RE: [m0n0wall] can't access to a domain name which is hosted in my LAN

From:	"James W. McKeand" <james at mckeand dot biz>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] can't access to a domain name which is hosted in my LAN
Date:	Mon, 17 Jan 2005 11:46:18 -0500

Seth Rothenberg wrote:
> I have a question on this,
> and the resolution of this problem may
> answer my question.
> 
> I have a web/dns server in my LAN.  Before m0n0wall
> I learned how to use the local DNS first, and
> the ISP's DNS's after, and built zones into the local DNS,
> so that queries from the LAN got the LAN address,
> but queries from elsewhere got the firewall address.

If you can get a DNS to respond to queries from LAN subnet with LAN
IPs and queries from *ALL OTHER* IPs with WAN/DMZ IPs you are a better
man than I... I do not think this can be done with Microsoft DNS -
maybe with BIND... Question: is your LAN DNS authoritative for the
domain? i.e. if I do a whois query will your LAN DNS be listed? 
 
> However, I was thinking with DMZ on m0n0wall, there
> might be another way.  Would like to know...
> 
> Say LAN 10.248.126.0/24  and DMZ 10.248.0.0/24, WAN 216.220.123.45
> Would it be possible to have NAT between LAN and DMZ,
> just as we do between the WAN and DMZ?
> 
> so,
> from WAN port 80@216.220.123.45 => 10.248.0.199   AND
> from LAN port 80@216.220.123.45 => 10.248.0.199

Don't know...

_________________________________
James W. McKeand