DMZ hosts and PPTP VPN

From:	Ugo Bellavance <ugob at camo dash route dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	DMZ hosts and PPTP VPN
Date:	Mon, 18 Apr 2005 23:26:56 -0400

Hi,

	Here is my setup:

3 interfaces m0n0wall : WAN, LAN, DMZ

I'm using one-to-one NAT for my servers in the DMZ

PPTP server is a windows server in the LAN.

In the m0n0 doc it says that servers in the DMZ cannot be accessed from 
the LAN through their public IP address.

My solution: I use an internal DNS zone in my LAN so that when I request 
one of my servers, it gives me its private IP address.

It works, but not in PPTP VPN.  In VPN, it seems to only resolve my 
Active-directory-integrated zone, but no other zone.  For example, let's 
say my NT domain is local.com, I can get the IP address of 
server.local.com, but if I override example.com in a non-AD-integrated 
zone, I cannot resolve www.example.com when I'm connected via VPN.  So I 
get the public IP address of www.example.com when I request it and since 
my VPN is in the LAN, I cannot access the servers in the DMZ through 
their public IP address.

I will eventually use m0n0wall for my PPTP vpn, but I'd like to know if 
anyone has been in a similar situation.  Will it be different using the 
'pptp' interface?

Any insights?

Thanks,

Ugo