[CentOS] firewall dilemma
Rob
four4 at naims.co.uk
Wed Nov 2 15:58:49 UTC 2005
If you do use an internal DNS you can set up /etc/named.conf as follows
// PUT your ISP's name servers here
forwarders { 1.2.3.4; 1.2.3.5 };
//PUT your own DNS IP here so it will ignore any outside
//requests that may come in
listen-on port 53 { 127.0.0.1; 10.1.1.10; };
Get this working first, then add zones for 10.1.1.x later.
Rob
On Wed, 2005-11-02 at 06:53 -0800, JC wrote:
> Hi everyone,
>
> I have this problem that I'm not sure what's the best solution for it. I
> need your input & help...
>
> I have an internal network behind a hardware firewall. All traffics go
> thru. the firewall. One of the firewall's rules is that it doesn't allow
> internal network accesses internal resources that travels outside then
> come back. In the other words, it drops all packets originate from inside
> the network that travels outside and then come back to access internal
> resources.
>
> For example: I have web server (used internal ip 10.1.1.10) behind the
> firewall, internal network can access this web server with
> http://10.1.1.10, but they can't access http://www.mydomain.com. Assume
> that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and dns record
> www.mydomain.com points to xxx.xxx.xxx.xxx
>
> What I want is to allow users inside the network be able to access
> http://www.mydomain.com instead of http://10.1.1.10
>
> Here is my question:
> should I change the rule of the firewall? If so, is there a security
> risk?
>
> Is there any other solution for this?
>
> By the way, I don't have an internal DNS, I use my ISP DNS service.
>
> Thank you so much for your help,
> JC
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list