question squid + firewall + http server inside firewall
Brian Kelsay
bkelsay at comcast.net
Fri Jun 6 00:42:50 CDT 2003
I think you have to have the internal users hit the webserver with an
internal address, meaning you need to run a minimal DNS on your network.
You have one don't you. I think you could also do this with an alias.
Seems like this came up recently.
I have to hit my webserver with the internal address to get to it when
inside the firewall, I can get to it by name because of the firewall running
dns and routing it back.
----- Original Message -----
From: "Hanasaki JiJi" <hanasaki at hanaden.com>
To: "List - KCLUG" <kclug at kclug.org>
Sent: Thursday, June 05, 2003 12:45 AM
Subject: question squid + firewall + http server inside firewall
> I have the below rules in my firewall. the http server is inside the
> firewall on 192.168.1.2:80
> people can hit it fine from the outside
> squid is running on the firewall
> inside can browser ouside via squid just fine
> inside cannot browse the outside address
>
> Any thought/input would be appreciated.
>
> # http server
> $PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp > -s 0/0 --dport http > -j
DNAT --to-destination 192.168.1.2:80
> $PROG -t mangle -A FORWARD -i $NIC_EXTERNAL -s 0/0 > -o $NIC_INTERNAL -d 192.168.1.2 -p
tcp --dport http > -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>
More information about the Kclug
mailing list