From: Tom E. <te...@sh...> - 2009-08-30 16:08:06
|
Diego Rivera wrote: > Also, you might want to look into Bind 9 and DNS Zones - that's how I > solved my problem. The external users see one IP address for a > particular domain name - the public one -, and the internal users see > another IP (private) for the same server. Thus, they learn to call > things "by their right name", and leave it to us geeky engineer IT über > god guys to do the magic. > I believe that the OP mentioned that in this particular instance, the application registers it's *IP Address* with an external server. If so, a DNS solution isn't appropriate in this case. In any efent, I would still prefer to see the application server placed on a separate LAN (dmz) so that: a) It is isolated from the local hosts in the event that it is hacked; and b) When local clients connect to the application, the SOURCE IP will be the host's address as opposed to that of the firewall. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ |