This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why cant I route public domains back to intranet

Hi,

there is one issue I dont understand and I am asking myself wether I have a inoptimal configured firewall or the matter is simply not possible.

I am sitting in a LAN having on of the computers in the same network configured as webserver, reachable with a public domain.
If I surf this adress from the outside there is no problem - I can reach the webserver under ***.yyy.de.
If I am trying to reach the computer from the intranet using the public domain I cant reach it. If I use the LAN-adress it works fine.

So my question is, wether it is possible at all to route a request to a public domain outside and let it come back to my server?

Thanks,
Mat

This thread was automatically locked due to age.

0 BAlfson over 16 years ago

The "accepted" solution for this would be to set up a static route in your internal name server or in the Astaro DNS Proxy: '***.yyy.de -> [internal IP]'. Here are some suggestions about how best to set up the Astaro DNS Proxy and coordinate it with your internal name server: https://community.sophos.com/products/unified-threat-management/astaroorg/f/58/p/53408/193983#193983

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 -renegade- over 15 years ago

Hi!

I have the very same problem with my system. But there are three different machines in the LAN that should be reachable through the public domain name, with DNAT on their individual ports.

How can I tell Astaro to correctly redirect these packets?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 15 years ago

I think you're asking a different question, renegade. Assuming that the Astaro is the default gateway for those three machines, you will need a DNAT for each machine:
'Internet -> {service (port) for machine 1} -> External (Address) : DNAT to {private IP of machine 1} (leave 'Destination Service' empty)

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 -renegade- over 15 years ago in reply to BAlfson

DNAT is already set up and working from the internet.

The only problem I have is that clients from within the LAN trying to access the servers through the DNATted ports using the Astaro's DynDNS-Name won't get any respnse...

[:(]
Cancel
Vote Up 0 Vote Down

Cancel
0 -renegade- over 15 years ago in reply to -renegade-

Hey guys!

Finally got the point!
Its NAT loopback what was needed.

Therefor a full NAT has to be configured in DNAT/SNAT settings..

More information here:

Astaro Knowledge Base
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 15 years ago

Actually, instead of NAT Loopback, we normally solve this with 'Static Entries' in the Astaro DNS Proxy.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 -renegade- over 15 years ago in reply to BAlfson

Yes, static DNS entries work fine if you're only using one single server.

But trouble starts when, you want to select different servers through port-mapping. DNS can't reslove ports into IP-addresses...
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 15 years ago

Ahhhhh! - you aren't using the web proxy! You are exactly right!

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel