>> >>> Tried with shorewall 4.4.11.6 and 4.4.16.1. >>> >>> The firewall box is a ProxMox VE and the server is a KVM based VM in the >>> same ProxMox box. >>> >>> Any hints? >> >> Put an entry for the server in its own /etc/hosts file. > > I currently put entries like: > > 192.168.a.b www.mydomain.com > 192.168.a.b mydomain.com > .... > > in the server's /etc/hosts (VM), but I am searching for a better > solution. > Having many hosts with some VM that also have many vhosts on it the > /etc/hosts solution don't seems the better :-) >
The available solutions in preferred order are: a) Don't use NAT - use Proxy ARP instead. b) Use split DNS c) Use Hosts file d) Miserable kludge using Netfilter The last is horrible solution because it routes traffic from a host to itself through a second host. That is pure madness. Plus, it makes that traffic appear to come from the second host!!!!! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
