Redirection to an internal private address
Simon at wretched.demon.co.uk
Sun Oct 14 21:47:04 UTC 2001
Pedro Fonseca wrote:
> I really can't see a way to deal with this through DNS. Is it something I'm
> missing from my zone file configuration? I heard about IP masquereding and
> stuff like that; is that what I'm missing?
The DNS should usually advertise the IP address of the gateway
machine (i.e. one routable from the entire Internet).
Port 80 on this machine could be forwarded to port 80 on the web
server. This is the "IP-Masquerading" method. The method varies
between Linux 2.2 and 2.4 kernels I believe, although I haven't
done it recently. Search for "linux port forwarding" you'll get
a lot of hits.
A slightly more complex, but in my opinion potentially better
solution is to run a web proxy server on the gateway machine.
Thus if the gateway can already correctly get
"http://www.myinternalwebserver.net", and you setup a proxy
server on the gateway, it can get that URL for other people who
are led by the external DNS view to the proxy.
The advantage of a proxy over port forwarding is that a proxy
would allow access to multiple web servers internally, port
forwarding allows only one. A proxy might off load the serving
of static content if it has a cache. A proxy could also
implement URL filtering to block some nasty attacks.
The ideas can be combined, port forward to Internal Apache
server, using Apache as a proxy to add extra servers, if you
don't like the idea of running a proxy on the firewall
Anyway a long way from DNS.
More information about the bind-users