A while back I ran into the old problem. Machines X and Y have
unrouteable IPs and all traffic is NAT'd through the firewall. Then
one day, Machine X does a lookup for mysite.com and can't get to it
because it resolves to the external IP and the firewall won't route
things that way.
The solution I found was to create a local DNS server which resolves
things to the local IPs and I did just that: created a split-dns system
so that external queries returned external results and internal queries
returned internal ones.
But today I ran into an ugly problem. We have a authenticated proxy
behind our firewall in our remote NOC which works just fine to visit
other sites, but of course, not our own as the remote client does a DNS
lookup locally and gets the public IP, then asks the proxy to grab
it... see the above problem. Here's a diagram for what's going on:
Office LAN -> Office FW --INTERNET-> NOC FW -> NOC Proxy
-> NOC Webserver
So what do you do in this situation? Is there an iptables rule I can
impliment to route the traffic accordingly or am I S.O.L.?
--
Never let sentiment get in the way of your work
- Garek, Star Trek Deep Space Nine
--
gentoo-user@gentoo.org mailing list
