question squid + firewall + http server inside firewall
Hanasaki JiJi
hanasaki at hanaden.com
Fri Jun 6 02:25:58 CDT 2003
That works fine for connectivity; however, it is not feasible. The
webserver does virtual domains based off the URL. I need to hit the
same pages as the external world does. Using an alias or internal
address makes this impossible :(
Brian Kelsay wrote:
> I think you have to have the internal users hit the webserver with an
> internal address, meaning you need to run a minimal DNS on your network.
> You have one don't you. I think you could also do this with an alias.
> Seems like this came up recently.
> I have to hit my webserver with the internal address to get to it when
> inside the firewall, I can get to it by name because of the firewall running
> dns and routing it back.
>
>
> ----- Original Message -----
> From: "Hanasaki JiJi" <hanasaki at hanaden.com>
> To: "List - KCLUG" <kclug at kclug.org>
> Sent: Thursday, June 05, 2003 12:45 AM
> Subject: question squid + firewall + http server inside firewall
>
>
>
>>I have the below rules in my firewall. the http server is inside the
>>firewall on 192.168.1.2:80
>>people can hit it fine from the outside
>>squid is running on the firewall
>>inside can browser ouside via squid just fine
>>inside cannot browse the outside address
>>
>>Any thought/input would be appreciated.
>>
>># http server
>>$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp >> -s 0/0 --dport http >> -j
DNAT --to-destination 192.168.1.2:80
>>$PROG -t mangle -A FORWARD -i $NIC_EXTERNAL -s 0/0 >> -o $NIC_INTERNAL -d 192.168.1.2 -p
tcp --dport http >> -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>
>
>
>
--
= Management is doing things right; leadership is doing the =
= right things. - Peter Drucker =
=_______________________________________________________________=
= http://www.sun.com/service/sunps/jdc/javacenter.pdf =
= www.sun.com | www.javasoft.com | http://www.sun.com/sunone =
More information about the Kclug
mailing list