[ previous ] [ next ] [ threads ]
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  "'Justin Reid'" <justinreid at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Accessing NATed service from LAN - is it coming?
 Date:  Tue, 2 Aug 2005 23:09:07 +0100
I said:
> > How you handle that is defined in apache's conf file. I think it's 
> > called "UseCanonicalName"

You said:
> Yes, I have that set to my outside URL so people who connect 
> from the outside get the correct IP info. If it was set to 
> the internal ip, nothing would work outside the LAN.

Maybe we're crossing wires here, but that's not what the setting in question
does. It's an on/off option. In the On configuration, apache will *always*
return the host/port specified in the conf file. If it's turned off, apache
will try to respond with headers in line with requests made to it.

However, looking at what you've said here, I don't think it really matters:

> If I tell m0n0wall to override my URL with the internal ip, 
> would the web browser re-lookup the DNS info everytime the 
> webserver returns the outside URL? If it does re-lookup, then 
> m0n0wall would override each request. If that works, I am set.

It'll work fine if you set m0n0wall to override the DNS lookup for your url.
It doesn't work quite as you've specified - most systems will cache
successful DNS lookups for a given time period, but the only scenario I can
see you having problems with is if you have client machines jumping from
behind m0n0wall (gets internal IP) to outside m0n0wall (gets true external
IP) in a short timeframe.

I'd be inclined to make sure Canonical Names are off anyway - it'll work
better if you've got people accessing the webserver by IP address rather
than by url for whatever reason.


C.M. Bagnall, Director, Minotaur I.T. Limited
Tel: (07010) 710715   Mobile: (07811) 332969   Skype: minotaur-uk
ICQ: 13350579   AIM: MinotaurUK   MSN: msn at minotaur dot cc   Y!: Minotaur_Chris
This email is made from 100% recycled electrons