[CentOS] firewall dilemma

Rob four4 at naims.co.uk
Wed Nov 2 15:58:49 UTC 2005


If you do use an internal DNS you can set up /etc/named.conf as follows

	// PUT your ISP's name servers here
	forwarders { 1.2.3.4; 1.2.3.5 };

	//PUT your own DNS IP here so it will ignore any outside
	//requests that may come in
        listen-on port 53 { 127.0.0.1; 10.1.1.10; };

Get this working first, then add zones for 10.1.1.x later.

Rob

On Wed, 2005-11-02 at 06:53 -0800, JC wrote:
> Hi everyone,
> 
> I have this problem that I'm not sure what's the best solution for it.  I 
> need your input & help...
> 
> I have an internal network behind a hardware firewall.  All traffics go 
> thru. the firewall.  One of the firewall's rules is that it doesn't allow 
> internal network accesses internal resources that travels outside then 
> come back.  In the other words, it drops all packets originate from inside 
> the network that travels outside and then come back to access internal 
> resources.
> 
> For example: I have web server (used internal ip 10.1.1.10) behind the 
> firewall, internal network can access this web server with 
> http://10.1.1.10, but they can't access http://www.mydomain.com.  Assume 
> that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record 
> www.mydomain.com points to xxx.xxx.xxx.xxx
> 
> What I want is to allow users inside the network be able to access 
> http://www.mydomain.com instead of http://10.1.1.10
> 
> Here is my question:
> should I change the rule of the firewall?  If so, is there a security 
> risk?
> 
> Is there any other solution for this?
> 
> By the way, I don't have an internal DNS, I use my ISP DNS service.
> 
> Thank you so much for your help,
> JC
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 




More information about the CentOS mailing list