You want to set up views and IP-based ACLs. There's lots of documentation online about configuring views. Basically, they work exactly how you want: - clients with IPs in 192.168.2.x subnet get 192.168.2.x replies - all other clients get public IP replies
On Wed, Jan 2, 2013 at 2:33 PM, Aryeh Friedman <[email protected]>wrote: > I have a local machine (say "foo.example.com") that is behind a very > dumb firewall (it will not honor dmz/port forwarding if the connection > originates from inside the firewall [192.168.2.X]).... specifically if > I connect to the public IP from *OUTSIDE* of the lan it works but not > from inside... I have a number of web services that depend on a > specific DNS being set (specifically www/tomcat7 and the alike)... > i.e. if I am at home I need to use "localhost" (changing it in > /etc/hosts has no effect) if I am away I need to use > "ack.example.com")... what I want to do is make it so I can use > "ack.example.com" for all references... this means I need to make it > so local requests to ack.example.com answer 192.168.2.2 and remote > ones answer the public IP.. how do I configure named to do this (I > have full control of all the nameservers in question) > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[email protected]" > -- Freddie Cash [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[email protected]"
