Seth Rothenberg wrote:
> I have a question on this,
> and the resolution of this problem may
> answer my question.
> I have a web/dns server in my LAN. Before m0n0wall
> I learned how to use the local DNS first, and
> the ISP's DNS's after, and built zones into the local DNS,
> so that queries from the LAN got the LAN address,
> but queries from elsewhere got the firewall address.
If you can get a DNS to respond to queries from LAN subnet with LAN
IPs and queries from *ALL OTHER* IPs with WAN/DMZ IPs you are a better
man than I... I do not think this can be done with Microsoft DNS -
maybe with BIND... Question: is your LAN DNS authoritative for the
domain? i.e. if I do a whois query will your LAN DNS be listed?
> However, I was thinking with DMZ on m0n0wall, there
> might be another way. Would like to know...
> Say LAN 10.248.126.0/24 and DMZ 10.248.0.0/24, WAN 126.96.36.199
> Would it be possible to have NAT between LAN and DMZ,
> just as we do between the WAN and DMZ?
> from WAN port email@example.com => 10.248.0.199 AND
> from LAN port firstname.lastname@example.org => 10.248.0.199
James W. McKeand