[ previous ] [ next ] [ threads ]
 From:  Tobias Balle-Petersen <tbp at kontrapunkt dot com>
 To:  Quark IT - Hilton Travis <Hilton at QuarkIT dot com dot au>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] How to use different DNS-servers for LAN & PPTP?
 Date:  Tue, 17 Mar 2009 11:10:39 +0100
Hello Hilton....

I may not have described my problem well enough. I'll try a different
appoach here:

I have a mail server in my DMZ. It's NATted and has a private IP. The
mail server can be reached from the internet. The URL of the server is 
resolved to the public IP of the monowall.

As the server has a private IP (in the DMZ network), my machines in LAN
can not connect to the mailserver using the public IP of the monowall.

To allow machines on LAN to connect to the mail server, I enter the URL 
in the dns server on the monowall and let it resolve to the private IP 
(DMZ net) of the mail server.

This is good, and LAN as well as WAN users are happy.

Now, I have VPN users connecting using PPTP. Let's say a user is 
connected to our mail server before connecting to the VPN. When the user 
  connects to the VPN, the client starts using the DNS server on the 
monowall. This means that the URL of the mail server now resovles to the 
private (DMZ) IP of the mail server. This confuses the users mail client 
a lot. They have to restart their mail client to again be able to 
connect to the mail server. Same thing happens when they disconnect 
(They stop using the monowall DNS server).

What can I do to let my users use the mail server without hiccups even 
when using VPN? Do I really need to assign a public IP to my mail server?


Quark IT - Hilton Travis wrote:
 > G'day Tobias,
 > A DNS Server *will not* change the IP of the machine, however if these
 > PCs in the DMZ are configured to obtain their IPs via DHCP instead of
 > being assigned Static IPs, then you need to either a) fix the DHCP
 > Server configuration you have or b) assign them Static IPs.
 > --
 > http://hiltont.blogspot.com/
 > Regards,
 > Hilton Travis                       Phone: +61 (0)7 3105 9101
 > (Brisbane, Australia)               Phone: +61 (0)419 792 394
 > Manager, Quark IT                   http://www.quarkit.com.au
 >          Quark Group                http://www.quarkgroup.com.au
 >      Microsoft SBSC PAL (Australia) http://www.sbscpal.com/
 > War doesn't determine who is right.  War determines who is left.
 > This document and any attachments are for the intended recipient
 >   only.  It may contain confidential, privileged or copyright
 >      material which must not be disclosed or distributed.
 >                     Quark Group Pty. Ltd.
 >       T/A Quark Automation, Quark AudioVisual, Quark IT
 >> -----Original Message-----
 >> From: Tobias Balle-Petersen
 >> Sent: Thursday, 5 March 2009 8:29 PM
 >> Hello list.
 >> I have machines in my DMZ that are available from the internet (IMAPS
 >> etc.). To make the machines available to machines on the LAN, I have
 >> had
 >> to override the IPs of the public machines using the DNS server on
 >> mono.
 >> This work s fine for machines on the LAN.
 >> When machines connect to the PPTP VPN from the Internet, they are
 >> assigned the DNS server on mono. This changes the IPs of the
 > publically
 >>   available machines. This makes the VPN users loose the connection to
 >> services.
 >> So what I want to do is:
 >> Make the machines on the VPN PPTP use a DNS server that does not
 > change
 >> the IPs of the public machines.
 >> My clients are on OS X 10.5. I can specify a DNS-server for the
 >> VPN-connection, but it ends up having lower priority than the
 >> DNS-servers assigned by mono.
 >> Thanks,
 >> Tobias
 > ---------------------------------------------------------------------
 > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch