Quoting JC <hiep at ee.ucr.edu>: > For example: I have web server (used internal ip 10.1.1.10) behind > the firewall, internal network can access this web server with > http://10.1.1.10, but they can't access http://www.mydomain.com. > Assume that I have static IP (xxx.xxx.xxx.xxx) maps to 10.1.1.10 and > dns record www.mydomain.com points to xxx.xxx.xxx.xxx > > What I want is to allow users inside the network be able to access > http://www.mydomain.com instead of http://10.1.1.10 > > Here is my question: > should I change the rule of the firewall? If so, is there a security risk? > > Is there any other solution for this? > > By the way, I don't have an internal DNS, I use my ISP DNS service. Couple of ways to do it. Configure your firewall to allow access from internal network to your external addresses. This would be the obvious solution. If you have full controll of external DNS (and you can trust it), you can setup different views for mydomain.com. For external queries, it would return external IP addresses. For queries originating from internal network, it would return internal IP addresses. The other way to do it is to setup internal DNS, don't use ISP's DNS. Configure internal DNS as if it was authoritative for mydomain.com, and copy the configuration from the external DNS and change external IP addresses to internal IP addresses. External queries would hit external DNS server which returns external addresses. Internal queries would hit internal DNS server which returns internal IP addresses for your domain. This also has added bonus that you would save a bit of bandwith since your internal DNS server would also automatically cache lookups for external domains too (so if two users query A records for www.google.ca, only the first one is checked outside, while the second is returned from cache). ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.