[ previous ] [ next ] [ threads ]
 
 From:  VinceV <vpv at ak7 dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: Port redirect
 Date:  Mon, 29 Jan 2007 17:48:07 -0800
This is a typical problem when hosting domains behind a Nat'd firewall.

There are several ways to solve this problem but I've had the best success
placing a DNS server behind the M0n0 to handle local name requests.

Your dyndns entries all point to the firewall and the port forwarding rules
deliver the packets to their proper location.  Mail and Web can point to the
same public IP address, the router will forward the packets.  Clients on the
public side of the firewall will resolve addresses based on the dyndns service.

Your internal DNS server will provide the appropriate IP for each of the servers
to all clients on the private side the firewall.  (Set the DHCP server to send
out that DNS server address).  You'll actually see some performance improvements
using this model as the DNS server will cache requests locally.

VinceV


Quoting Denis Witt <witt at cat06 dot de>:

> Re All,
> 
> maybe i should specifize a bit more what i want, first my setup:
> 
> m0n0 is reachable through example.dyndns.org
> 
> Behind m0n0 there are two servers:
> 
> 192.168.1.2 => Mail (pop3, smtp)
> 192.168.1.3 => https
> 
> There are following ports open:
> 
> 443 => 192.168.1.3
> 110, 25 => 192.168.1.2
> 
> DNS Forwarder is:
> 
> example.dyndns.org => 192.168.1.3
> 
> So i could use example.dyndns.org in- and outside of my LAN which is
> important for the CMS on 192.168.1.3
> 
> Unfortenatly i can't do the same for the Mailserver because in my LAN it
> will get redirected to the wrong server, for WAN use everything is fine.
> This is want i want to change.
> 
> Bye for now!
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>