Re: [Shorewall-users] redirecting internal traffic

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Diego Rivera wrote:
> Also, you might want to look into Bind 9 and DNS Zones - that's how I
> solved my problem.  The external users see one IP address for a
> particular domain name - the public one -, and the internal users see
> another IP (private) for the same server.  Thus, they learn to call
> things "by their right name", and leave it to us geeky engineer IT über
> god guys to do the magic.
> 

I believe that the OP mentioned that in this particular instance, the
application registers it's *IP Address* with an external server. If so,
a DNS solution isn't appropriate in this case.

In any efent, I would still prefer to see the application server placed
on a separate LAN (dmz) so that:

a) It is isolated from the local hosts in the event that it is hacked; and

b) When local clients connect to the application, the SOURCE IP will be
the host's address as opposed to that of the firewall.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________