Date: Wed, 11 Jul 2001 10:25:02 -0700 From: "matt" <matt-l@pacbell.net> To: "Peter Brezny" <peter@sysadmin-inc.com>, <freebsd-net@freebsd.org> Subject: Re: need help with divert to avoid dual dns..is it possible? Message-ID: <003f01c10a2e$6ccb4a00$6503c23f@XGforce.com> References: <NFBBKAEAALGGGFKINBLAOEEFCBAA.peter@sysadmin-inc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, if ipfw cann't do the work, you can check out ipfilter module as well. It's a bit different in nat code. ====================================== WWW.XGFORCE.COM The Next Generation Load Balance and Fail Safe Server Clustering Software for the Internet. ====================================== ----- Original Message ----- From: Peter Brezny <peter@sysadmin-inc.com> To: <freebsd-net@freebsd.org> Sent: Wednesday, July 11, 2001 9:49 AM Subject: need help with divert to avoid dual dns..is it possible? > I'm trying to come up with a way to avoid having to run an internal and an > external dns for our network. > > Here's the basic layout. > > primary +--private LAN 1 > router | > internet --- ipfw with nat --+--private LAN 2 > | > +--private LAN 3 > > > Each of these private LAN's have public services run on boxes with a static > nat address assigned to them from the primary ipfw with nat box. > > So if someone wants to browse a web hosted on private LAN 1 from the public > internet, no problem, the dns points them to the public ip on the primary > router designated to static nat to a box on private LAN 1. > > However, if someone on private lan2 makes the same request, using the public > DNS, the packet never arrives because it never goes through the external > interface on the primary router and therefore does not get translated to the > private ip on the destination box. > > To overcome this problem, I've created an internal dns that points requests > made from within the private LAN space direct to the private ip's of the > boxes hosting the public services. > > However, I'd like to eliminate this requirement. > > I attempted to work something out with the ipfw fwd action, but I don't > think I really understand how fwd works and I'm guessing it's not really > meant to do what I'm after. > > The other thought I had was to run a second instance of natd on the internal > interface with the -redirect_address option and a specific list of static > nat redirects in internal_natd.conf, however, I don't want public packets > source ip's translated to the internal interface ip as they leave the > internal interface headed for the private networks. > > Is there another flag, similar to -unregistered_only where I could specify > that natd translate _only_ addresses coming into the internal interface > bound for specific addresses listed in natd.conf for static nat? > > OR... > > is there another way to do this without using a divert socket, something > just within ipfw. > > Thanks a lot for taking the time to read through all this. > > Peter Brezny > SysAdmin Services Inc. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003f01c10a2e$6ccb4a00$6503c23f>