[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [suse-security] Problems with SuSEFirewall
One solution is to have split DNS. The inside DNS points www to the inside address (i.e. 192.168.x.x) while the outside (public) DNS points to the public IP address.
From: Andrés Tarallo [mailto:atarallo@xxxxxxx]
Sent: Thursday, October 09, 2003 10:55 AM
Subject: [suse-security] Problems with SuSEFirewall
I have a problem with a firewall I've configured with
SuSEFirewall2 and SuSE Linux 8.2.
My firewall has a public IP address, and a private IP for a LAN. In the
LAN I have a WWW server and a email server. People who want to check
their mail from the Internet just connect to the public IP in the
firewall and I have set there rules to redirect the trafic to the
mail server and WWW server in the LAN. This works fine, also the people
in the lan browse the internet via a transparent proxy.
My problem starts because the people on the private LAN want's to access
the WWW server from the lan, in the same manner they do from the
Internet. When they point their browser to http://www.company.com they
get a error message from squid that says that the conection was refused.
If i ping the WWW server from the LAN by it's name i get no answer.
This problems is driving me mad, I don't know what to do. Thanks in
advance for your advice.
This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended
to be for the use of the individual or entity named above. If you are not the
intended recipient, please be aware that any disclosure, copying, distribution
or use of the contents of this information is prohibited. Please notify the
sender of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here