[ previous ] [ next ] [ threads ]
 
 From:  Rick Spence <rjspence at tampabay dot rr dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How do you do this?
 Date:  Fri, 14 May 2004 23:13:42 -0400
On Friday 14 May 2004 10:48 pm, David Kitchens wrote:
> "Register DHCP lease" only resolves the hostname of the box, ie:
> http//webserver if you check it and only if the webserver gets it's ip from
> dhcp. Good for dns resolution by machine name but not too helpful when
> multiple domains are on the same box.
> If you click the arrow to add a new override, you basically get a page that
> makes the host file like on your machine except that it stays on the
> monowall. In the four places on the override page, Host = www, Domain =
> mydomain.com, IP Address = 192.168.X.1, and a description.
> Without this, your request for mydomain.com needs to go out to an external
> server and then get routed back to where it came from, ie: the monowall.
> This is not allowed as someone could spoof your internal ip from the
> outside and compromise your network.


Makes sense to me. The whole point is to keep your internal network addressing 
from leaking.  Thus my hesitancy to mess to much with the forwarding. As 
mentioned I did have the hostname of the server itself listed in the dns 
forwarding as server.domain.com, but I hadn't added just the tld or www.tld.

With this added, it is working super. I figured it was just doing a hosts file 
on the monobox. Makes sense being there is no internal dns just dnsmasq.

Very well. Getting more educated by the minute. Super firewall/router. I have 
the CD/floppy setup working on a ded machine. Would love to have one of those 
small embeded flash card boxes this is designed for. Real nice.

Thanks for your help. It's appreciated.

Rick Spence



> > -----Original Message-----
> > From: Rick Spence [mailto:rjspence at tampabay dot rr dot com]
> > Sent: Friday, May 14, 2004 10:18 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] How do you do this?
> >
> > On Friday 14 May 2004 10:01 pm, David Kitchens wrote:
> > > Actually, I never noticed that you could create an
> >
> > override, duh, but
> >
> > > it should work just as well.
> > >
> > > Dave
> >
> > That is what I was wondering, but I don't understand the override.
> > Maybe someone could explain how this works. At the moment I
> > did what you mentioned with the hosts file on internal
> > machines. This seems to work alright.  I wouldn't mind
> > figuring out the override function though.
> > From what I gathered, the overrides only allowed to view by IP?
> >
> > Thanks
> > Rjspence
> >
> > > > -----Original Message-----
> > > > From: Christian Nyegaard [mailto:christian at nyegaard dot net]
> > > > Sent: Friday, May 14, 2004 9:54 PM
> > > > To: m0n0wall at lists dot m0n0 dot ch
> > > > Subject: RE: [m0n0wall] How do you do this?
> > > >
> > > > How about using the DNS forwarder and adding an override?
> > > >
> > > > ->Services
> > > > 	-> DNS Forwarder
> > > >
> > > > Wouldn't this work fine in this situation ?
> > > >
> > > > Mvh.,
> > > > Christian Nyegaard mailto:christian at nyegaard dot net
> > > >
> > > > > -----Original Message-----
> > > > > From: David Kitchens [mailto:spider at webweaver dot com]
> > > > > Sent: 15. mai 2004 03:15
> > > > > To: rjspence at tampabay dot rr dot com; m0n0wall at lists dot m0n0 dot ch
> > > > > Subject: RE: [m0n0wall] How do you do this?
> > > > >
> > > > > Edit your local machines hosts file and add entries for:
> > > > > mydomain.com 	192.168.X.1
> > > > > Myotherdomain.com	192.168.X.2
> > > > >
> > > > > The only problem with this is that for a large organization
> > > >
> > > > with many
> > > >
> > > > > machines, it needs to be done on every machine. For
> > > >
> > > > developer testing
> > > >
> > > > > on a few machines it is not a bad solution.
> > > > > It could also be done with an internal DNS zone I believe
> > > >
> > > > but a small
> > > >
> > > > > home network is not likely to have an internal DNS server.
> > > > >
> > > > > Dave
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: rjspence [mailto:rjspence at tampabay dot rr dot com]
> > > > > > Sent: Friday, May 14, 2004 8:41 PM
> > > > > > To: m0n0wall at lists dot m0n0 dot ch
> > > > > > Subject: [m0n0wall] How do you do this?
> > > > > >
> > > > > > I've read the monowall docs that state that you cannot
> > > > >
> > > > > access domain
> > > > >
> > > > > > from the internal networks. I've taken the suggestions
> > > > >
> > > > > provided for a
> > > > >
> > > > > > workaround and can access the server via IP.
> > > > > > However, this poses the issue of some of the scripts
> > > >
> > > > needing actual
> > > >
> > > > > > domain names for configuration. As such, I have configured
> > > > >
> > > > > them by IP.
> > > > >
> > > > > > Question is, it's mentioned that there will be no
> > > >
> > > > "bounce" feature.
> > > >
> > > > > > How can it be done in such away that your external
> >
> > domain can be
> >
> > > > > > accessed? leaving it as IP's show the external IP for the
> > > > >
> > > > > site and not
> > > > >
> > > > > > not the Tld. Anyone have a work around for accessing your
> > > >
> > > > pages via
> > > >
> > > > > > domain behind a monowall setup?
> > > > > >
> > > > > > Thank you,
> > > > > > rjspence
> >
> > --------------------------------------------------------------------
> >
> > > > -
> > > >
> > > > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > > > >
> > > > > >
> > > > > > ---
> > > > > > Incoming mail is certified Virus Free.
> > > > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > > > Version: 6.0.684 / Virus Database: 446 - Release
> >
> > Date: 5/13/2004
> >
> >
> > --------------------------------------------------------------------
> >
> > > > -
> > > >
> > > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > --------------------------------------------------------------------
> >
> > > > - To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > >
> > > >
> > > > ---
> > > > Incoming mail is certified Virus Free.
> > > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > > Version: 6.0.684 / Virus Database: 446 - Release Date: 5/13/2004
> >
> > ---------------------------------------------------------------------
> >
> > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> > ---
> > Incoming mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.684 / Virus Database: 446 - Release Date: 5/13/2004
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch