[ previous ] [ next ] [ threads ]
 
 From:  Gordon Day <gordon at deepcovelabs dot com>
 To:  matthew at mksolutions dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] DMZ / DNS questions
 Date:  Fri, 14 Jan 2005 15:39:59 -0800
Mathew, you should have no problem accessing a host in the DMZ as long 
as the lookup for the host address by one of the LAN clients resolves to 
the DMZ address of the web server (NOT the public address).  You can 
accomplish that in a number of ways, but the simplest is to:
1. Go to the "DNS forwarder" section of the m0n0wall GUI and add an 
entry for your web server using its DMZ address.
2. Set up your LAN clients to use m0n0wall as the DNS server. 
3. Enter the address of your DMZ DNS server in the "General Setup" 
section of the m0n0wall GUI.
4. Add the appropriate rule(s) to allow traffic from the LAN to the DMZ 
server (only if you don't allow all traffic to flow out of your LAN by 
default)

Cheers,

Gordon.

Matthew Steinblock wrote:

>Would someone be interested in looking at this for me.  I will pay
>accordingly.  I dont quite understand how to configure the firewall so
>the LAN recognizes the domain names hosted in the DMZ. 
>
>Thanks!
>
>Matthew Steinblock
>  
>
>----------------------------------------
> From: Chris Buechler <cbuechler at gmail dot com>
>Sent: Thursday, January 13, 2005 11:11 PM
>To: matthew at mksolutions dot net
>Subject: Re: [m0n0wall] DMZ / DNS questions 
>
>On Thu, 13 Jan 2005 22:04:08 -0600, Matthew Steinblock
>wrote:
>  
>
>>I have a DNS server in the DMZ with the ip of 192.168.1.100. On that
>>    
>>
>same server a webserver is running. I am having a bit of confusion on
>how to hit that webserver in the LAN. First question, in the general
>setup, do I use the outside DNS servers.....or do I use the local
>192.168.1.100? Are there any other settings I need to adjust to make
>this work?
>  
>
>
>Doesn't really matter what you use on m0n0wall. It matters what you
>use on your clients. If that webserver is hosting www.example.com and
>public DNS points to the server's public IP, then machines on your LAN
>aren't going to be able to get to www.example.com. You'd need a DNS
>override for www.example.com pointing to 192.168.1.100.
>
>-Chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>

-- 
+1.604.689.8962
DeepCove Labs Ltd.
4th floor 595 Howe Street
Vancouver, Canada V6C 2T5