[Gllug] Can't connect to apache locally
Sean Burlington
sean at uncertainty.org.uk
Mon Oct 25 18:35:22 UTC 2004
Russell Howe wrote:
>
> What needs to happen is that at the same time as performing DNAT, the
> firewall performs SNAT to its internal address (let's say it's
> 10.0.3.1). This way, the packet leaves the firewall destined for
> 10.0.3.131, with a source address of 10.0.3.1. The web server replies to
> 10.0.3.1, and the firewall rewrites the source address of the packet to
> be 1.1.1.1 before forwarding to 10.0.3.100.
>
> Whew. Hope that made sense :)
>
> The main disadvantage here is that all traffic to the web server has to
> go through the firewall, even if it's from a machine on the same segment
> as the web server. That could place a limit on throughput and also
> increase the load on the firewall, so you may want to make foo.url.com
> resolve to the internal address for hosts within your network. If you
> run a bind nameserver, you can do this using zones in more recent
> versions of bind.
>
I have a similar issue - I was thinking I would have to change all
machines on our network to query an internal DNS server ...
..are you saying that I can get bind to return different ip addresses
for the same name depending on the orgigin of the request ?
this would be very usefull - could you point me at the relavent
documentation
--
Sean
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list