[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
On Sun, Apr 04, 2004 at 05:59:08PM -0500, Stephen D. Reindl wrote:
> I have a webserver at 172.16.64.169 private and 206.XXX.XXX.XX6 public.
> 206.XXX.XXX.XX1. How can I make the domain resolve correctly from inside
> the LAN?
Better yet, to elaborate...
We have a machine sitting on our network doing NAT between
22.214.171.124/29 and 172.16.64.0/24. The interface that ppp0 (read:
the PPPoE interface -- not necessarily straight-up PPP) shows in
ifconfig is 126.96.36.199.
Now, there are a couple of machines on the network that have
one-to-one NAT going on for a couple of the external addresses, and
those are added to ppp0 by means of `ip addr add 188.8.131.52x dev
ppp0` where 1<x<7, since .81 is taken by the gateway, and .87 is the
broadcast. This bit is handled automatically by Shorewall in
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
184.108.40.206 ppp0 172.16.64.6 no no
220.127.116.11 ppp0 172.16.64.169 no no
Then, when everything is set up properly, a host in 172.16.64.0/24 can
hit any of the hosts in 18.104.22.168/29 and reach the gateway, which
isn't expected; however, any box not on any of our networks (read: on
the Internet) can hit an address in the latter subnet and reach
everything just fine.
As far as software goes, the gateway is running stock Fedora Core 1
with Shorewall 1.4.8 as provided by the fedora.us repository, and the
link to the Internet is established over PPPoE with the rp-pppoe that
ships with FC1. This means that proxy ARP will NOT work here. Also,
if anyone wants me to spill the contents of my /etc/shorewall, I'll go
ahead and upload a tarball somewhere on request.
Ideally, I'd like to be able to assign an external address right to
the interfaces of the machines that need them, but I'll settle with
NAT if I can get around this issue.
"Du weisst doch, dass du es lesen willst, und mach was du musst, weil
es das einzige Ding wird, das du machen wirst."
To unsubscribe, send email to email@example.com with
"unsubscribe silug-discuss" in the body.
- From: "Stephen D. Reindl" <firstname.lastname@example.org>