[PLUG] servicing a domain from behind a firewall

Josh Orchard josh at emediatedesigns.com
Wed Jul 31 00:12:33 UTC 2002 

So, if I understand you correctly all I have to do is setup DNS on my
external ip as a secondary to the internal IP as the primary and then
register the external as the primary for that domain.
Ok. I understand that part but if I ssh to a domain1.com would it still
get all the way back to the client in anywhere land?  How would the
connection hold after getting the IP which would be the same for both
domains yet the files would only exisit on one machine.  That is where I
think it all falls apart.  As pointed out by another there is no standard
that says you have to hold and send the domain name with each request and
after having the IP all traffic can travel on the number.
Correct me if I'm wrong but I do think a second IP might be the only true
solution.
Josh


> On Tue, 30 Jul 2002, Josh Orchard wrote:
>
>> ok.  I think I'm still a bit confused here.  Are you suggesting that I
>> could use a primary and secondary DNS with one IP for two domains and
>> have all traffic somehow moved to the internal 10.0.0.13 box?  It
>> seems like
>
> Actually I was suggesting that the external box could handle the DNS
> traffic for both domains, but the configuration for one of them could
> be maintained on the internal box.
>
>> that I will still need a secondary IP for the other domain and if I do
>> that I should just use iptables to forward all traffic on that IP to
>> the second box.  Am I wrong?
>> Josh
> [snip]
>
> No, you can only have one instance of a domain name server running on
> the standard port, and you can't use iptables to selectively forward
> requests depending on which domain it is for (well theoretically you
> probably could by analyzing the packet content, but it definitely
> wouldn't be worth the effort to configure).  What you would be doing is
> running a single instance of your name server on the external box,
> which would be
> configured to handle DNS services for multiple domains, getting DNS
> information for one domain from it's local config files, and the DNS
> information for the other domain from your internal server.  It would
> then serve as the primary DNS server on the internet for both domains.
>
> The key here is that while you must have two IP addresses to provide
> separate DNS server programs for two domains, you can run one instance
> of a DNS server (which only requires one IP address) that handles
> services for an arbitrary number of domains.
>
> Shannon C. Dealy      |               DeaTech Research Inc.
> dealy at deatech.com     |          - Custom Software Development -
>                      |    Embedded Systems, Real-time, Device Drivers
> Phone: (800) 467-5820 | Networking, Scientific & Engineering
> Applications
>   or: (541) 451-5177 |                  www.deatech.com
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

More information about the PLUG mailing list