[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Sun, Apr 04, 2004 at 05:59:08PM -0500, Stephen D. Reindl wrote:
> I have a webserver at private and 206.XXX.XXX.XX6 public.
> 206.XXX.XXX.XX1. How can I make the domain resolve correctly from inside
> the LAN?

Better yet, to elaborate...

We have a machine sitting on our network doing NAT between and  The interface that ppp0 (read:
the PPPoE interface -- not necessarily straight-up PPP) shows in
ifconfig is

Now, there are a couple of machines on the network that have
one-to-one NAT going on for a couple of the external addresses, and
those are added to ppp0 by means of `ip addr add dev
ppp0` where 1<x<7, since .81 is taken by the gateway, and .87 is the
broadcast.  This bit is handled automatically by Shorewall in

	#EXTERNAL       INTERFACE       INTERNAL        ALL     LOCAL  ppp0       no      no  ppp0     no      no

Then, when everything is set up properly, a host in can
hit any of the hosts in and reach the gateway, which
isn't expected; however, any box not on any of our networks (read: on
the Internet) can hit an address in the latter subnet and reach
everything just fine.

As far as software goes, the gateway is running stock Fedora Core 1
with Shorewall 1.4.8 as provided by the fedora.us repository, and the
link to the Internet is established over PPPoE with the rp-pppoe that
ships with FC1.  This means that proxy ARP will NOT work here.  Also,
if anyone wants me to spill the contents of my /etc/shorewall, I'll go
ahead and upload a tarball somewhere on request.

Ideally, I'd like to be able to assign an external address right to
the interfaces of the machines that need them, but I'll settle with
NAT if I can get around this issue.

Nathaniel Reindl

"Du weisst doch, dass du es lesen willst, und mach was du musst, weil
es das einzige Ding wird, das du machen wirst."

To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.