How to handle private IP space?

Yan Seiner yan at cardinalengineering.com
Tue Nov 16 21:44:10 UTC 1999


I have a possibly dumb question:

We have a fixed IP for our internet gateway, but use the 192 block for
internal addresses.  We use a Linux firewall currently with ipfwadm
(soon to be ipchains) to masquerade the traffic in and out.  We run a
caching only name server (bind 8) that forwards all requests to the ISP;
zone transfers and DNS requests coming in are blocked at the firewall. 
DNS lookup service is provided by our ISP's DNS servers.  For obvious
reasons, I don't want the private IPs leaking out and I block them at
the firewall.

I need to do the following:

If a user inside the firewall sends email to
joe at cardinalengineering.com, that should resolve to our email server
(192.168.0.2), so that our internal email is not bouncing off our web
site email server.

If the same user requests our web site (www.cardinalengineering.com)
that should resolve to our web hosting service, which is outside the
firewall.

Can this be done?  If so, how?  I know this involves setting up more
than a caching only name server.  I need to know how to split up the
lookup:

cardinalengineering.com resolves to 192.168.0.2
www.cardinalengineering.com resolves to 208.224.174.10

A user on the outside of our firewall will get the web and mail address
from our provider's name servers, so that's not an issue.

Thanks for any and all help.

--Yan

-- 

           __      __
          | /      /
           /------/
       -- / \    / \ --
     /   /\  \  /  /\   \
    |   /  |  \/--|--    |
     \    /        \    /
       ~~            ~~

"The older I get, the faster I was."


More information about the bind-users mailing list