On Mon, Feb 16, 2004 at 02:06:00PM +1000, Hilton Travis wrote:
> Hi Dave,
> On Mon, 2004-02-16 at 12:11, dave wrote:
> > Now my question:
> > We all know about the DNS overrides that need to be in place in order
> > for LAN hosts to be able to access DMZ hosts by hostname. On OpenBSD, I
> > overcame this problem with RDR NAT rules which said basically:
> > rdr xl0 <public ip address> port 80 -> 192.168.95.5 port 80 tcp
> > Where xl0 is my LAN interface and the public ip address is whatever
> > dmz.host.com resolves to. This worked beautifully.
> > How would I go about adding a similar rule using exec.php?? Is it
> > possible?
> Using the features available in the webGUI, go to the "DNS Forwarder"
> page, and down the bottom you'll see the "overrides" section.
> Add an entry such as:
> Host Domain IP Description
> Virgil example.com 10.0.0.5 Virgil (in the DMZ)
Yes, I know about the DNS overrides, that's how I started my post. :-)
> > Also, is there a chance we might someday see a checkmark in the webgui
> > along the lines of "Add Server/1:1 NAT RDR rules from LAN" to accomplish
> > the same thing?
> The functionality you need - DNS overrides for DMZ machines - is already
> in the webGUI.
No, this is not the same thing. The DNS forwarder override causes m0n0wall to return a DMZ address
the requested hostname. Once set up correctly, if I type www.rodrig.com, it will be *resolved* to a
address. What I'm talking about is a bit different. I want name resolution to happen normally,
resolves to 188.8.131.52 (an external address), and packets are sent to that address. Once those
hit m0n0wall, they'd then be *redirected* (ipnat) to 192.168.95.5. If this happens, the DNS
overrides are unnecessary.
I much prefer this solution because I host 4 domains on the server in my dmz, and within each domain
have several subdomains (i.e. pics.rodrig.com, dave.rodrig.com, etc.). Using the overrides means I
to enter each of these manually, but with only the one RDR rule all of these are taken care of,
they all resolve to the same address.
I realize this would be of limited use to most people, since the overrides already address this as
would apply in most situations. This isn't a feature request, the webgui comment was an
I can take care of this by adding a RDR rule using exec.php, that'd be great.