[ previous ] [ next ] [ threads ]
 
 From:  Vince Van De Coevering <vpv at figaros dot com>
 To:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] accessing own web server
 Date:  Fri, 11 Mar 2005 12:54:06 -0800
I deal with this issue using the zones feature in bind.

I have an internal zone that listens on and returns 192.x.x.x names and I
have an external zone that answers with the public IP addresses.  

Vince Van De Coevering
IT Manager
Figaro's Italian Pizza, Inc.
503-371-9318 x216
vpv at figaros dot com

> -----Original Message-----
> From: Adam Gibson [mailto:agibson at ptm dot com] 
> Sent: March 11, 2005 11:36 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] accessing own web server
> 
> 
> Does anyone know if this a limitation of ipfilter on BSD or 
> just the way 
> m0n0wall sets up the filter rules?  I know that iptables on Linux can 
> work so that the outside firewall IP will be nated from outside 
> connections and connections from the LAN segment using DNAT 
> because that 
> is how I had some firewalls setup before.  It would obviously be nice 
> not needing to set DNS overrides for services placed on a 
> service network.
> 
> Vincent Fleuranceau wrote:

> > 
> >> My server (192.168.3.10) is wired to the LAN input 
> (192.168.3.3) of 
> >> m0n0wall.  When I try to access my web page 
> (http://www.azadian.ch/) 
> >> from my server, I land on the m0n0wall GUI.  After putting the 
> >> appropriate entries in DNS forwarder, there's no problem from the 
> >> other machines on my LAN.  How can I fix the problem of 
> access from my 
> >> server to my server?
> >>
> > 
> > You can't reach a NATed service from a NATed host. This is 
> a know (and 
> > DOCUMENTED!) issue.
> > 
> > You can only reach it via its NATed IP, i.e. 192.168.3.10 
> (and 127.0.0.1 
> > from the server itself, of course).
> > 
> > Go to the DNS forwarder page and add an entry for your 
> server in order 
> > to override the results from the DNS forwarders.
> > 
> > Use the following:
> > 
> >   Host = www
> >   Domain = azadian.ch
> >   IP = 192.168.3.10
> > 
> > 
> > -- Vincent
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>