This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

internal MASQed to external ip back to internal via DNAT

Hey All:

Here's my scoop.
I have a firewall with two interfaces:
eth0: 192.168.1.1
eth1: 254.243.253.114. 192.168.1.2:80, so people from the outside can type in http://staging.mydomain.com and pull up our internal webserver.

My problem is this: My internal client box, for example at 192.168.1.100, needs to get to the webserver too, by typing the url: http://staging.mydomain.com. When an internal box tries to view the website via the 254.243.253.114:80 address, the page hangs. The squid does not seem to work either. I know it can be done with a user-land tcp-proxy that doesn't do transparent forwarding, but I'd like to not have to do some klutzing around on the astaro box's commandline and keep things "off the shelf", if you will. I also don't want to have to set up some funky dns records that point to our internal webserver at 192.168.1.2. Is there a way to do this with SNAT and DNAT?

This thread was automatically locked due to age.

0 Kenn over 23 years ago

This is a known problem, not only of ASL but of most firewalls. Common solution is to run an internal only DNS with records used by internal clients only for internal resources.

Theoreticaly, you might be able to override tho with a host file entry for squid to use... haven't tried it tho.
Cancel
Vote Up 0 Vote Down

Cancel