[CentOS] firewall dilemma

JC hiep at ee.ucr.edu
Wed Nov 2 14:53:54 UTC 2005


Hi everyone,

I have this problem that I'm not sure what's the best solution for it.  I 
need your input & help...

I have an internal network behind a hardware firewall.  All traffics go 
thru. the firewall.  One of the firewall's rules is that it doesn't allow 
internal network accesses internal resources that travels outside then 
come back.  In the other words, it drops all packets originate from inside 
the network that travels outside and then come back to access internal 
resources.

For example: I have web server (used internal ip 10.1.1.10) behind the 
firewall, internal network can access this web server with 
http://10.1.1.10, but they can't access http://www.mydomain.com.  Assume 
that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record 
www.mydomain.com points to xxx.xxx.xxx.xxx

What I want is to allow users inside the network be able to access 
http://www.mydomain.com instead of http://10.1.1.10

Here is my question:
should I change the rule of the firewall?  If so, is there a security 
risk?

Is there any other solution for this?

By the way, I don't have an internal DNS, I use my ISP DNS service.

Thank you so much for your help,
JC



More information about the CentOS mailing list